A Comprehensive Study on Phishing Attack Detection and Mitigation via Ransomware-as-a-Service (RAAS)
Abstract
Ransomware-as-a-Service (RAAS), a new cybercriminal actor, is making ransomware attacks more potent and widespread. This research comprehensively assesses Ransomware-as-a-Service (RAAS) ecosystem phishing detection and prevention solutions. Seven studies compare RAAS-enabled phishing detection and prevention effectiveness, challenges, and trends. The findings recommend a multi-layered, context-aware approach for organizational resilience to shifting cyber threats. This thorough phishing attack detection and security study examines ransomware-as-a-service. Phishing attacks leverage human weaknesses to steal sensitive data and are becoming more sophisticated. Since RAAS makes ransomware attacks easier, even non-technical people may launch deadly ones. Money is making ransomware assaults more common and severe, putting people, organizations, and key infrastructure at risk. These new attacks must be detected and mitigated to safeguard digital assets. This study compares RAAS ecosystem phishing attack defence detection and mitigation technologies to identify strengths, weaknesses, and emerging trends.
References
J. Zhang and D. Tenney, “The Evolution of Integrated Advance Persistent Threat and Its Defense Solutions: A Literature Review,” Open Journal of Business and Management, vol. 12, no. 1, pp. 293–338, Dec. 2023.
S. Morgan, “Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031,” Cybercrime Magazine, Jun. 01, 2021. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/
A.K. Jain and B.B. Gupta, “A survey of phishing attack techniques, defence mechanisms and open research challenges,” Enterprise Information Systems, vol. 16, no. 4, pp. 1–39, Mar. 2021.
D.P.F. Möller, “Cyberattacker Profiles, Cyberattack Models and Scenarios, and Cybersecurity Ontology,” Advances in information security, pp. 181–229, Jan. 2023.
Cong, Lin and Grauer, Kimberly and Rabetti, Daniel and Updegrave, Henry, The Dark Side of Crypto and Web3: Crypto-Related Scams (February 14, 2023). Available at SSRN: https://ssrn.com/abstract=4358572
Buerkle, Achim, William Eaton, Ali Al-Yacoub, Melanie Zimmer, Peter Kinnell, Michael Henshaw, Matthew Coombes, Wen-Hua Chen, and Niels Lohse. "Towards industrial robots as a service (IRaaS): Flexibility, usability, safety and business models." Robotics and Computer-Integrated Manufacturing 81 (2023) 102484.
Axon, Louise, Arnau Erola, Ioannis Agrafiotis, Ganbayar Uuganbayar, Michael Goldsmith, and Sadie Creese. "Ransomware as a Predator: Modelling the Systemic Risk to Prey." Digital Threats: Research and Practice 4, no. 4 (2023): 1-38.
P.H. Meland, Y.F.F. Bayoumy, and G. Sindre, “The Ransomware-as-a-Service economy within the darknet,” Computers & Security, vol. 92, pp. 101762, May 2020.
T. McIntosh, A.S.M. Kayes, Y.P.P. Chen, A. Ng, and P. Watters, “Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions,” ACM Computing Surveys, vol. 54, no. 9, pp. 1–36, Dec. 2022.
Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Frontiers in Computer Science, vol. 3, no. 1, Mar. 2021.
T. Stojnic, D. Vatsalan, and N. A. G. Arachchilage, “Phishing email strategies: Understanding cybercriminals’ strategies of crafting phishing emails,” Security and Privacy, vol. 4, no. 5, May 2021.
Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Frontiers in Computer Science, vol. 3, no. 1, Mar. 2021.
K.F. Steinmetz, A. Pimentel, and W.R. Goe, “Performing social engineering: A qualitative study of information security deceptions,” Computers in Human Behavior, vol. 124, pp. 106930, Nov. 2021.
Goenka, Richa, Meenu Chawla, and Namita Tiwari. "A comprehensive survey of phishing: Mediums, intended targets, attack and defence techniques and a novel taxonomy." International Journal of Information Security 23, no. 2 (2024): 819-848.
Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Frontiers in Computer Science, vol. 3, no. 1, Mar. 2021.
