Abstract
Cyber attacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the cybercrime business, organized using the value chain perspective, to understand cyber attack in a systematic way. Understanding the specialization, commercialization, and cooperation for cyber attacks helps us to identify 24 key value-added activities and their relations. These can be offered “as a service” for use in a cyber attack. This framework helps to understand the cybercriminal service ecosystem and hacking innovations. Finally, a few examples are provided showing how this framework can help to build a more cyber immune system, like targeting cybercrime control-points and assigning defense responsibilities to encourage collaboration.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, Systematically Understanding the Cyber Attack Business: A Survey
- ABC NEWS. 2008. Bad economy helping Web scammers recruit mules. Retrieved from http://abcnews.go.com/Technology/story?id&equal;6428943.Google Scholar
- Lillian Ablon, Martin C. Libicki, and Andrea A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Technical Report. RAND Corporation. 1--85.Google Scholar
- Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick Mcdaniel, and Matthew Smith. 2016. SoK: Lessons learned from Android security research for appified software platforms. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. 433--451.Google ScholarCross Ref
- Abdullah M. Algarni and Yashwant K. Malaiya. 2014. Software vulnerability markets: Discoverers and buyers. Int. J. Comput., Electr., Automat., Control Info. Eng. 8, 3 (2014), 480--490.Google Scholar
- Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy. 2017. Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service provider networks. In Proceedings of the 2017 IEEE Symposium on Security and Privacy. 805--823.Google ScholarCross Ref
- Mashael Alsabah and Ian Goldberg. 2014. Performance and security improvements for Tor: A survey. Comput. Surveys 49, 2 (2014), 1--38. Google ScholarDigital Library
- Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michel J. G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. 2013. Measuring the cost of cybercrime. In The Economics of Information Security and Privacy. Springer-Verlag Berlin Heidelberg 2013, 265--300.Google ScholarCross Ref
- Thanassis Avgerinos, Sang Kil Cha, Brent Lim, Tze Hao, and David Brumley. 2011. AEG: Automatic exploit generation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium, Vol. 14. 1--18.Google Scholar
- Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and David Brumley. 2017. Your exploit is mine: Automatic shellcode transplant for remote exploits. In Proceedings of the IEEE Symposium on Security and Privacy. 824--839.Google ScholarCross Ref
- Bradley Barth. 2018. RIG and GrandSoft exploit kits shell out new GandCrab ransomware. Retrieved from www.scmagazine.com/rig-and-grandsoft-exploit-kits-shell-out-new-gandcrab-ransomware/article/740900/.Google Scholar
- Eli Blumenthal and Elizabeth Weise. 2016. Hacked home devices caused massive Internet outage. Retrieved from https://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/.Google Scholar
- Danny Bradbury. 2014. Testing the defences of bulletproof hosting companies. Netw. Secur. 2014, 6 (2014), 8--12. Google ScholarDigital Library
- Russell Brandom. 2017. An Anonymous group just took down a fifth of the dark web. Retrieved from https://www.theverge.com/2017/2/3/14497992/freedom-hosting-ii-hacked-anonymous-dark-web-tor.Google Scholar
- David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. 2008. Automatic patch-based exploit generation is possible: Techniques and implications. In Proceedings of the IEEE Symposium on Security and Privacy. 143--157. Google ScholarDigital Library
- Danton Bryans. 2014. Bitcoin and Money Laundering: Mining for an Effective Solution. Vol. 89. Indiana Law Journal, 441--472.Google Scholar
- Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. 2011. Measuring pay-per-install: The commoditization of malware distribution. In Proceeddings of the USENIX Security Symposium. 13:1--13:16. Google ScholarDigital Library
- Vince D. Calhoun and Tülay Adali. 2009. Feature-based fusion of medical imaging data. IEEE Trans. Info. Technol. Biomed. 13, 5 (2009), 711--720. Google ScholarDigital Library
