Due to the technical advancement, Information and Communication Technologies have been a critical... more Due to the technical advancement, Information and Communication Technologies have been a critical part of our life a while resulting in better conformity and faster administration. On the other hand, threat space has expanded with the digitalization and altered to be more complicated as an undesired effect by this advancement. Recognizing this fact as an outcome of the Estonian cyberattack campaign, the European Union is consciously strengthening its cyber-defence. However, legislation evolves slowly, so after an eleven-year delay, the Network and information security (NIS) Directive came to the effect. The NIS Directive made advances to the world of critical infrastructures in the European Union, but on the other hand, threats have evolved, too. From these two threads comes the question of whether the nature of the incidents has changed or not. This work tries to find the answer with the review of publicly available cyber-incidents that occurred in the last ten years, focusing on the European Union, according to the Annex II of the NIS Directive. Additionally, it aims to give the basis for a public register regarding the incidents affecting one or more operators of these Essential Services.
The complex relationships of economic actors and the high dependency on information and communica... more The complex relationships of economic actors and the high dependency on information and communication technologies make it necessary for all relevant entities to develop protection. This protection should include preventive and reactive controls in a risk-proportionate manner in relation to the business value protected. We aimed to develop a solution to support cybersecurity-related business decisions with financial analytics. The risk-based approach helps management find the optimum solution with minimal costs, where protection prevents some incidents from occurring, while the risks associated with other incidents are accepted in an informed way. The security industry developed a number of apparatuses to find the optimum security controls that enforced the fiscal aspects, which typically contain solutions used in planning. However, the actual expenditure often differs from the planned budget for several reasons, one of which is the occurrence of security incidents. We used the comm...
A fogyasztói társadalom sajnálatos velejárója a pazarló életmód, melynek mértéke jelen-tős az inf... more A fogyasztói társadalom sajnálatos velejárója a pazarló életmód, melynek mértéke jelen-tős az információs technológiák felhasználása terén is. Jelen cikk egy magyar egyetemi hallgatók körében az informatika és a környezet kapcsolatvilága, valamint az informatikai biztonság témáiban végzett primer kutatás eredményeit mutatja be és elemzi, kiemelten a fenntarthatósággal kapcsolatos attitűdökre koncentrálva az informatikai eszközök kiválasztása, vásárlása és használata tekintetében.
In the current social and economic processes, information and communication services play a decis... more In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to lear...
The information society is a complex network of interconnected public and private entities and hu... more The information society is a complex network of interconnected public and private entities and human beings. Many of them choose a certain level of technological development from the generally available solutions to support internal processes attaining objectives that support operations, creating technological dependence via internal or external services of the information and communication technologies (ICTs). Due to the technological development and technological dependence caused by ICTs, a society-wide political need has arisen for tackling security requirements for cyberspace in several sectors to satisfy the individuals’ needs that directly or indirectly define the requirements for such services, resulting in a complex ecosystem with several participants. Although the European Union has formulated some crucial rules via regulations and directives with which it increasingly defined cybersecurity stakeholders from time to time, there are several missing affected parties. This pa...
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets’ technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the h...
Computer networks are usually modelled from one aspect, e.g., the physical layer of the network, ... more Computer networks are usually modelled from one aspect, e.g., the physical layer of the network, although this does not allow the researcher to understand all usage of that device. We aim to develop a model which leverages all aspects of a networked computer and, therefore, provides complete information to the scientist for all further security research, especially that related to the social sciences. Network science is about the analysis of any network, from social to protein. It is much easier to analyse computer networks with technical tools than protein networks. It is, therefore, a straightforward way to crawl the web as Albert-Laszlo Barabasi did to model its connections, nodes, and links in graph theory to analyse its internal connections. His analysis was based solely on the network layer. Our methodology uses graph theory and network science and integrates all ISO/OSI (computer networking) layers into the model. Each layer of the ISO/OSI model has its topology separately, but all of them also work as part of the complex system to operate the network. It therefore creates a multipartite graph of the network under analysis. Furthermore, the virtual private networks (VPNs) and application usage are also integrated as nodes and links. With this model, the computer network infrastructure and usage data can be used for further non-computing related research, e.g., social science research, as it includes the usage patterns of the network users.
