Cyber-security
One focus of my research is on the application of game theory and behavioural economics to issues in cyber-security. I was involved in two large inter-disciplinary projects on ransomware - a form of malware that encrypts a victims files and asks for a ransom to restore access to those files. I was also involved with a Home Office funded project on improving cyber behaviour in small organisations led by Anna Cartwright. Currently, I am involved in a project on evaluating the ransom threat to Ethereum 2.0, and a further project looking at the relationship between insurance and ransomware. Details on funded projects below.
Recent papers:
Cartwright, A & Cartwright, E. and Edun, E. S. (2023). Cascading information on best practice: Cyber security risk management in UK micro and small businesses and the role of IT companies. Computers and Security.
Mott, G., Turner, S., Nurse, J.R., MacColl, J., Sullivan, J., Cartwright, A. and Cartwright, E. (2023). Between a rock and a hard (ening) place: Cyber insurance in the ransomware era. Computers & Security, 128, p.103162.
Cartwright, A., Cartwright, E., MacColl, J., Mott, G., Turner, S., Sullivan, J. and Nurse, J.R., (2023). How cyber insurance influences the ransomware payment decision: theory and evidence. The Geneva Papers on Risk and Insurance-Issues and Practice, 48(2), pp.300-331.
Cartwright, A. & Cartwright, E. (2023). The Economics of ransomware attacks on integrated supply chain networks. Digital Threats: Research and Practice.
Bhudia, A., Cartwright, A., Cartwright, E., Hernandez-Castro, J., & Hurley-Smith, D. (2023). Identifying Incentives for Extortion in Proof of Stake Consensus Protocols. In The International Conference on Deep Learning, Big Data and Blockchain (pp. 109-118). Springer, Cham.
Cartwright, A., Cartwright, E., Xue, L., and Hernandez-Castro, J. (2022) An investigation of individual willingness to pay ransomware Journal of Financial Crime, (available online).
Bhudia, A., Cartwright, A., Cartwright, E., Hernandez-Castro, J., & Hurley-Smith, D. (2022). Extortion of a Staking Pool in a Proof-of-Stake Consensus Mechanism. In 2022 IEEE International Conference on Omni-layer Intelligent Systems (COINS) (pp. 1-6). IEEE.
Hernandez-Castro, J., Cartwright, E., & Stepanova, A. (2020). Economic Analysis of Ransomware and its welfare consequences. Royal Society Open Science.
Cartwright, A., E. Cartwright and L. Xue (2019). Investing in prevention or paying for recovery. GameSec2019, Lecture Notes in Computer Science.
Cartwright, A. & Cartwright, E. (2019). Ransomware and Reputation. Games.
Cartwright, E., Hernandez-Castro, J., & Stepanova, A. (2019). To pay or not: Game theoretic models of ransomware. Journal of Cybersecurity.
Ransomware - The role of cyber-insurance
‘Ransomware: The Role of Cyber Insurance’ (RaCI) is a multidisciplinary research project between RUSI (Royal United Services Institute), the University of Kent, De Montfort University and Oxford Brookes University. The project seeks to understand the role of cyber insurance in handling the challenges posed by ransomware and the impact on how governments, law enforcement and the insurance industry to tackle ransomware. For more information on the project click here.
The ransom and extortion threat on Ethereum 2.0 - Ethereum Foundation
Consensus algorithms are at the core of what makes cryptocurrencies decentralised. They facilitate the agreement between millions of users worldwide on topics, such as the playing rules of a given chain or a smart contract. Ethereum 2.0 uses a proof-of-stake (PoS) consensus mechanism. This crucially depends on financial incentives to ensure that validators perform certain duties and do not act maliciously. Should a validator attempt to defraud the system, legitimate validators will identify this and staked cryptocurrency is `burned' through a process of slashing.
In this project, we show that an attacker who has compromised a set of validators could threaten to perform malicious actions that would result in slashing, and, thus, hold those validators to ransom. We use game theory to study three strategies where an attacker can deploy a smart contract, and it is in the interests of the validators to fully pay the ransom. The possibility of such attacks could be somewhat disruptive to Ethereum 2.0 and, likely, to many other PoS networks. We also considered and evaluated potential mitigation measures.
