International Conference on Cybersecurity and Cybercrime

The Fight Against Terrorism in the Digital Era: Policing Perspectives, Legislative References, and Cybercrime Dimensions

Ștefan-Gabriel DASCĂLU, Marius-Andrei OROȘANU — Mon, 24 Nov 2025 00:00:00 +0200

The digital era has transformed both the nature of terrorism and the mechanisms designed to combat it. Contemporary terrorist organizations increasingly exploit cyberspace for recruitment, propaganda, financing, and operational coordination, thus blurring the boundaries between physical and virtual threats. This paper examines the evolving role of law enforcement agencies in addressing these challenges, emphasizing the need for advanced technological tools, interagency cooperation, and continuous adaptation of policing strategies. Furthermore, it analyzes the legislative frameworks that underpin counterterrorism policies within the digital domain, highlighting existing gaps and the growing intersection with cybercrime. By integrating legal, operational, and technological perspectives, the study aims to provide a comprehensive understanding of how digitalization reshapes both terrorism and the institutional responses designed to counter it.

AI-Assisted Anomaly Detection for Cybersecurity in IMS Core Networks: A KPI-Driven Study Based on Real-World Telecom Data

Bianca-Ștefania VĂDUVA — Mon, 24 Nov 2025 00:00:00 +0200

In modern IP Multimedia Subsystem (IMS) core networks, the detection and prevention of cybersecurity threats remain a critical challenge due to the dynamic nature of signaling traffic and the increasing complexity of infrastructure. This paper proposes an AI-assisted anomaly detection approach based on statistical modeling of key performance indicators (KPIs) collected from real-world telecom networks over a one-month period. The analysis targets multiple IMS elements across two major network regions, focusing on Call Setup Success Rate and Total Traffic (Erlang). A contextual z-score model was implemented in MATLAB to monitor these KPIs per hour, enabling the identification of time-based deviations without relying on static thresholds. An alert logic was added to mark days with excessive anomaly rates (>5%) as potentially suspicious. A major traffic spike detected on March 1st is analyzed as a case study, suggesting a possible signaling flood or operational event. The results demonstrate the feasibility of unsupervised anomaly detection in IMS environments, providing early warning signals for cybersecurity-related incidents. This KPI-driven methodology can be extended with advanced AI models for predictive alerting and integration with network management systems.

Software System for Increasing Security in Telecommunications Networks

Ana-Maria NEGREI, Delia-Ioana LEPĂDATU, Gabriel PETRICĂ — Mon, 24 Nov 2025 00:00:00 +0200

The work is based on the design of an automated software tool that provides simulation of traffic events in a telecommunications network and their analysis for the purpose of detecting Wangiri and SMS Bypass frauds. The implemented system allows parameterization of detection and prevention rules for multiple operators, for each type of fraud considered, as well as performing a complex analysis based on them for the purpose of reporting detected fraud cases. The implementation includes technologies such as Spring Boot, Java, Oracle Database, PL/SQL, React and a generative AI model, all integrated into a single architecture. The system is able to suggest measures to minimize the impact of attacks.

Trust Abuse in the Underbelly of Critical Infrastructure Operations

Eduard-Ștefan SANDU — Mon, 24 Nov 2025 00:00:00 +0200

The scientific paper presents a revolutionary cyberattack model that demonstrates how public procurement systems can be weaponized to distribute multi-extortion ransomware in critical infrastructure environments, abusing trust in legally signed documents. The attack scenario unfolds by first developing spyware capable of taking control of the digital device designed for individual use of a legitimate authorized user through which the malicious document will be signed with a qualified electronic signature, a document that will contain a ransomware. The electronically signed document will be used and sent within the framework of public procurement processes, in accordance with the rules imposed by each contracting authority through the electronic platform, named Electronic Public Procurement System. The paper is structured in sections covering the legal framework of public procurement and critical infrastructure, as well as the practical implementation scenario. The novelty of this research lies in the demonstration of a full-spectrum attack chain that combines legal compliance, identity theft and exploitation of institutional trust to bypass traditional security mechanisms.

Enhancing the Security of High-Responsibility Information Systems Through Fault Tree Modeling

Constantin-Alin COPACI, Ioan BACIVAROV — Mon, 24 Nov 2025 00:00:00 +0200

With the advancement of technology, high-dependability information systems have become indispensable for the efficient operation of activities in strategic sectors, among which communications play a crucial role. This paper aims to ensure the security and reliability of a communication system through the application of fault tree analysis. This approach seeks to identify vulnerable components, assess the probability of adverse events within the system, and propose measures to enhance its performance under conditions of risk or failure.

