International Conference on Cybersecurity and Cybercrime

Celebrating 100 Years of Modern Quality

Ioan C. BACIVAROV — Fri, 22 Nov 2024 00:00:00 +0200

Quality, an omnipresent characteristic, with a profound impact on the entire economic and social life, recently celebrated this year a century since it was founded as a science. In the first part of the paper, the author analyzes how quality was founded as a science and analyzes the contributions of Walter Shewhart, considered as the "father of modern quality", as well as other quality gurus in this direction. The author concludes that quality is a dynamic concept, which constantly evolved in the 100 years of its existence. The evolution of quality in this first century of existence is analyzed and the prospects for the development of this important field are highlighted. Some of the Romanian Association for Information Security Assurance (RAISA)'s contributions to the implementation of cybersecurity (an important component of quality) culture are highlighted. Finally, some workshops organized under the auspices of RAISA in May 2024 in order to celebrate a century of modern quality are briefly analyzed.

The Effect of the KiberPajzs Initiative on Fraud Detected in Electronic Payments in Hungary

Gabriella BIRÓ — Fri, 22 Nov 2024 00:00:00 +0200

The paper examines what effect the KiberPajzs initiative has on fraud detected in electronic payments in Hungary for the 2023-2024 period. First the current electronic payment fraud landscape of Hungary is described through cybercrime tendencies, the impact of digitalization on banking, and the regulatory background of electronic payments. Then the KiberPajzs initiative is introduced together with its related communicational, regulatory and law enforcement projects. Finally, the recent quarterly payment fraud data published by the Central Bank of Hungary is examined and the effects of KiberPajzs are evaluated. The author argues that decrease in the number and value of fraudulent electronic transactions and the increase in identified failed fraud attempts coincide with the activities of the KiberPajzs initiative.

A National Security Perspective on Strengthening E.U. Civilian-Defence Cybersecurity Synergy: A Systemic Approach

Niculae IANCU — Fri, 22 Nov 2024 00:00:00 +0200

The integration of civilian and defence sectors within the European Union's cybersecurity framework has become a strategic priority, driven by the increasingly complex nature of digital threats to both national and collective security. This paper examines the need for a systematic approach to enhance civilian-defence cybersecurity synergy, emphasising the importance of coordinated efforts to address a range of challenges, including ransomware, state-sponsored attacks, and hybrid warfare. The study highlights the strategic importance of this integration for national and E.U.-wide interests, identifying key obstacles such as fragmented policy frameworks, operational cultural differences, and resource allocation disparities. To bridge these gaps, the paper proposes strategic solutions, including regulatory harmonisation, joint training programmes, and investment in dual-use technologies. The research underscores the critical role of a unified policy approach in facilitating efficient resource allocation, streamlined communication, and faster incident response. Additionally, it explores the potential of emerging technologies, such as AI and quantum computing, to strengthen cybersecurity capabilities across sectors. Ultimately, the integration of civilian and defence efforts within the E.U.'s cybersecurity ecosystem is essential for building a resilient, cohesive, and adaptive framework, ensuring the protection of digital infrastructure, enhancing national security, and reinforcing the E.U.'s global leadership in cybersecurity.

Enhancing Cybersecurity for UAV Systems: Implementing NIS2 Provisions for Safe Drone Deployment in Albania

Vilma TOMCO, Klorenta PASHAJ — Fri, 22 Nov 2024 00:00:00 +0200

Unmanned Aerial Vehicles (UAVs) have become essential tools in both military and civilian applications, from surveillance to infrastructure monitoring. However, their increased use has raised significant cybersecurity concerns, particularly regarding vulnerabilities to cyberattacks such as GPS spoofing, signal jamming, and data link interception. This paper reviews the key cybersecurity challenges facing UAVs and explores mitigation strategies to enhance UAV security, with a focus on potential applications in Albania. Drawing on recent studies, we examine common attack vectors, including man-in-the-middle (MITM) attacks, denial-of-service (DoS) attacks, and unauthorized data interception. These vulnerabilities pose risks not only to the safe operation of UAVs but also to the integrity of the critical infrastructure they monitor. To address these issues, the paper proposes robust encryption protocols, real-time monitoring systems, and the integration of machine learning-based intrusion detection techniques to safeguard UAV communications and operations. Furthermore, this research highlights the importance of aligning UAV security measures with the EU’s NIS2 Directive, offering recommendations on regulatory frameworks tailored to the Albanian context. The findings emphasize the need for a comprehensive approach to UAV cybersecurity, combining technological innovation with stringent regulatory oversight to ensure safe and secure UAV deployment in Albania's rapidly evolving digital landscape.