This project was joint with Anna Cartwright and Julio Hernandez-Castro with support of Alpesh Bhudia and Darren Hurley-Smith.
Cyber-security health checks for micro organisations - Home Office Project
This project investigated how to improve cyber-security in micro businesses (less than 10 employees) and charities. The focus was on the human-aspects of the cyber-security and the barriers that small organizations face in adopting cyber best practice. As part of the project, small organizations were able to complete a cyber-security health check with KITC Solutions (the University of Kent student led IT consultancy). The health check was built around the NCSC Small Business Guide. At the end of the health-check we trialled an intervention designed to help overcome procrastination.
Before and 3 months after the health check the participants were surveyed about cyber behavior in their organization. This allows exploration of the effect of the health-check and intervention. As part of the project a typology of small business behavior was developed, which also considers how amenable businesses might be to cyber advice and the adoption of behavioural tools to overcome procrastination.
The project involved co-ordination with the regional cyber protect officers in Kent and Leicester, as well as regional business and charity support organisations.
EMPHASIS - EconoMical, PsycHologicAl and Societal Impact of RanSomware
This project, funded by the Engineering and Physical Sciences Research Council, focused on the threat of ransomware. This specific strand of malware has become more prevalent in recent years, when cybercriminals realised they could easily and quickly cash-in by holding citizens, SMEs, banks and critical infrastructure organisations (such as utility companies, police and hospitals) to ransom, often with the threat of data loss or data release (blackmail). At the same time ransomware has experienced a significant evolution, with the threat becoming increasingly complex and powerful while at the same time incorporating psychological and sociological tricks to increase the likelihood of victims complying. Such tricks include a countdown timer leading to a complete deletion of the victims’ data if they fail to comply, or threatening to embarrass the victim by threatening to release embarrassing information (real or not).
We advanced the knowledge and understanding of ransomware on a number of different but complementary dimensions: From the economic point of view, we studied how ransomware works as a business operation, what are the critical parameters for its success, where are the weak points and how we can use them to evaluate their associated risks and threat levels. Eventually to fight against them or at least limit their profitability. Profiling the cybercriminals and their victims, we explored whether we can profile the cybercriminals behind the development and exploitation of ransomware, and also their victims. This can help both the police and other law enforcement agencies to act against the cybercriminals more effectively. Victim profiling will also help us understand better what personality, psychological, economic and societal traits can predict a greater victimisation risk, and recommend strategies and targeted actions to reduce their exposure. We also aim to have an impact on the perception of citizens, SMEs and other end-users of the increasing risks involved in falling prey to ransomware, and on how to provide an adequate response to those risks. To address this, we developed and widely disseminated advice on how to act in the case of a ransomware infection, to fully inform victims about the best and most responsible course of action.
Read more www.emphasis.ac.uk and @EMPHASISRansom
RAMSES – Internet forensic platform for tracking the money flow of financially-motivated malware
The overall objective of the project, Funded by the European Union’s Horizon2020, was to design and develop a holistic, intelligent, scalable and modular platform for Law Enforcement Agencies (LEAs) to facilitate digital Forensic Investigations. The system will extract, analyse, link and interpret information extracted from Internet related with financially-motivated malware.
Customers, developers and malware victims were included in order to obtain a better understanding of how and where malware is spread and to get to the source of the threat. To achieve these ambitious objectives, this project used disruptive Big Data technologies to firstly extract and storage, and secondly look for patterns of fraudulent behaviour in enormous amounts of unstructured and structured data. We focussed on 2 case studies: ransomware and banking Trojans.
In order to this, RAMSES brought together the latest technologies to develop an intelligent software platform, combining scraping of public and deep web, detecting manipulation and steganalysis for images and videos, tracking malware payments, extraction and analysis of malware samples and Big Data analysis and visualizations tools.
Read more at https://ramses2020.eu/ and @RamsesEU
