fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Niemel\u00e4, Mikko S.", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Itkonen, Juuso", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-06-02T06:54:13Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-06-02T06:54:13Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/81419", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4 tutkielma k\u00e4sittelee pime\u00e4\u00e4 verkkoa ja sielt\u00e4 organisaatioille nousevia uhkia. Pime\u00e4n verkon tutkimisella voidaan kasvattaa ymm\u00e4rryst\u00e4 kyberrikollisten toimintatavoista ja saada kyberuhkatietoa. Tavoitteena oli selvitt\u00e4\u00e4, millaisia uhkia pime\u00e4st\u00e4 verkosta nousee organisaatioille ja miten niihin voisi varautua. Mahdollisesti saatavalla kyberuhkatiedolla voitaisiin varautua ennakoivammin erilaisiin kyberuhkiin ja hy\u00f6kk\u00e4yksiin.\n\nPime\u00e4n verkon teknologiaksi rajattiin Tor-verkko, koska se on k\u00e4ytetyin teknologia. Tutkimusstrategiana oli tapaustutkimus ja tapauksena Nasdaq Helsinki listatut yhti\u00f6t sek\u00e4 niihin liittyvien verkkotunnuksien perusteella l\u00f6ydetyt uhkaavat asiat pime\u00e4st\u00e4 verkosta. Tutkimuskysymykseen siit\u00e4, miten organisaatiot voivat varautua pime\u00e4st\u00e4 verkosta nouseviin uhkiin, pyrittiin hakemaan vastausta. T\u00e4h\u00e4n kysymykseen vastaamiseksi l\u00e4hdettiin kartoittamaan, mit\u00e4 organisaatioista l\u00f6ytyneist\u00e4 tiedoista voitaisiin hy\u00f6dynt\u00e4\u00e4 kyberhy\u00f6kk\u00e4yksiss\u00e4 tai kertovatko l\u00f6yd\u00f6kset suoraan meneill\u00e4\u00e4n olevasta uhkaavasta toiminnasta. Lis\u00e4ksi kartoitettiin lievennyskeinoja l\u00f6yd\u00f6ksiin liittyviin uhkiin. Hy\u00f6kk\u00e4ystekniikoita ja -kuvioita sek\u00e4 lievennyskeinoja kartoitettiin MITRE ATT&CK viitekehyst\u00e4 ja MITRE CAPEC katalogia vasten siell\u00e4 miss\u00e4 se oli mahdollista. My\u00f6s CIS Controls kontrollit kartoitettiin tunnistettuihin kyberhy\u00f6kk\u00e4ysmenetelmiin soveltuvin osin.\n\nErityisesti vuodettuihin salasanoihin liittyvi\u00e4 l\u00f6yd\u00f6ksi\u00e4 ilmeni Nasdaq Helsinki tapauksessa. N\u00e4it\u00e4 voidaan k\u00e4ytt\u00e4\u00e4 valtuuttamattomaan p\u00e4\u00e4syyn palveluihin, jos my\u00f6s k\u00e4ytt\u00e4j\u00e4tunnus ja kohdej\u00e4rjestelm\u00e4 tunnetaan. T\u00e4m\u00e4n tutkimuksen pohjalta voidaan todeta, ett\u00e4 pime\u00e4st\u00e4 verkosta saatavalla kyberuhkatiedolla on merkityst\u00e4. N\u00e4ill\u00e4 tiedoilla olisi mahdollista suojautua ennakoivammin kyberrikollisuutta vastaan. Organisaatioiden tulisikin hy\u00f6dynt\u00e4\u00e4 kyberuhkatietoja suojautuakseen paremmin mahdollisilta kyberuhkilta ja -hy\u00f6kk\u00e4yksilt\u00e4. Jos ei tied\u00e4 mille uhkille altistuu, niin niilt\u00e4 voi olla hankala suojautua.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This study examines the dark web and emerging threats to organizations from there. It is possible to acquire cyber threat intelligence and a greater understanding of cybercriminal practices by conducting research on the dark web. The objective was to determine what kind of threats emerge from the dark web and how organizations can prepare for them. The possibly available intelligence on cyber threats could be used for more proactive preparation against various cyber threats and attacks.\n\nBecause Tor is the most used technology, it is used to represent the darknet. The research methodology consisted of a case study. The issue involved Nasdaq Helsinki and the associated surface exposures that were discovered using the domain names of the listed companies. It was attempted to answer the research question of how organizations may prepare for increasing threats from the dark web. In order to address this issue, mapping began to determine if the discovered information on the organizations may be used in cyberattacks or if the discoveries directly indicate the existence of ongoing threatening activities. In addition, mitigation actions for the identified threats were identified. Whenever possible, attack techniques and patterns as well as mitigation measures were mapped to the MITRE ATT&CK and MITRE CAPEC frameworks. When applicable, CIS Controls were also mapped to identified cyber-attack techniques.\n\nIn the instance of Nasdaq Helsinki, findings relating to password leaks were very prominent. If the username and target system are known, these can be used to gain unauthorized access to the services. On the basis of this investigation, it is possible to conclude that cyber threat intelligence collected from the dark web is significant. This information would allow for more proactive defense against cybercrime. Therefore, organizations should utilize cyber threat intelligence to protect themselves from future cyberattacks. If you are unaware of the threats you face, it can be difficult to protect yourself from them.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2022-06-02T06:54:13Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-06-02T06:54:13Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "65", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "cyber threat intelligence", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "the dark web", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "attack techniques", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "mitigations", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "How organizations can prepare for emerging threats from the dark web", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202206023041", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Tor-verkko", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "anonyymiverkot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Tor (anonymity networks)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "anonymity networks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|