- Alejandro Calleja, Juan Tapiador, and Juan Caballero. 2016. A look into 30 years of malware development from a software metrics perspective. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses, Vol. 9854 LNCS. 325--345.Google ScholarCross Ref
- Davide Canali and Davide Balzarotti. 2013. Behind the scenes of online attacks: An analysis of exploitation behaviors on the web. In Proceedings of the 20th Annual Network 8 Distributed System Security Symposium.Google Scholar
- Onur Catakoglu, Marco Balduzzi, and Davide Balzarotti. 2016. Automatic extraction of indicators of compromise for web applications. In Proceedings of the World Wide Web Conference. 333--343. Google ScholarDigital Library
- Onur Catakoglu, Marco Balduzzi, and Davide Balzarotti. 2017. Attacks landscape in the dark side of the web. In Proceedings of the ACM Symposium on Applied Computing. 1739--1746. Google ScholarDigital Library
- New Jersey Cybersecurity 8 Communications Integration Cell. 2016. Exploit kit variants: Neutrino. Retrieved from https://www.cyber.nj.gov/threat-profiles/exploit-kit-variants/neutrino.Google Scholar
- Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, and Insup Lee. 2013. Analyzing and defending against web-based malware. Comput. Surveys 45, 4 (2013), 1--35. Google ScholarDigital Library
- Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, and Dawn Song. 2011. MACE: Model-inference-assisted concolic exploration for protocol and vulnerability discovery. In Proceedings of the USENIX Security Symposium. 139--154. Google ScholarDigital Library
- Kim-Kwang Raymond Choo. 2011. The cyber threat landscape: Challenges and future research directions. Comput. Secur. 30, 8 (2011), 719--731. Google ScholarDigital Library
- Nicolas Christin. 2013. Traveling the silk road: A measurement analysis of a large anonymous online marketplace. In Proceedings of the 22nd International Conference on World Wide Web. 213--224. Google ScholarDigital Library
- Cuong Xuan Chu, Niket Tandon, and Gerhard Weikum. 2017. Distilling task knowledge from how-to communities. In Proceedings of the World Wide Web Conference. 805--814. Google ScholarDigital Library
- Cisco. 2016. Cisco 2016 Annual Security Report. Technical Report. Cisco. 1--87.Google Scholar
- David D. Clark. 2012. Control point analysis. In Proceedings of the TRPC Conference. 25. Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract.Google ScholarCross Ref
- Bernd Conrad and Fatemeh Shirazi. 2014. A survey on Tor and I2P. In Proceedings of the 9th International Conference on Internet Monitoring and Protection. 22--28.Google Scholar
- Contagio. 2015. An Overview of Exploit Packs (Update 25) May 2015. Retrieved from http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html.Google Scholar
- CSIMarket. 2017. CSIMarket return on investment screening. Retrieved from https://csimarket.com/screening/index.php?s&equal;roi.Google Scholar
- Exploit Database. 2017. The exploit database. Retrieved from https://www.exploit-db.com/.Google Scholar
- DEEPDOTWEB. 2018. Updated: List of Dark Net Markets. Retrieved from https://www.deepdotweb.com/2013/10/28/updated-llist-of-hidden-marketplaces-tor-i2p/.Google Scholar
- DEEPWEBADMIN. 2017. Build a black market in dark web only for $4500; Cybercrime goes PAAS. Retrieved from https://www.deepweb-sites.com/build-black-market-dark-web-4500-cybercrime-goes-paas/.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. Naval Research Lab Washington DC.Google ScholarCross Ref
- Thomas Donilon, Chair Samuel Palmisano, Keith Alexander, Ana Antón, Ajay Banga, Steven Chabinsky, Patrick Gallagher, Peter Lee, Herbert Lin, Heather Murren, Joseph Sullivan, Maggie Wilderotter, and Kiersten Todt. 2016. Commission on Enhancing National Cybersecurity. Technical Report. NIST, 1--100.Google Scholar
- Benoit Dupont, Anne-Marie Cote, Claire Savine, and David Decary-Hetu. 2016. The ecology of trust among hackers. Global Crime 17, 2 (2016), 129--151.Google ScholarCross Ref
- Rober M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid. Technical Report. SANS ICS and E-ISAC, 23.Google Scholar
- Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. Comput. Surveys 44, 2 (2012), 1--42. Google ScholarDigital Library
- Jose Esteves, Elisabete Ramalho, and Guillermo de Haro. 2017. To improve cybersecurity, think like a hacker. MIT Sloan Manage. Rev. 58, 3 (2017), 71--77.Google Scholar
