Explore the vast range of titles available.

The healthcare sectors have constantly faced significant challenge due to the rapid rise of cyber threats. These threats can pose any potential risk within the system context and disrupt the critical healthcare service delivery. It is therefore necessary for the healthcare organisations to understand and tackle the threats to ensure overall security and resilience. However, threats are continuously evolved and there is large amount of unstructured security-related textual information is available. This makes the threat assessment and management task very challenging. There are a number of existing works that consider Machine Learning models for detection and prediction of cyber attack but they lack of focus on the Natural Language Processing (NLP) to extract the threat information from unstructured security-related text. To this end, this work proposes a novel method to assess and manage threats by adopting natural language processing. The proposed method has been tailored for the healthcare ecosystem and allows to identify and assess the possible threats within healthcare information infrastructure so that appropriate control and mitigation actions can be taken into consideration to tackle the threat. In detail, NLP techniques are used to extract the useful threat information related to specific assets of the healthcare ecosystems from the largely available security-related information on Internet (e.g. cyber security news), to evaluate the level of the identified threats and to select the required mitigation actions. We have performed experiments on real healthcare ecosystems in Fraunhofer Institute for Biomedical Engineering, considering in particular three different healthcare scenarios, namely implantable medical devices, wearables, and biobank, with the purpose of demonstrating the feasibility of our approach, which is able to provide a realistic manner to identify and assess the threats, evaluate the threat level and suggest the required mitigation actions.

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats.

Timely detection and effective treatment of cyber-attacks for protecting personal and sensitive data from unauthorized disclosure constitute a core demand of citizens and a legal obligation of organizations that collect and process personal data. SMEs and organizations understand their obligation to comply with GDPR and protect the personal data they have in their possession. They invest in advanced and intelligent solutions to increase their cybersecurity posture. This article introduces a ground-breaking Network Traffic Analyzer, a crucial component of the Cyber-pi project's cyber threat intelligent information sharing architecture (CTI2SA). The suggested system, built on the Lambda (λ) architecture, enhances active cybersecurity approaches for traffic analysis by combining batch and stream processing to handle massive amounts of data. The Network Traffic Analyzer's core module has an automatic model selection mechanism that selects the ML model with the highest performance among its rivals. The goal is to keep the architecture's overall threat identification capabilities functioning effectively.

Abstract In today’s hyper-connected world, sharing cyber threat intelligence (CTI) is essential for strengthening collective defenses against an ever-evolving landscape of cyber threats. While most cybersecurity professionals acknowledge its importance, many believe their organizations could improve CTI sharing, highlighting ongoing challenges in translating recognition into practice. CTI sharing remains one of the most complex and underdeveloped areas of cybersecurity strategy, with challenges that extend far beyond the technology realm, exacerbated by the absence of a universally accepted definition of CTI, incompatible platforms, and multiple interpretations of trust related to sharing. Theoretical frameworks such as the economics of information exchange and human-to-technology trust that work well for explaining other forms of information sharing, fall short in comprehensively explaining the challenges of CTI sharing. This perspective calls for an expanded research agenda to uncover the underlying barriers to and enablers of CTI sharing. We highlight the unique nature of CTI, where the fusion of raw threat data with human insight distinguishes it from other forms of information exchange, complicating traditional models of data sharing. We develop our perspective beyond existing paradigms, informed by our theoretical repertoires and insights from forty interviewed cybersecurity professionals, to propose a structured approach toward evaluating CTI sharing. We conclude by presenting a conceptual framework that identifies ten factors shaping CTI sharing outcomes and offer a research agenda to advance the CTI sharing research and practice.

The increasing degree of connectivity in factory of the future (FoF) environments, with systems that were never designed for a networked environment in terms of their technical security nature, is accompanied by a number of security risks that must be considered. This leads to the necessity of relying on risk assessment-based approaches to reach a sufficiently mature cyber security management level. However, the lack of common definitions of cyber threat actors (CTA) poses challenges in untested environments such as the FoF. This paper analyses policy papers and reports from expert organizations to identify common definitions of CTAs. A significant consensus exists only on two common CTAs, while other CTAs are often either ignored or overestimated in their importance. The identified motivations of CTAs are contrasted with the specific characteristics of FoF environments to determine the most likely CTAs targeting FoF environments. Special emphasis is given to corporate competitors, as FoF environments probably provide better opportunities than ever for industrial espionage if they are not sufficiently secured. In this context, the study aims to draw attention to the research gaps in this area.