AR-in-a-Box: A Structured 8-Step Framework for Cybersecurity Awareness

Ioan-Cosmin MIHAI — Fri, 22 Nov 2024 00:00:00 +0200

AR-in-a-Box, developed by the European Union Agency for Cybersecurity (ENISA), offers a comprehensive framework to guide organisations in creating effective cybersecurity awareness programs. Through a structured 8-step process, this toolkit helps organisations set objectives, secure resources, manage human capital, segment audiences, select communication tools, plan timelines, implement programs, and evaluate outcomes. This paper explores each step in detail, incorporating state-of-the-art research and real-world case studies to demonstrate AR-in-a-Box's effectiveness in fostering a cybersecurity-conscious culture. Through targeted communication, interactive elements, and performance metrics, AR-in-a-Box enables organisations to embed cybersecurity awareness and improve resilience against evolving cyber threats.

Security of Digital Files: Audio Tampering Detection

Sebastian-Alexandru ARGHIRESCU — Fri, 22 Nov 2024 00:00:00 +0200

In an age where most of the data we interact with daily is stored digitally, methods of checking its authenticity become more and more essential. This is especially true for sound, as the increasing public availability of AI models makes tampering with audio files easier than ever. In this paper, we will be investigating the current landscape of audio forensics as well as our new hardware-based solution for double encoding detection.

Fake News

Dan-Ion CĂLIN, Alexandru BARCAN, Ciprian CONSTANTIN — Fri, 22 Nov 2024 00:00:00 +0200

The terms "fake news" and "falsehood" have become ubiquitous in contemporary society. They influence or alter the way in which people perceive reality. The challenge of combating fake news lies in its ability to evade detection and capture the attention of a growing number of individuals. It has the potential to alter the way reality is perceived, impact the reputation of institutions and organisations, and even pose a threat to national security by influencing perceptions of values and risks. In today's context, fake news has emerged as a significant vulnerability, with the potential to be exploited as part of hybrid warfare strategies. One proposed method for combating the spread of fake news is the development of critical thinking skills that are specifically designed to identify such information and mitigate its influence on personal beliefs and values.

Operationalizing the Cyber Threat Landscape: Key Considerations and Challenges in Developing a Specific Organizational Program

Costel CIUCHI — Fri, 22 Nov 2024 00:00:00 +0200

The landscape of cyber threats is multifaceted, encompassing a wide array of attack vectors, including distributed denial of service (DDoS) attacks, phishing, man-in-the-middle attacks, password-based intrusions, remote exploitation, privilege escalation, and malware deployment. As the sophistication of cyber threats continues to advance, coupled with the development of increasingly sophisticated evasion techniques, traditional security mechanisms - such as firewalls, intrusion detection systems, antivirus software, and access control lists - are proving less effective in identifying and mitigating these complex threats. This underscores the urgent need for the development and implementation of innovative, more robust solutions to counteract the growing prevalence of cyber-attacks. The objective of this proposal is to examine the ENISA Cybersecurity Threat Landscape Methodology and explore potential advancements that integrate traditional decision-making frameworks with emerging cybersecurity technologies. As concerns over cyber warfare continue to escalate, nations must adopt adaptable cyber frameworks and methodologies capable of preventing cyber crises. Furthermore, these frameworks should foster greater international collaboration and participation in the ongoing global discourse on cybersecurity.

Dynamic QR Codes: A Solution for Secure Mobile Payments

Om Prakash YADAV; Ankit KUMAR, Kalash SHANDILYA, Shubhankar KUMAR — Fri, 22 Nov 2024 00:00:00 +0200

Black and white barcodes have been employed recently to encode additional data inside of a designated area. A barcode is composed of gaps and bars that are ordered according to preset rules. However, as the demand for additional data storage increases, a new technology known as QR codes has been developed. However, security remains a major worry, so this is by no means the end. Mobile payment is necessary for mobile business. An easy-to-use mobile payment solution is needed to allow mobile users to execute transactions using their mobile devices in a reliable and safe manner. The purpose of this study is to give us dynamic QR code refreshes during financial payment. The paper's primary goal is to create and comprehend QR code technology in the context of today's global security environment.