Securing the Future: Cybersecurity Challenges in Wearable Devices

Daniela NAIPEANU — Mon, 24 Nov 2025 00:00:00 +0200

Wearable devices, such as smartwatches, fitness trackers and medical monitors, have become essential to our day-to-day lives. They offer incredible benefits, making it easier to track our health and stay connected to the world. This kind of technology comes with a lot of advantages, as it simplifies different tasks people do daily. However, this convenience comes with significant cybersecurity risks. Because of the collected data, cybercriminals are starting to target the devices. This article will present the challenges faced to keep wearable technology secure. The paper examines the multiple cyber threats that the devices encounter, like malware, phishing and vulnerabilities in wireless connectivity. Also, the paper presents a software framework that is specifically built to offer uninterrupted security monitoring for wearable devices. The platform employs a complete strategy to tackle security challenges, encompassing intrusion detection and prevention, efficient vulnerability management, and prompt security patching.

Public Attribution in Cyberspace: Symbolic Gesture or Strategic Weapon?

Mihai OLTEANU — Mon, 24 Nov 2025 00:00:00 +0200

States have developed multiple defensive approaches, but deterrence has emerged as a central element of cyber strategy. Public attribution (the official act of publicly identifying the actor responsible for a cyber operation) has become a widely used instrument, particularly among NATO and EU members, despite its high political and technical costs. This paper examines the relationship between public attribution and deterrence, with reference to five recognized forms: punishment, denial, entanglement, norms, and association. Using recent data and selected cases, the analysis shows that public attributions can sometimes generate tangible outcomes (e.g., sanctions, indictments, or defensive improvements), while in other cases they produce little deterrent effect. Nonetheless, the value of public attribution should not be measured solely by utilitarian efficiency, but also through the principled lens of international law and normative signaling. Even when immediate effects are absent, attribution reaffirms international norms, imposes reputational costs, and prevents the normalization of hostile behavior in cyberspace.

The Web Ecosystem Between Vulnerability and Resilience: The Case of Polyfill.io

Adelaida STĂNCIULESCU — Mon, 24 Nov 2025 00:00:00 +0200

This report addresses the Polyfill.io security incident, analyzed as a case study to demonstrate the impact that poor management of external dependencies can have on the resilience of the modern web ecosystem. The Polyfill.io case represents one of the most extensive external dependency compromises in recent history, affecting over 100,000 websites through sophisticated mechanisms for injecting malicious code via compromised CDN infrastructure. The analysis reveals how a supposedly harmless JavaScript library, used for cross-browser compatibility, was hijacked and exploited as a global attack vector. The study investigates the mechanisms by which the polyfill.io domain was taken over and used for the conditional distribution of malicious code. Through comparative analysis with other major supply incidents chain (SolarWinds, Log4Shell, XZ Utils), the paper identifies the unique features of the Polyfill.io case - including the passive nature of the compromise, the almost instantaneous speed of propagation, and the unprecedented diversity of victims. The results of the analysis reveal the importance of implementing strengthened security measures for managing external dependencies, such as systematically verifying the integrity of resources, enforcing content security policies, and continuously monitoring ownership changes within open-source projects.

Enhancing 5G Infrastructure to Withstand Emerging Digital Threats

Andreea BENCHEA — Mon, 24 Nov 2025 00:00:00 +0200

The advent and rapid expansion of 5G technology brings substantial advancements in communication capabilities, characterized by ultra-low latency, enhanced bandwidth, and massive device connectivity. However, this technological evolution simultaneously exposes critical infrastructure to a broad spectrum of sophisticated and evolving digital threats. This paper addresses the security challenges inherent to 5G networks and proposes a set of advanced, intelligent solutions tailored to their architectural complexity. The proposed measures include Zero Trust Architecture (ZTA), artificial intelligence-based behavioral analytics, federated learning, blockchain-enabled device authentication, and secure orchestration of network slicing. These methodologies offer a scalable, proactive, and privacy-conscious security framework capable of ensuring operational resilience and data integrity. The objective of this work is to emphasize the necessity of adopting adaptive and future-ready defense mechanisms to safeguard the robustness and reliability of 5G infrastructures against emerging cyber threats.