The main purpose of the article is to develop a modern mechanism for information support of financial and economic security under the influence of the most significant cyber threats. As part of the study, the importance and weight of this type of threat to financial and economic security as a cyberspatial action has been proven. The object of the study is open socio-economic systems engaged in information and telecommunications activities on the territory of Ukraine under martial law. It is substantiated that in a state of war, the increased influence of modern cyber threats significantly reduces the level of financial and economic security. The research methodology involves the use of a diverse number of methods, the main of which are: the method of system analysis, expert analysis, the Delphi method, modelling and the analytical-hierarchical process. As a result of the study, changes were identified in the dynamics of key performance indicators of institutions in the field of information and telecommunication services, which have a direct impact on ensuring financial and economic security. The need to improve information support in order to improve the level of security has been proven. A modern mechanism for information support of financial and economic security has been developed, which, unlike similar ones, focuses on the principles of countering cyber threats. The key most significant cyber threats to institutions in the field of information and telecommunication services today, under martial law, have been identified. Their ordering made it possible to better understand which measures should be applied first and which should not. The proposed approach to streamlining cyber threats forms the information basis for effectively ensuring financial and economic security in modern conditions.

Cyber Threat Intelligence (CTI) reports are essential resources for identifying the Tactics, Techniques, and Procedures (TTPs) of hackers and cyber threat actors. However, these reports are often lengthy and unstructured, which limits their suitability for automatic mapping to the MITRE ATT&CK framework. This study designs and compares five hybrid classification models that combine statistical features (TF-IDF), transformer-based contextual embeddings (BERT and ModernBERT), and topic-level representations (BERTopic) to automatically classify CTI reports into 12 ATT&CK tactic categories. Experiments using the rcATT dataset, consisting of 1490 public threat reports, show that the model integrating TF-IDF and ModernBERT achieved a micro-precision of 72.25%, reflecting a 10.07-percentage-point improvement in detection precision compared with the baseline. The model combining TF-IDF and BERTopic achieved a micro F0.5 of 67.14% and a macro F0.5 of 63.20%, demonstrating balanced performance across both frequent and rare tactic classes. These findings indicate that integrating statistical, contextual, and semantic representations can improve the balance between precision and recall while enabling clearer interpretation of model outputs in multi-label CTI classification. Furthermore, the proposed model shows potential applicability for improving detection efficiency and reducing analyst workload in Security Operations Center (SOC) environments.

In an advanced and dynamic cyber threat environment, organizations need to yield more proactive methods to handle their cyber defenses. Cyber threat data known as Cyber Threat Intelligence (CTI) of previous incidents plays an important role by helping security analysts understand recent cyber threats and their mitigations. The mass of CTI is exponentially increasing, most of the content is textual which makes it difficult to analyze. The current CTI visualization tools do not provide effective visualizations. To address this issue, an exploratory data analysis of CTI reports is performed to dig-out and visualize interesting patterns of cyber threats which help security analysts to proactively mitigate vulnerabilities and timely predict cyber threats in their networks.

Network traffic analysis can raise privacy concerns due to its ability to reveal sensitive information about individuals and organizations. This paper proposes a privacy-preserving Block-chained AutoML Network Traffic Analyzer (BANTA). The system securely stores network traffic logs in a decentralized manner, providing transparency and security. Differential privacy algorithms protect sensitive information in the network flow logs while allowing administrators to analyze network traffic without the risk of leakages. The BANTA uses blockchain technology, where smart contracts automate the process of network traffic analysis, and a multi-signature system ensures the system’s security, safety, and reliability. The proposed approach was evaluated using a real-world network traffic dataset. The results demonstrate the system’s high accuracy and real-time anomaly detection capabilities, which makes it well-suited for scalable cybersecurity operations. The system’s privacy protection, decentralized storage, automation, multi-signature system, and real-world effectiveness ensure that the organization’s data is private, secure, and effectively protected from cyber threats, which are the most vexing issue of modern cyber-physical systems.

Internet usage has grown exponentially, with individuals and companies performing multiple daily transactions in cyberspace rather than in the real world. The coronavirus (COVID-19) pandemic has accelerated this process. As a result of the widespread usage of the digital environment, traditional crimes have also shifted to the digital space. Emerging technologies such as cloud computing, the Internet of Things (IoT), social media, wireless communication, and cryptocurrencies are raising security concerns in cyberspace. Recently, cyber criminals have started to use cyber attacks as a service to automate attacks and leverage their impact. Attackers exploit vulnerabilities that exist in hardware, software, and communication layers. Various types of cyber attacks include distributed denial of service (DDoS), phishing, man-in-the-middle, password, remote, privilege escalation, and malware. Due to new-generation attacks and evasion techniques, traditional protection systems such as firewalls, intrusion detection systems, antivirus software, access control lists, etc., are no longer effective in detecting these sophisticated attacks. Therefore, there is an urgent need to find innovative and more feasible solutions to prevent cyber attacks. The paper first extensively explains the main reasons for cyber attacks. Then, it reviews the most recent attacks, attack patterns, and detection techniques. Thirdly, the article discusses contemporary technical and nontechnical solutions for recognizing attacks in advance. Using trending technologies such as machine learning, deep learning, cloud platforms, big data, and blockchain can be a promising solution for current and future cyber attacks. These technological solutions may assist in detecting malware, intrusion detection, spam identification, DNS attack classification, fraud detection, recognizing hidden channels, and distinguishing advanced persistent threats. However, some promising solutions, especially machine learning and deep learning, are not resistant to evasion techniques, which must be considered when proposing solutions against intelligent cyber attacks.