Artificial Intelligence - A Challenge of the 21st Century?

Gabriel-Virgil TAUBER, Sergiu-Adrian VASILE — Fri, 22 Nov 2024 00:00:00 +0200

Artificial Intelligence is an innovation of modern technology, a concept transformed into reality. It is the result of sustained work by talented computer science pioneers who have turned their dreams into reality. As we have shown in this article, Artificial Intelligence brings both opportunities and significant risks, given the access some people have to data and information that can influence our entire existence. Human specificity lies in the desire to overcome one's limits and to make one's everyday life easier. However, in a society in constant transformation, we must be aware that not everything that helps us is necessarily beneficial, and vice versa. The future will be the one that will judge the direction of the technology of modern society and our ability to adapt to new challenges. This revolutionary field represents an opportunity, but also a vulnerability, which prompts us to reflect and analyze: "How long will we use artificial intelligence before it starts using us?"

Cyber Threats and Exploring the Sources of Cyber Threat Intelligence

Adelaida STĂNCIULESCU, Constantin-Alin COPACI, Ioan C. BACIVAROV — Fri, 22 Nov 2024 00:00:00 +0200

Cyber threat intelligence technology becomes a necessity in the context of the exponential evolution of information systems. The methods used by malicious actors are constantly evolving, becoming more and more sophisticated over time, thus making the task of security teams more difficult. This article aims to investigate cyber threats, providing information necessary to understand and detect the mode of operation of the attack, to then decline and disseminate it within the information systems to be protected. Advanced threat intelligence thus supports proactive monitoring of emerging threats by determining trends in the cyber landscape.

Profile of Persons Who Act in the Field of Computer Criminality

Vasile-Cătălin GOLOP, Natalia SĂVULESCU — Fri, 22 Nov 2024 00:00:00 +0200

This article examines the profile of individuals involved in cybercrime activities, focusing on their psychological traits, motivations and technical skills. The study identifies common typologies of cybercriminals, ranging from individual hackers to organized groups, and examines the factors that contribute to choosing this type of illegal activity, such as social influences and opportunities in the online environment. The research hypothesis argues that individuals who commit cybercrime exhibit distinct characteristics that vary according to their goals and resources. The research method used combines case analysis with interviews and comparative studies, highlighting the diversity of profiles and the adaptability of offenders to emerging technologies. The results provide useful insights for implementing preventive measures and streamlining cybercrime investigations.

Enhancing Vulnerability Management with Artificial Intelligence Algorithms

Gabriela TOD-RĂILEANU, Ana-Maria DINCĂ, Sabina-Daniela AXINTE, Ioan C. BACIVAROV — Fri, 22 Nov 2024 00:00:00 +0200

The rising number of vulnerabilities, highlights the growing cybersecurity challenges and the need for robust vulnerability management. This paper examines the role of Artificial Intelligence in enhancing vulnerability detection and management, focusing on scalable and accurate solutions to address large-scale codebase analysis. AI-driven techniques bridge traditional static analysis and advanced detection, uncovering hidden vulnerabilities and improving efficiency. Future research should optimize these tools for diverse languages, Secure Software Development Life Cycle workflows, and predictive threat analysis. These advancements highlight AI's potential to strengthen software security in an increasingly complex threat landscape.