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets' technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the human-organisational classification of botnets. We tested the defined framework on five botnet attacks, presenting them as case studies. The chosen botnets were ElectrumDoSMiner, Emotet, Gamover Zeus, Mirai, and VPNFilter. The focus of the comparison was motivation, the applied business model, willingness to cooperate, capabilities, and the attack source. For defending entities, reaching the target state of defending capabilities is impossible with a one-time development due to cyberspace's dynamic behaviour and botnets. Therefore, one has to develop cyberdefence and conduct threat intelligence on botnets using such methodology as that presented in this paper. This framework comprises people and technological attributes according to the BMIS model, providing the defender with a standard way of classification.
2020 IEEE 3rd International Conference and Workshop in Óbuda on Electrical and Power Engineering (CANDO-EPE), 2020
Due to the technical advancement, Information and Communication Technologies have been a critical... more Due to the technical advancement, Information and Communication Technologies have been a critical part of our life a while resulting in better conformity and faster administration. On the other hand, threat space has expanded with the digitalization and altered to be more complicated as an undesired effect by this advancement. Recognizing this fact as an outcome of the Estonian cyberattack campaign, the European Union is consciously strengthening its cyber-defence. However, legislation evolves slowly, so after an eleven-year delay, the Network and information security (NIS) Directive came to the effect. The NIS Directive made advances to the world of critical infrastructures in the European Union, but on the other hand, threats have evolved, too. From these two threads comes the question of whether the nature of the incidents has changed or not. This work tries to find the answer with the review of publicly available cyber-incidents that occurred in the last ten years, focusing on t...
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets' technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for t...
In the current social and economic processes, information and communication services play a decis... more In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to lear...
Due to the technical advancement, Information and Communication Technologies have been a critical... more Due to the technical advancement, Information and Communication Technologies have been a critical part of our life a while resulting in better conformity and faster administration. On the other hand, threat space has expanded with the digitalization and altered to be more complicated as an undesired effect by this advancement. Recognizing this fact as an outcome of the Estonian cyberattack campaign, the European Union is consciously strengthening its cyber-defence. However, legislation evolves slowly, so after an eleven-year delay, the Network and information security (NIS) Directive came to the effect. The NIS Directive made advances to the world of critical infrastructures in the European Union, but on the other hand, threats have evolved, too. From these two threads comes the question of whether the nature of the incidents has changed or not. This work tries to find the answer with the review of publicly available cyber-incidents that occurred in the last ten years, focusing on the European Union, according to the Annex II of the NIS Directive. Additionally, it aims to give the basis for a public register regarding the incidents affecting one or more operators of these Essential Services.
The complex relationships of economic actors and the high dependency on information and communica... more The complex relationships of economic actors and the high dependency on information and communication technologies make it necessary for all relevant entities to develop protection. This protection should include preventive and reactive controls in a risk-proportionate manner in relation to the business value protected. We aimed to develop a solution to support cybersecurity-related business decisions with financial analytics. The risk-based approach helps management find the optimum solution with minimal costs, where protection prevents some incidents from occurring, while the risks associated with other incidents are accepted in an informed way. The security industry developed a number of apparatuses to find the optimum security controls that enforced the fiscal aspects, which typically contain solutions used in planning. However, the actual expenditure often differs from the planned budget for several reasons, one of which is the occurrence of security incidents. We used the comm...
A fogyasztói társadalom sajnálatos velejárója a pazarló életmód, melynek mértéke jelen-tős az inf... more A fogyasztói társadalom sajnálatos velejárója a pazarló életmód, melynek mértéke jelen-tős az információs technológiák felhasználása terén is. Jelen cikk egy magyar egyetemi hallgatók körében az informatika és a környezet kapcsolatvilága, valamint az informatikai biztonság témáiban végzett primer kutatás eredményeit mutatja be és elemzi, kiemelten a fenntarthatósággal kapcsolatos attitűdökre koncentrálva az informatikai eszközök kiválasztása, vásárlása és használata tekintetében.