- Adrienne Porter Felt and David Wagner. 2011. Phishing on mobile devices. In Web 2.0 Security and Privacy, Vol. 2. 1--10.Google Scholar
- Kristin M. Finklea and Catherine A. Theohary. 2015. Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement. Technical Report. Congressional Research Service, R42547, 1--27.Google Scholar
- Thomas Fox-Brewster. 2016. Android Gooligan hackers just scored the biggest ever theft of Google accounts. Retrieved from https://www.forbes.com/sites/thomasbrewster/2016/11/30/gooligan-android-malware-1m-google-account-breaches-check-point-finds.Google Scholar
- Thomas Fox-Brewster. 2017. Forget Silk Road, cops just scored their biggest victory against the dark web drug trade. Retrieved from https://www.forbes.com/sites/thomasbrewster/2017/07/20/alphabay-hansa-dark-web-markets-taken-down-in-massive-drug-bust-operation.Google Scholar
- Anonymous France. 2016. Anonymity and privacy first lesson taught on OnionIRC. Retrieved from https://www.anonymous-france.eu/anonymity-and-privacy-first-lesson-taught-on-onionirc.html.Google Scholar
- Jerry Gao, Xiaoying Bai, Wei-Tek Tsai, and Tadahiro Uehara. 2014. Mobile application testing: A tutorial. Computer 47, 2 (2014), 46--55. Google ScholarDigital Library
- Glen Gibb, Hongyi Zeng, and Nick McKeown. 2012. Outsourcing network functionality. In Proceedings of the ACM Workshop on Hot Topics in Software Defined Networking (HotSDN’12). 73. Retrieved from http://dl.acm.org/citation.cfm?doid&equal;2342441.2342457. Google ScholarDigital Library
- Misha Glenny. 2011. DarkMarket: Cyberthieves, Cybercops and You. Retrieved from http://books.google.nl/books?id&equal;uxAcuzbyw9YCGoogle Scholar
- Max Goncharov. 2012. Russian Underground 101. Technical Report. Trend Micro. 1--29.Google Scholar
- Google. 2015. Vulnerability Research Grant Rules. Retrieved from https://www.google.com/about/appsecurity/research-grants/.Google Scholar
- Diana Granger. 2017. Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum. Retrieved from https://www.recordedfuture.com/fatboy-ransomware-analysis/.Google Scholar
- Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence. In Proceedings of the 24th USENIX Security Symposium. 1057--1072. Google ScholarDigital Library
- Andy Greenberg. 2016. Hackers claim to auction data they stole from NSA-linked spies. Retrieved from https://www.wired.com/2016/08/hackers-claim-auction-data-stolen-nsa-linked-spies/.Google Scholar
- Gustavo Grieco, Guillermo Luis Grinblat, Lucas Uzal, Sanjay Rawat, Josselin Feist, and Laurent Mounier. 2016. Toward large-scale vulnerability discovery using machine learning. In Proceedings of the ACM Conference on Data and Application Security and Privacy. 85--96. Google ScholarDigital Library
- Felix Gröbert, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Software distribution as a malware infection vector. In Proceedings of the International Conference for Internet Technology and Secured Transactions. 1--6.Google ScholarCross Ref
- Chen Hajaj, Noam Hazon, and David Sarne. 2017. Enhancing comparison shopping agents through ordering and gradual information disclosure. Auton. Agents Multi-Agent Syst. 31, 3 (2017), 696--714. Google ScholarDigital Library
- Ashley Harris. 2016. Cyber Ethics: An assessment of government and private industry. Ph.D. Dissertation. Utica College.Google Scholar
- Andreas Haslebacher, Jeremiah Onaolapo, and Gianluca Stringhini. 2016. All your cards are belong to us: Understanding online carding forums. CoRR abs/1607.00117 vol. 1. Retrieved from http://arxiv.org/abs/1607.00117.Google Scholar
- Ryan Heartfield and George Loukas. 2015. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. Comput. Surveys 48, 3 (2015), 1--39. Google ScholarDigital Library
- Cormac Herley and Dinei Florêncio. 2010. Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In Economics of Information Security and Privacy. Springer Science+Business Media, LLC, 33--53.Google Scholar
- Alex Hern. 2015. Hacking Team hacked: Firm sold spying tools to repressive regimes, documents claim. Retrieved from https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim.Google Scholar
- Thomas J. Holt. 2017. Identifying gaps in the research literature on illicit markets on-line. Global Crime 18, 1 (2017), 1--10.Google ScholarCross Ref