Law Enforcement Cooperation in the Prevention and Countering of Disinformation

Marius-Andrei OROȘANU — Mon, 24 Nov 2025 00:00:00 +0200

The growing impact of disinformation on public trust, democratic processes, and national security has made the prevention and countering of disinformation a strategic priority for law enforcement agencies. This paper explores the role of police cooperation -both national and international - in identifying, preventing, and responding to disinformation campaigns, particularly those amplified through digital platforms and social media. Law enforcement authorities, in collaboration with cybersecurity units, must adapt their operational frameworks to detect and address coordinated information manipulation. Romania, as a member of the European Union and signatory to multiple international agreements, actively participates in joint operations, data sharing, and institutional efforts through bodies such as Europol, Eurojust, and the European Centre of Excellence for Countering Hybrid Threats. Additionally, the involvement of civil society, media organizations, and private tech companies is essential for building resilience against disinformation. The paper argues that successful prevention requires a multidimensional approach: legal harmonization, technical capacity building, and the strengthening of cross-border cooperation mechanisms. In this context, Romania’s growing institutional capability and engagement in EU-led initiatives underline its strategic role in the regional fight against disinformation.

Communication Security in Computer Networks: Encryption Methods and Performance Evaluation

Constantin-Alin COPACI, Dorina-Luminița COPACI — Mon, 24 Nov 2025 00:00:00 +0200

With the increasing complexity and interconnectivity of networks, numerous cyber threats have emerged, including data interception, packet manipulation, man-in-the-middle attacks, spoofing, and Denial-of-Service (DoS) attacks. In response to these risks, data encryption stands out as one of the most effective strategies for safeguarding the confidentiality and integrity of information transmitted over networks. This study aims to analyze and compare several encryption methods employed in securing communications within computer networks, using simulations conducted in the MATLAB environment. Data encryption scenarios will be implemented, and the performance of the algorithms will be assessed based on metrics such as execution time, key size, and the impact on communication latency.

Border Control Entry-Exit System - the New Way of Secure Travelling

Andrei MOCANU — Mon, 24 Nov 2025 00:00:00 +0200

In a world constantly changing and citizens with more and more access to travel, the way of regulating border crossing must be taken into discussion. Not far from the date this article is published, European Commission announced the entry in operation of the Entry-Exit System (EES). A system that will shape the way we travel, modernizing the border checks, making them more efficient, easier and faster. The aim is to secure borders in the Schengen area, preventing irregular migration and adding a new level of trust between EU institutions and its citizens. This new system is replacing the traditional passport stamps with digitally record of travelers who enters and exit coming from non-EU countries. It is aimed to increase security of the Schengen area citizens and to prevent overstay or irregular migration or, even worse, fraud and fake identities. The ‘stamping’ will include also the biometrics of the person entering (face and fingerprints) making it almost impossible to trick the system. This way, criminality and terrorist attacks can be mitigated easier, making Europe a safer place.

Deliberative Loading of a Global Polyfill: Compromise Simulation and OSINT Analysis

Adelaida STĂNCIULESCU, Ioan BACIVAROV — Mon, 24 Nov 2025 00:00:00 +0200

Modern web projects frequently rely on third-party packages and services (CDN, polyfills providers) to ensure compatibility. A polyfill that modifies global objects (e.g. Array.prototype) provides convenient compatibility, but introduces a single point of failure: compromising that provider can lead to the distribution of malicious code to all pages that include it. The purpose of the study is to demonstrate, in a controlled manner, the effects of installing a global polyfill and to show how exposures can be identified and quantified through ethical OSINT techniques. This paper presents a reproducible methodology for simulating the scenario where a polyfill It installs its functionality globally (Array.prototype.findLast () as an example) and thereby expands the attack surface of web applications. Using a controlled environment and ethical OSINT techniques to map adoption and exposure in the public space, the paper assesses operational risks and proposes technical mitigation measures. The methodological emphasis is on reproducibility, non- intrusiveness and validation based on public evidence.

Generative AI Applications in Cybersecurity and Cybercrime

Dragoș-Ionuț IONESCU — Mon, 24 Nov 2025 00:00:00 +0200

In the rapidly evolving digital landscape, Artificial Intelligence (AI) and Machine Learning Software (MLS) are playing increasingly significant roles in cybersecurity and cyber-attacks. This article explores the multifaceted applications of AI and MLS in both defending against and perpetrating cyber threats. It delves into how these technologies are used to enhance security measures, detect anomalies, and predict potential threats, while also examining their use in executing sophisticated cyber-attacks, including password cracking, social authentication attacks, and the creation of evasive malware. The objective is to provide a comprehensive overview of the current state of AI and MLS in cybersecurity on both offense and defense and to provide some examples for the most common generative AI tools.

CyberCon Romania 2025 Welcome Message

Ioan BACIVAROV — Mon, 24 Nov 2025 00:00:00 +0200

Ladies and gentlemen, distinguished guests, colleagues in the field of cybersecurity,

First of all, I would like to extend to you, as President of the Romanian Association for Information Security Assurance (RAISA), a warm welcome to the CyberCon Romania 2025 conference.