In the current social and economic processes, information and communication services play a decis... more In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to lear...
The information society is a complex network of interconnected public and private entities and hu... more The information society is a complex network of interconnected public and private entities and human beings. Many of them choose a certain level of technological development from the generally available solutions to support internal processes attaining objectives that support operations, creating technological dependence via internal or external services of the information and communication technologies (ICTs). Due to the technological development and technological dependence caused by ICTs, a society-wide political need has arisen for tackling security requirements for cyberspace in several sectors to satisfy the individuals’ needs that directly or indirectly define the requirements for such services, resulting in a complex ecosystem with several participants. Although the European Union has formulated some crucial rules via regulations and directives with which it increasingly defined cybersecurity stakeholders from time to time, there are several missing affected parties. This pa...
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets’ technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the h...
Computer networks are usually modelled from one aspect, e.g., the physical layer of the network, ... more Computer networks are usually modelled from one aspect, e.g., the physical layer of the network, although this does not allow the researcher to understand all usage of that device. We aim to develop a model which leverages all aspects of a networked computer and, therefore, provides complete information to the scientist for all further security research, especially that related to the social sciences. Network science is about the analysis of any network, from social to protein. It is much easier to analyse computer networks with technical tools than protein networks. It is, therefore, a straightforward way to crawl the web as Albert-Laszlo Barabasi did to model its connections, nodes, and links in graph theory to analyse its internal connections. His analysis was based solely on the network layer. Our methodology uses graph theory and network science and integrates all ISO/OSI (computer networking) layers into the model. Each layer of the ISO/OSI model has its topology separately, but all of them also work as part of the complex system to operate the network. It therefore creates a multipartite graph of the network under analysis. Furthermore, the virtual private networks (VPNs) and application usage are also integrated as nodes and links. With this model, the computer network infrastructure and usage data can be used for further non-computing related research, e.g., social science research, as it includes the usage patterns of the network users.
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets' technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the human-organisational classification of botnets. We tested the defined framework on five botnet attacks, presenting them as case studies. The chosen botnets were ElectrumDoSMiner, Emotet, Gamover Zeus, Mirai, and VPNFilter. The focus of the comparison was motivation, the applied business model, willingness to cooperate, capabilities, and the attack source. For defending entities, reaching the target state of defending capabilities is impossible with a one-time development due to cyberspace's dynamic behaviour and botnets. Therefore, one has to develop cyberdefence and conduct threat intelligence on botnets using such methodology as that presented in this paper. This framework comprises people and technological attributes according to the BMIS model, providing the defender with a standard way of classification.
2020 IEEE 3rd International Conference and Workshop in Óbuda on Electrical and Power Engineering (CANDO-EPE), 2020
Due to the technical advancement, Information and Communication Technologies have been a critical... more Due to the technical advancement, Information and Communication Technologies have been a critical part of our life a while resulting in better conformity and faster administration. On the other hand, threat space has expanded with the digitalization and altered to be more complicated as an undesired effect by this advancement. Recognizing this fact as an outcome of the Estonian cyberattack campaign, the European Union is consciously strengthening its cyber-defence. However, legislation evolves slowly, so after an eleven-year delay, the Network and information security (NIS) Directive came to the effect. The NIS Directive made advances to the world of critical infrastructures in the European Union, but on the other hand, threats have evolved, too. From these two threads comes the question of whether the nature of the incidents has changed or not. This work tries to find the answer with the review of publicly available cyber-incidents that occurred in the last ten years, focusing on t...
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets' technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for t...
In the current social and economic processes, information and communication services play a decis... more In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to lear...
Uploads
Papers by Zsolt Bederna