Security of Romanian Electronic Passports: The Protection of Personal Data in the Digital Age

Aurelian-Gabriel BĂDIȚĂ — Fri, 22 Nov 2024 00:00:00 +0200

Highlighting the evolution and importance of electronic passports in Romania, respectively the security risk associated with cyber attacks against the system for issuing these documents, represents a first pillar in the development of strategies to protect national security. Adopting a proactive approach in managing cyber risks in ensuring the security of the electronic passport issuance system, respectively the security of citizens' personal data, is necessary to provide an optimal climate of trust, both for the national/European/international order and security structures, and for the well-being of the citizens who request such documents. It can be seen that attackers or impostors develop various strategies to identify and gain access to data in electronic passports in order to exploit or compromise them. Many of them resort to different methods of accessing the personal data of electronic passport holders in order to falsify them and use them to cross the state border, respectively to alienate them to other potential criminals who want to evade border control. The structures responsible for issuing e-passports implement state-of-the-art high-performance electronic security equipment and systems to counter cyber-attacks, but permanent security methods are required, as attackers resort to modern advanced methods of unauthorized access.

An Analysis on Security and Reliability of Storage Devices

Ana-Maria DINCĂ, Gabriel PETRICĂ — Fri, 22 Nov 2024 00:00:00 +0200

The secure storage of information is an essential objective for companies, especially if that information has a classification level that requires medium or maximum protection. This paper analyzes two components of dependability: ensuring the security of backup data must be complemented with the analysis of the reliability of storage media. For this, S.M.A.R.T. technology provides information about the wear of a storage unit (magnetic, optical or flash memory) and allows the prevention of data loss when the storage equipment is nearing the end of its useful life.

Cybercrime: A New Challenge of Criminality in the Digital Age

Marius-Andrei OROȘANU, Mihăiță ALEXANDRU — Fri, 22 Nov 2024 00:00:00 +0200

Cybercrime, encompassing a broad spectrum of illicit activities executed through digital technologies, poses a critical threat to global security, economics, and individual privacy. Key methods, such as phishing, exploit user vulnerabilities by using deceptive techniques to acquire sensitive personal and financial data. Phishing-related offenses are explicitly addressed within legal frameworks, such as those outlined in the Penal Code, where they are classified under offenses against property and public safety. This underscores the integral role of legal structures in mitigating the growing risks posed by cybercrime, particularly as technological advancements enhance the complexity of such criminal activities. Additionally, the widespread use of fake websites for phishing purposes heightens the dangers of identity theft, financial fraud, and compromised banking systems, with long-lasting implications for victims’ credit scores and financial stability.

Analysis of Cyber Threats at the Level of a Distributed Network

Constantin-Alin COPACI, Adelaida STĂNCIULESCU, Ioan C. BACIVAROV — Fri, 22 Nov 2024 00:00:00 +0200

Ensuring a high level of security of the networks and IT systems that underpin the delivery of an organization's essential services has become a necessity that involves integrated, comprehensive approaches, the adoption of new and permanent cyber security strategies, significant financial investments and rapid organizational adaptations and ambitious. This article aims to provide a comprehensive analysis of the cyber security of a distributed computer network within an organization. In this context, the article promotes the implementation of proactive tools to strengthen cyber security at the institutional level.

The Importance of Combating Fake News and Its Impact in the Digital Age

Gabriel-Virgil TAUBER, Sergiu-Adrian VASILE — Fri, 22 Nov 2024 00:00:00 +0200

In an era of massive digitization and technologization, information represents the quintessence of success on all levels and in all fields. With a major power and influence in achieving success, disinformation, however, gains in the last period of time more followers who, through different methods and means, manage to manipulate and control different social categories in order to achieve the intended goal. There is currently a risk that a piece of information (fake news) will cause harm and damage not only at the individual level but also at the macro level, destabilizing order and national security. As we will show in this article, with the help of artificial intelligence, with the help of each individual, among cooperation at the international level and among an education appropriate to the century in which we live, we can hope to counteract and diminish this phenomenon that it can also have geopolitical consequences and more.

Assessing Web Security in E-Learning Systems

Denisa-Nicoleta MIHALACHE — Fri, 22 Nov 2024 00:00:00 +0200

The exponentially evolution of the internet and the increasing sophistication of cyber threats have made securing web servers and web applications a critical concern in today's digital landscape. This research explores the security vulnerabilities of e-learning platforms, particularly Moodle, and demonstrates practical exploitation methods to highlight the risks. A key focus is the development and deployment of a custom script to create a trojan virus leveraging the Right-to-Left Override (RLO) technique. This malware, disguised as a legitimate e-learning material, infiltrates the platform, lists system files, and injects malicious code into Python files, showcasing a high-impact threat vector.