- Thomas J. Holt, Deborah Strumsky, Olga Smirnova, and Max Kilger. 2012. Examining the social networks of malware writers and hackers. Int. J. Cyber Criminol. 6, 1 (2012), 891--903.Google Scholar
- Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C. Freiling. 2008. Measuring and detecting fast-flux service networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS’08). 24--31.Google Scholar
- Jason Hong. 2012. The current state of phishing attacks. Commun. ACM 55, 1 (2012), 74--81. Google ScholarDigital Library
- Danny Yuxing Huang, Doug Grundman, Kurt Thomas, Abhishek Kumar, Elie Bursztein, Kirill Levchenko, and Alex C. Snoeren. 2017. Pinning down abuse on google maps. In Proceedings of the 26th International World Wide Web Conference. 1471--1479. Google ScholarDigital Library
- Keman Huang, Jinjing Han, Shizhan Chen, and Zhiyong Feng. 2016. A skewness-based framework for mobile app permission recommendation and risk evaluation. In Proceedings of the International Conference on Service-Oriented Computing. 252--266.Google ScholarCross Ref
- Keman Huang, Michael Siegel, Stuart Madnick, Xiaohong Li, and Zhiyong Feng. 2016. Diversity or concentration? Hackers’ strategy for working across multiple bug bounty programs. In Proceedings of the IEEE Symposium on Security and Privacy. 2.Google Scholar
- Keman Huang, Jia Zhang, Wei Tan, and Zhiyong Feng. 2017. Shifting to mobile: Network-based empirical study of mobile vulnerability market. IEEE Trans. Services Comput. 99 (2017), 1--14.Google ScholarCross Ref
- Inj3ct0r. 2018. Oday.today. Retrieved from https://0day.today.Google Scholar
- Steven K. 2011. Tracking cyber crime: scan4you.net (Private AV Checker). Retrieved from http://www.xylibox.com/2011/10/scan4younet-private-av-checker.html.Google Scholar
- Vitaly Kamluk and Alexander Gostev. 2016. Adwind-a Cross Platform RAT. Technical Report. Kaspersky.Google Scholar
- Karthik Kannan, Mohammad S. Rahman, and Mohit Tawarmalani. 2016. Economic and policy implications of restricted patch distribution. Manage. Sci. 62, 11 (2016), 3161--3182. Google ScholarDigital Library
- Mohammad Karami, Youngsam Park, and Damon McCoy. 2016. Stress testing the booters: Understanding and undermining the business of DDoS services. In Proceedings of the 25th International Conference on World Wide Web. 1033--1043. Google ScholarDigital Library
- Limor Kessem. 2015. The return of Ramnit: Life after a law enforcement takedown. Retrieved from https://securityintelligence.com/the-return-of-ramnit-life-after-a-law-enforcement-takedown/.Google Scholar
- Swati Khandelwal. 2017. Shadow brokers, who leaked WannaCry SMB exploit, are back with more 0-days. Retrieved from http://thehackernews.com/2017/05/shodow-brokers-wannacry-hacking.html.Google Scholar
- Maria Konte and Nick Feamster. 2015. ASwatch: An AS reputation system to expose bulletproof hosting ASes. In Proceedings of the SIGCOMM Conference on Communications Architecture 8 Protocols (SIGCOMM’15). 625--638. Google ScholarDigital Library
- Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. 2016. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. 839--858.Google ScholarCross Ref
- Brian Krebs. 2016. Money mule gangs turn to Bitcoin ATMs. Retrieved from https://krebsonsecurity.com/2016/09/money-mule-gangs-turn-to-bitcoin-atms/.Google Scholar
- Nir Kshetri. 2006. The simple economics of cybercrimes. IEEE Secur. Priv. 4, 1 (2006), 33--39. Google ScholarDigital Library
- Dana Lahat, Tulay Adali, and Christian Jutten. 2015. Multimodal data fusion: An overview of methods, challenges, and prospects. Proc. IEEE 103, 9 (2015), 1449--1477.Google ScholarCross Ref
- Angel Lagares Lemos, Florian Daniel, and Boualem Benatallah. 2015. Web service composition: A survey of techniques and tools. Comput. Surveys 48, 3 (2015), 1--41. Google ScholarDigital Library
- E. R. Leukfeldt. 2014. Cybercrime and social ties: Phishing in amsterdam. Trends Organ. Crime 17, 4 (2014), 231--249.Google Scholar
- Rutger Leukfeldt. 2015. Organised cybercrime and social opportunity structures: A proposal for future research directions. Eur. Rev. Organ. Crime 2, 2 (2015), 91--103.Google Scholar
- Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark FelegyhaziGrier, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage. 2011. Click trajectories: End-to-end analysis of the spam value chain. In Proceedings of the IEEE Symposium on Security and Privacy. 431--446. Google ScholarDigital Library