R. A. M. Lahcen, B. Caulkins, R. Mohapatra, and M. Kumar, “Review and insight on the behavioral aspects of cybersecurity,” Cybersecurity, vol. 3, no. 1, Apr. 2020.
J.W. Bullee and M. Junger, “How effective are social engineering interventions? A meta-analysis,” Information & Computer Security, vol. 28, no. 5, pp. 801–830, Aug. 2020.
A. Shaji. George, A.S. Hovan. George, and T. Baskar, “Digitally Immune Systems: Building Robust Defences in the Age of Cyber Threats,” Zenodo (CERN European Organization for Nuclear Research), vol. 1, no. 4, Aug. 2023.
N. Saxena, E. Hayes, E. Bertino, P. Ojo, K.K.R. Choo, and P. Burnap, “Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses,” Electronics, vol. 9, no. 9, pp. 1460, Sep. 2020.
A.K. Jain and B.B. Gupta, “A survey of phishing attack techniques, defence mechanisms and open research challenges,” Enterprise Information Systems, vol. 16, no. 4, pp. 1–39, Mar. 2021.
A.G. Martín, A. Fernández-Isabel, I. Martín de Diego, and M. Beltrán, “A survey for user behavior analysis based on machine learning techniques: current models and applications,” Applied Intelligence, vol. 51, Jan. 2021.
O. Kayode-Ajala, “Applying Machine Learning Algorithms for Detecting Phishing Websites: Applications of SVM, KNN, Decision Trees, and Random Forests,” International Journal of Information and Cybersecurity, vol. 6, no. 1, pp. 43–61, Mar. 2022.
Z. Zhang, H.A. Hamadi, E. Damiani, C.Y. Yeun, and F. Taher, “Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research,” IEEE Access, vol. 10, pp. 93104–93139, 2022.
A. Sumner, X. Yuan, M. Anwar, and M. McBride, “Examining Factors Impacting the Effectiveness of Anti-Phishing Trainings,” Journal of Computer Information Systems, pp. 1–23, Aug. 2021.
G. Desolda, L.S. Ferro, A. Marrella, T. Catarci, and M.F. Costabile, “Human Factors in Phishing Attacks: A Systematic Literature Review,” ACM Computing Surveys, vol. 54, no. 8, pp. 1–35, Nov. 2022.
P. Mange, A. Lule, and R. Savant, “Advanced Spam Email Detection using Machine Learning and Bio-Inspired Meta-Heuristics Algorithms,” International Journal of Intelligent Systems and Applications in Engineering, vol. 12, no. 4s, pp. 122–135, 2024.
S. C. Sethuraman, D. P. V. S, T. Reddi, M. S. T. Reddy, and M. K. Khan, “A comprehensive examination of email spoofing: Issues and prospects for email security,” Computers & Security, vol. 131, p. 103600, Nov. 202.
T. Suleski, M. Ahmed, W. Yang, and E. Wang, “A Review of multi-factor Authentication in the Internet of Healthcare Things,” Digital Health, vol. 9, no. 1, May 2023.
K. Mahmood, W. Akram, A. Shafiq, I. Altaf, M.A. Lodhi, and S.H. Islam, “An enhanced and provably secure multi-factor authentication scheme for Internet-of-Multimedia-Things environments,” Computers & Electrical Engineering, vol. 88, p. 106888, Dec. 2020.
M.A. Kafi and T. Adnan, "Empowering Organizations through IT and IoT in the Pursuit of Business Process Reengineering: The Scenario from the USA and Bangladesh," Asian Business Review, vol. 12, no. 3, pp. 67–80, Dec. 2022.
P.H. Meland, Y.F.F. Bayoumy, and G. Sindre, “The Ransomware-as-a-Service economy within the darknet,” Computers & Security, vol. 92, pp. 101762, May 2020.
A. Basit, M. Zafar, X. Liu, A.R. Javed, Z. Jalil, and K. Kifayat, “A comprehensive survey of AI-enabled phishing attacks detection techniques,” Telecommunication Systems, vol. 76, no. 1, Oct. 2020.