As you probably know, I am Professor Emeritus in the field of dependability (reliability, maintainability, security, survivability a.o.) at the Faculty of Electronics, Telecommunications and Information Technology of the National University of Science and Technology POLITEHNICA Bucharest, the most important technical university in Romania. In this capacity, I have introduced and developed several innovative educational and scientific programs in these fields over the last four decades.

I would like to begin by expressing our gratitude to the Embassy of the United States of America in Romania for the constant support provided to the CyberCon Romania conference organization over the last years. It is important to mention that this partnership - started at the initiative of the US Embassy- has obtained the Cyber Outstanding Security Performance Award (Cyber OSPA) 2022 in the Outstanding Cyber Security Partnership category.

Special thanks are due to the educational partners of CyberCon Romania 2025, including the National Institute of Research and Development in Informatics - ICI Bucharest, the Euro-Atlantic Resilience Center, the Romanian Banking Institute, the European Institute of Romania, the Romanian Institute of Financial Studies, to the universities involved including the National University of Science and Technology POLITEHNICA Bucharest, “Alexandru Ioan Cuza” Police Academy, “Carol I” National Defense University a.o., as well as to all the other organizations and companies involved in this important area participating in the conference, whose names are mentioned on the conference website.

The fact that the work of this conference is taking place at the headquarters of the European Commission Representation in Romania wants to emphasize the importance given by the European Union to cybersecurity issues. Therefore, we would like to thank, once again, the European Commission Representation in Romania for the support provided in the organization of this conference. Our thanks also go to the media partner of this event, the National Press Agency AGERPRES, for the way it reflected RAISA's activities aimed at improving cybersecurity culture in Romania.Special thanks are due to all the important experts in the field who will present their views during the conference and will thus contribute to shaping a realistic picture of the challenges, risks and solutions in the field of cybersecurity, in the very difficult international period we are going through.

In today’s hyperconnected world, cybersecurity has evolved from a technical concern to a foundational pillar of global stability. The modern threat landscape is more complex than ever, shaped by geopolitical tensions, AI-driven attacks, and an expanding digital ecosystem that blurs the line between personal, corporate, and national security.

It is important to note that, in the current complicated international circumstances, the North Atlantic Treaty Organization (NATO) treats cybersecurity as a core element of its collective defense and deterrence strategy. As we navigate 2025, organizations face a dual challenge: defending against increasingly sophisticated adversaries while maintaining trust, privacy, and operational resilience.

The rise of generative AI, deepfake technology, and quantum computing threats is redefining what it means to be “secure.” Meanwhile, human factors - awareness, behavior, and ethics - remain the most critical layer of defense. The path forward demands collaboration, transparency, and continuous innovation. Cybersecurity is no longer just an IT issue - it’s a shared responsibility across sectors, governments, and individuals. Together, we must shift from reactive defense to proactive resilience, building a safer digital future for all.

The Romanian Association for Information Security Assurance (RAISA) - the main organizer of this conference - is a professional, nonprofit and public benefit association, founded 13 years ago, as an initiative dedicated to disseminating the concept of cybersecurity and fighting against cybercrime. The vision of RAISA is to promote research and education in information security field, to contribute to the creation and dissemination of knowledge and technology in this domain and to create a strong “cybersecurity culture” at national level.

We are aware that the achievement of a strong “cybersecurity culture” can be obtained only through the joint effort of several entities from the public, private and academic sectors. Romania has a very good position in Europe in the field of cybersecurity, and the competence of Romanian specialists in the field is recognized and appreciated. The cooperation of all the factors involved is the key word, if the development of a strong and efficient cybersecurity system is desired at national level.

And conferences like CyberCon Romania can facilitate the exchange of ideas and the establishment of partnerships in this important field. As technology continues to evolve, so do the threats we face - making collaboration and knowledge-sharing more vital than ever. This conference is not only a forum for ideas but also a community dedicated to building a safer, more resilient digital world.

CyberCon Romania 2025 takes place within a managerial part, structured in several panels, and within a scientific part. During the conference, challenges and future changes in the field of cyber-security will be analyzed.

Finally, we would like to thank all the authors who submitted their work, all experts participating in the panels, and all those who contributed to the Conference with their efforts and support. We hope that the CyberCon Romania 2025 Conference will be a both stimulating and enjoyable forum in which to share current results and trends in cybersecurity, to develop new partnerships and we wish it every success.

Let’s make together this conference an inspiring and impactful experience for everyone. More information about CyberCon Romania 2025 can be found on the webpage https://www.cybercon.ro.