- Weifeng Li, Hsinchun Chen, and Jay F. Nunamaker Jr. 2017. Identifying and profiling key sellers in cyber carding community : AZSecure text mining system. J. Manage. Info. Syst. 33, 4 (2017), 1059--1086.Google ScholarCross Ref
- Xiaojing Liao, Damon Mccoy, and Elaine Shi. 2016. Characterizing long-tail SEO spam on cloud web hosting services. In Proceedings of the World Wide Web Conference. 321--332. Google ScholarDigital Library
- Vincent Loy, Kyra Mattar, Tan Shong Ye, Bahgya Perera, Jimmy Sng, and Maggie Leong. 2015. Reclaiming Cybersecurity: The Global State of Information Security Survey 2016. Technical Report. PwC. 1--8.Google Scholar
- Yong Lu, Xin Luo, Michael Polgar, and Yuanyuan Cao. 2010. Social network analysis of a criminal hacker community. J. Comput. Infor. Syst. 51, 2 (2010), 31.Google Scholar
- Robert Luh, Stefan Marschalek, Manfred Kaiser, Helge Janicke, and Sebastian Schrittwieser. 2017. Semantics-aware detection of targeted attacks: A survey. J. Comput. Virol. Hack. Techn. 13, 1 (2017), 47--85.Google ScholarCross Ref
- Stuart Madnick. 2016. Dark Web: Hackers trump good guys in sharing information. (2016).Google Scholar
- Stuart Madnick. 2017. Preparing for the cyberattack that will knock out U.S. power grids. Harvard Bus.s Rev. (2017), 5. https://hbr.org/2017/05/preparing-for-the-cyberattack-that-will-knock-out-u-s-power-grids.Google Scholar
- Stuart Madnick. 2017. What executives get wrong about cybersecurity. Sloan Manage. Rev. January (2017), 22--24.Google Scholar
- Thomas Maillart, Mingyi Zhao, Jens Grossklags, and John Chuang. 2016. Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs. In Proceedings of the Workshop on the Economics of Information Security (WEIS’16). 1--19.Google Scholar
- MalwareTech. 2017. How to accidentally stop a global cyber attack. Retrieved from https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html.Google Scholar
- Derek Manky. 2013. Cybercrime as a service: A very modern business. Comput. Fraud Secur. 6 (2013), 9--13.Google ScholarCross Ref
- Steve Mansfield-Devine. 2016. The imitation game: How business email compromise scams are robbing organisations. Comput. Fraud Secur. 11 (2016), 5--10.Google Scholar
- Etay Maor. 2013. No money mule, no problem: Recruitment website kits for sale. Retrieved from https://securityintelligence.com/money-mule-problem-recruitment-website-kits-sale/.Google Scholar
- Max Goncharov. 2015. Criminal Hideouts for Lease: Bulletproof Hosting Services. Technical Report. Trend Micro. 28 pages.Google Scholar
- Inc. McAfee. 2016. McAfee Labs 2017 Threats Predictions. Technical Report. McAfee. 1--51.Google Scholar
- Michael McCaul. 2017. The war in cyberspace: Why we are losing—How to fight back. Retrieved from https://www.rsaconference.com/videos/the-war-in-cyberspace-why-we-are-losing-and-how-to-fight-back.Google Scholar
- Damon Mccoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. 2008. Shining light in dark places: Understanding the Tor network. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. 63--76. Google ScholarDigital Library
- Michael McGuire. 2012. Organised Crime in the Digital Age. Technical Report. London: John Grieve Centre for Policing and Security.Google Scholar
- McKinsey 8 Company. 2015. A Labor Market That Works : Connecting Talent With Opportunity in the Digital Age. Technical Report. McKinsey 8 Company. 88.Google Scholar
- William Melicher, Blase Ur, Sean M Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the Usenix Security Conference. 239. Google ScholarDigital Library
- Max Metzger. 2016. Snapchat got whaled, employee payroll released. Retrieved from https://www.scmagazineuk.com/snapchat-got-whaled-employee-payroll-released/article/530493/.Google Scholar
- Tyler Moore. 2010. Introducing the economics of cybersecurity: Principles and policy options. In Proceedings of the Workshop on Deterring Cyberattacks: Informing Strategis and DEveloping Options for U.S. Policy. 3--23.Google Scholar
- Steve Morgan. 2016. Hackerpocalypse : A Cybercrime Revelation. Technical Report. Cybersecurity Ventures. 1--24.Google Scholar
- Robert S. Mueller III. 2012. Combating threats in the cyber world: Outsmarting terrorists, hackers, and spies. Retrieved from https://archives.fbi.gov/archives/news/speeches/combating-threats-in-the-cyber-world-outsmarting-terrorists-hackers-and-spies.Google Scholar
- Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Bitcoin.org. https://bitcoin.org/bitcoin.pdf.Google Scholar
- Marcin Nawrocki, Matthias Wählisch, Thomas C. Schmidt, Christian Keil, and Jochen Schönfelder. 2016. A survey on honeypot software and data analysis. eprint arXiv:1608.06249 (2016), 1--38.Google Scholar
- Arash Nourian and Stuart Madnick. 2015. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet. IEEE Trans. Depend. Secure Comput.99 (2015), 20.Google Scholar
- NTTSecurity. 2016. SERT Quarterly Threat Report Q2 2016. Technical Report. NTTSecurity.Google Scholar
- G. Odinot, M. A. Verhoeven, R. L. D. Pool, and C. J. de Poot. 2017. Organised Cybercrime in the Netherlands. Technical Report. The WODC (Research and Documentation Centre) of the Ministry of Security and Justice, 1--87.Google Scholar
- Philip O’Kane, Sakir Sezer, and Kieran McLaughlin. 2011. Obfuscation: The hidden malware.IEEE Secur. Priv. 9, 5 (2011), 41--47. Google ScholarDigital Library
- Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini. 2016. What happens after you are Pwnd: Understanding the use of leaked account credentials in the wild. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference. 1--15. Google ScholarDigital Library
- Hilarie Orman. 2013. The compleat story of phish. IEEE Internet Comput. 17, 1 (2013), 87--91. Google ScholarDigital Library
- Andy Ozment. 2004. Bug auctions: Vulnerability markets reconsidered. In Proceedings of the Workshop on Economics of Information Security (WEIS’04). 1--23.Google Scholar
- Pierluigi Paganini. 2016. Ran$umBin a dark web service dedicated to ransomware. Retrieved from http://securityaffairs.co/wordpress/46770/breaking-news/46770.html.Google Scholar
- N. Pavkovic and L. Perkov. 2011. Social engineering toolkit—A systematic approach to social engineering. In Proceedings of the 34th International Convention on Information and Communication Technology, Electronics and Microelectronics. 1485--1489.Google Scholar
- Michael Porter. 1985. Competitive Advantage: Creating and Sustaining Superior Performance. The Free Press.Google Scholar
- Rebecca S. Portnoff, Sadia Afroz, Greg Durrett, Jonathan K. Kummerfeld, Taylor Berg-Kirkpatrick, Damon Mccoy, and Vern Paxson. 2017. Tools for automated analysis of cybercriminal markets. In Proceedings of the World Wide Web Conference. 657--666. Google ScholarDigital Library
- PwC. 2016. Global Economic Crime Survey 2016: Adjusting the Lens on Economic Crime. Technical Report. PwC. 1--31.Google Scholar
- Bradley Reaves, Jasmine Bowers, Sigmund Albert, Gorski Iii, North Carolina, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, and Patrick Traynor. 2016. *Droid: Assessment and evaluation of Android application analysis tools. Comput. Surveys 49, 3 (2016), 1--30. Google ScholarDigital Library
- Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler. 2016. Sending out an SMS: Characterizing the security of the SMS ecosystem with public gateways. In Proceedings of the IEEE Symposium on Security and Privacy. 339--356.Google Scholar
- Peter Reuter and Edwin M. Truman. 2003. Money laundering: Methods and markets. In Chasing Dirty Money: The Fight Against Money Laundering. Peterson Institute, 25--43.Google Scholar
- Rick Holland. 2016. the hacker talent shortage: What organizations can learn from the recruitment efforts of their attackers. Proceedings of the https://www.digitalshadows.com/blog-and-research/the-hacker-talent-shortage-what-organizations-can-learn-from-the-recruitment-efforts-of-their-attackers/.Google Scholar
- Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández, and Pedro García-Teodoro. 2013. Survey and taxonomy of botnet research through life-cycle. Comput. Surveys 45, 4 (2013), 1--33. Google ScholarDigital Library
- Christian Rossow. 2013. Using Malware Analysis to Evaluate Botnet Resilience. Ph.D. Dissertation. Vrije Universiteit.Google Scholar
- RSA Whitepaper. 2016. 2016: Current State of Cybercrime. Technical Report. RSA. 1--7.Google Scholar
- Ryan Ellis, Keman Huang, Michael Siegel, Katie Moussouris, and James Houghton. 2017. Fixing a hole: The labor market for bugs. In New Solutions for Cybersecurity, Alex Pentland, Howard Shrobe, and David Shrier (Eds.). MIT Press, 122--147.Google Scholar