D. Jampen, G. Gür, T. Sutter, and B. Tellenbach, “Don’t click: towards an effective anti-phishing training. A comparative literature review,” Human-centric Computing and Information Sciences, vol. 10, no. 1, Aug. 2020.
N.Q. Do, A. Selamat, O. Krejcar, E. Herrera-Viedma, and H. Fujita, “Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions,” IEEE Access, pp. 1–1, 2022.
M. Ifeanyi Akazue, A. Adimabua Ojugo, R. Elizabeth Yoro, B. Ogheneovo Malasowe, and O. Nwankwo, “Empirical evidence of phishing menace among undergraduate smartphone users in selected universities in Nigeria,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 28, no. 3, pp. 1756, Dec. 2022.
T. Gangavarapu, C.D. Jaidhar, and B. Chanduka, “Applicability of machine learning in spam and phishing email filtering: review and approaches,” Artificial Intelligence Review, vol. 53, Feb. 2020.
A. El Aassal, S. Baki, A. Das, and R.M. Verma, “An In-Depth Benchmarking and Evaluation of Phishing Detection Research for Security Needs,” IEEE Access, vol. 8, pp. 22170–22192, 2020.
Djeki, Essohanam, Jules Dégila, and Muhtar Hanif Alhassan. "Reimagining Authentication: A User-Centric Two-Factor Authentication with Personalized Image Verification." In 2024 ASU International Conference in Emerging Technologies for Sustainability and Intelligent Systems (ICETSIS), pp. 281-285. IEEE, 2024.
Gurukala, Neel Kumar Yadav, and Deepak Kumar Verma. "Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection." SN Computer Science 5, no. 8 (2024): 1-18.
M. Al-Hawawreh, M. Alazab, M.A. Ferrag, and M.S. Hossain, “Securing the Industrial Internet of Things against ransomware attacks: A comprehensive analysis of the emerging threat landscape and detection mechanisms,” Journal of Network and Computer Applications, vol. 223, pp. 103809, Mar. 2024.
Jalil, Sajjad, Muhammad Usman, and Alvis Fong. "Highly accurate phishing URL detection based on machine learning." Journal of Ambient Intelligence and Humanized Computing 14, no. 7 (2023): 9233-9251.
J. Zhang and D. Tenney, “The Evolution of Integrated Advance Persistent Threat and Its Defense Solutions: A Literature Review,” Open Journal of Business and Management, vol. 12, no. 1, pp. 293–338, Dec. 2023.
S.K. Hassan and A. Ibrahim, “The role of Artificial Intelligence in Cyber Security and Incident Response”, International Journal for Electronic Crime Investigation, vol. 7, no. 2, Jul. 2023.
A.V. ANDRIU, “Adaptive Phishing Detection: Harnessing the Power of Artificial Intelligence for Enhanced Email Security,” Romanian Cyber Security Journal, vol. 5, no. 1, pp. 3–9, May 2023.
Y. R. Siwakoti, M. Bhurtel, D. B. Rawat, A. Oest, and R. Johnson, “Advances in IoT security: Vulnerabilities, enabled criminal services, attacks and countermeasures,” IEEE Internet of Things Journal, vol. 10, no. 13, pp. 1–1, 2023.
M. Humayun, N. Tariq, Majed Alfayad, Muhammad Zakwan, Ghadah Alwakid, and M. Assiri, “Securing the Internet of Things in Artificial Intelligence Era: A Comprehensive Survey,” IEEE access, pp. 1–1, Jan. 2024.
M. Javed, M.J. Mannan., "Securing smart healthcare cyber-physical systems against blackhole and greyhole attacks using a blockchain-enabled gini index framework," Sensors, vol. 23, no. 23, pp. 9372, 2023.
M. Hassan, "Gitm: A gini index-based trust mechanism to mitigate and isolate sybil attack in rpl-enabled smart grid advanced metering infrastructures," IEEE Access, vol. 11, pp. 62697–62720, 2023.
U. Farooq, Muhammad Asim, Noshina Tariq, Thar Baker, Ali Ismail Awad, "Multi-mobile agent trust framework for mitigating internal attacks and augmenting RPL security," Sensors, vol. 22, no. 12, pp. 4539, 2022.