- Hamid Salim and Stuart Madnick. 2016. Cyber safety: A systems theory approach to managing cyber security risks-applied to TJX cyber attack. Cybersecurity at MIT Sloan, Working Paper, 1--17. http://web.mit.edu/smadnick/www/wp/2016-09.pdf.Google Scholar
- Raj Samani and Francois Paget. 2013. Cybercrime Exposed: Cybercrime-as-a-Service. Technical Report. McAfee. 1--18.Google Scholar
- Bruce Schneier. 2015. Secrets and Lies: Digital Security in a Networked World. Wiley. Google ScholarDigital Library
- Sebastian Schrittwieser, Johannes Kinder, Georg Merzdovnik, Edgar Weippl, and Stefan Katzenbeisser. 2015. Protecting software through obfuscation: Can it keep pace with progress in code analysis? Comput. Surveys 49, 4 (2015), 1--40. Google ScholarDigital Library
- E. J. Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit hardening made easy. In Proceedings of the USENIX Security Conference, vol. 8. 25. Google ScholarDigital Library
- Offensive Security. 2017. Offensive security training, certifications, and services. Retrieved from https://www.offensive-security.com/.Google Scholar
- Securityfocus. 2012. Payload Definition. Retrieved from http://www.securityfocus.com/glossary/P.Google Scholar
- Dave Shackleford. 2015. Combatting Cyber Risks in the Supply Chain. Technical Report. SANS Institute, 1--20.Google Scholar
- Wanita Sherchan, Surya Nepal, and Cecile Paris. 2013. A survey of trust in social networks. Comput. Surveys 45, 4 (2013), 47--47:33. Google ScholarDigital Library
- Sergei Shevchenko. 2016. Two bytes to $951M. Retrieved from http://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html.Google Scholar
- Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SOK: (State of) the art of war: Offensive techniques in binary analysis. In Proceedings of the IEEE Symposium on Security and Privacy. 138--157.Google ScholarCross Ref
- Johan Sigholm. 2013. Non-state actors in cyberspace operations. J. Military Studies 4, 1 (2013), 1--37.Google ScholarCross Ref
- Aditya K. Sood and Richard J. Enbody. 2013. Crimeware-as-a-service-a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Protect. 6, 1 (2013), 28--38.Google ScholarCross Ref
- Aditya K. Sood and Richard J. Enbody. 2013. Targeted cyberattacks: A superset of advanced persistent threats. IEEE Secur. Priv. 11, 1 (2013), 54--61. Google ScholarDigital Library
- Kyle Soska, Nicolas Christin, Kyle Soska, and Nicolas Christin. 2015. Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In Proceedings of the 24th USENIX Security Symposium. 33--48. Google ScholarDigital Library
- Melvin R. J. Soudijn and Birgit C. H. T. Zegers. 2012. Cybercrime and virtual offender convergence settings. Trends Organ. Crime 15, 2--3 (2012), 111--129.Google ScholarCross Ref
- Richard Spinello. 2016. Cyberethics: Morality and Law in Cyberspace. Jones 8 Bartlett Learning.Google Scholar
- Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, and Nick Nikiforakis. 2016. No honor among thieves: A large-scale analysis of malicious web shells. In Proceedings of the World Wide Web Conferernce. 1021--1032. Google ScholarDigital Library
- Steemit. 2017. theshadowbrokers. Retrieved from https://steemit.com/@theshadowbrokers.Google Scholar
- William J. Stevenson. 2012. Operations Management (11th ed.). Tim Vertovec.Google Scholar
- Brett Stone-gross, Ryan Abman, Richard A. Kemmerer, Christopher Kruegel, Douglas G. Steigerwald, and Giovanni Vigna. 2013. The underground economy of fake antivirus software. In Economics of Information Security and Privacy III. Springer, New York, 55--78.Google Scholar
- Gianluca Stringhini, Oliver Hohlfeld, Christopher Kruegel, and Giovanni Vigna. 2014. The harvester, the botmaster, and the spammer: On the relations between the different actors in the spam landscape. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. 353--364. Google ScholarDigital Library
- Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, and Jorge Blasco. 2014. Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families. Expert Syst. Appl. 41, 4, 1 (2014), 1104--1117. Google ScholarDigital Library
- Sufatrio, Darell J. J. Tan, Tong-wei Chua, and Vrizlynn L. L. Thing. 2015. Securing Android: A survey, taxonomy, and challenges. Comput. Surveys 47, 4 (2015), 1--45. Google ScholarDigital Library
- Kimberly Tam, A. L. I. Feizollah, N. O. R. Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. 2017. The evolution of Android malware and Android analysis techniques. Comput. Surveys 49, 4 (2017), 1--41. Google ScholarDigital Library
- Digital Shadows Analyst Team. 2017. Innovation in the underworld: Reducing the risk of ripper fraud. Retrieved from https://www.digitalshadows.com/blog-and-research/innovation-in-the-underworld-reducing-the-risk-of-ripper-fraud.Google Scholar
- Vrizlynn L. L. Thing, Henry C. J. Lee, and Morris Sloman. 2005. Traffic redirection attack protection system (TRAPS). In IFIP Advances in Information and Communication Technology, vol. 181. Springer, Boston, 309--325.Google Scholar
- Kurt Thomas, Juan Antonio Elices Crespo, Ryan Rasti, Jean-Michel Picod, Damon Mccoy, Lucas Ballard, Elie Bursztein, Moheeb Abu Rajab, and Niels Provos. 2016. Investigating commercial pay-per-install and the distribution of unwanted software. In Proceedings of the 25th USENIX Security Symposium. 721--738. Google ScholarDigital Library
- Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, and Dawn Song. 2011. Design and evaluation of a real-time URL spam filtering service. In Proceedings of the IEEE Symposium on Security and Privacy. 447--462. Google ScholarDigital Library
- Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, and Giovanni Vigna. 2015. Framing dependencies introduced by underground commoditization. In Proceedings of the Workshop on the Economics of Information Security. 1--24.Google Scholar
- Kevin Townsend. 2017. Latest WannaCry theory: Currency manipulation. Retrieved from http://www.securityweek.com/latest-wannacry-theory-currency-manipulation.Google Scholar
- Amit Kumar Tyagi and G. Aghila. 2011. A wide scale survey on botnet. Int. J. Comput. Appl. 34, 9 (2011), 975--8887.Google Scholar
- Sun Tzu. 2005. The Art of War. Shambhala Publications.Google Scholar
- Verizon. 2017. 2017 Data Breach Investigations Report. Technical Report. Verizon.Google Scholar
- John Wadleigh, Jake Drew, and Tyler Moore. 2015. The E-commerce market for “lemons”: Identification and analysis of websites selling counterfeit goods. In Proceeddings of the 24th International Conference on World Wide Web. 1188--1197. Google ScholarDigital Library
- Wikileaks. 2017. Vault 7: CIA Hacking Tools Revealed. Retrieved from https://wikileaks.org/ciav7p1/.Google Scholar
- Eric Wustrow and Benjamin VanderSloot. 2016. DDoSCoin: Cryptocurrency with a malicious proof-of-work. In Proceeddings of the USENIX Workshop on Offensive Technologies. Google ScholarDigital Library
- Haitao Xu, Daiping Liu, Haining Wang, and Angelos Stavrou. 2015. E-commerce reputation manipulation: The emergence of reputation-escalation-as-a-service. In Proceedings of the 24th International Conference on World Wide Web. 1296--1306. Google ScholarDigital Library
- Michael Yip, Nigel Shadbolt, and Craig Webber. 2013. Why forums?: An empirical analysis into the facilitating factors of carding forums. In Proceedings of the 5th Annual ACM Web Science. 453--462. Google ScholarDigital Library
- Kim Zetter. 2014. A Google site meant to protect you is helping hackers attack you. Retrieved from https://www.wired.com/2014/09/how-hackers-use-virustotal/.Google Scholar
- Mingyi Zhao, Jens Grossklags, and Peng Liu. 2015. An empirical study of web vulnerability discovery ecosystems. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1105--1117. Google ScholarDigital Library
- Ziming Zhao, Mukund Sankaran, Gail Joon Ahn, Thomas J. Holt, Yiming Jing, and Hongxin Hu. 2016. Mules, seals, and attacking tools: Analyzing 12 online marketplaces. IEEE Secur. Priv. 14, 3 (2016), 32--43.Google ScholarDigital Library
Index Terms
- Systematically Understanding the Cyber Attack Business: A Survey
Recommendations
Identify Uncertainty of Cyber Crime and Cyber Laws
CSNT '13: Proceedings of the 2013 International Conference on Communication Systems and Network TechnologiesCyber crime used different new methods in modern era. Cyber crime not well defined. It is very typical to identify new types of cyber crime. Cyber crime is defined in proper and standard manner than easy to make cyber laws. This uncertainty makes ...
Understanding cyber threats and vulnerabilities
Critical Infrastructure ProtectionThis chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ...
Comments