survey

Open Access

Systematically Understanding the Cyber Attack Business: A Survey

Authors:
Keman Huang

Massachusetts Institute of Technology, Cambridge, USA

Massachusetts Institute of Technology, Cambridge, USA

0000-0003-4550-1047
View Profile

,
Michael Siegel

Massachusetts Institute of Technology, Cambridge, USA

Massachusetts Institute of Technology, Cambridge, USA
View Profile

,
Stuart Madnick

Massachusetts Institute of Technology, Cambridge, USA

Massachusetts Institute of Technology, Cambridge, USA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 51 Issue 4Article No.: 70pp 1–36https://doi.org/10.1145/3199674

Published:06 July 2018Publication History

ACM Computing Surveys

Abstract

Cyber attacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the cybercrime business, organized using the value chain perspective, to understand cyber attack in a systematic way. Understanding the specialization, commercialization, and cooperation for cyber attacks helps us to identify 24 key value-added activities and their relations. These can be offered “as a service” for use in a cyber attack. This framework helps to understand the cybercriminal service ecosystem and hacking innovations. Finally, a few examples are provided showing how this framework can help to build a more cyber immune system, like targeting cybercrime control-points and assigning defense responsibilities to encourage collaboration.

Supplemental Material

Available for Download

zip

huang.zip (1.3 MB)

Supplemental movie, appendix, image and software files for, Systematically Understanding the Cyber Attack Business: A Survey

References

ABC NEWS. 2008. Bad economy helping Web scammers recruit mules. Retrieved from http://abcnews.go.com/Technology/story?id&equal;6428943.Google Scholar
Lillian Ablon, Martin C. Libicki, and Andrea A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Technical Report. RAND Corporation. 1--85.Google Scholar
Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick Mcdaniel, and Matthew Smith. 2016. SoK: Lessons learned from Android security research for appified software platforms. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. 433--451.Google ScholarCross Ref
Abdullah M. Algarni and Yashwant K. Malaiya. 2014. Software vulnerability markets: Discoverers and buyers. Int. J. Comput., Electr., Automat., Control Info. Eng. 8, 3 (2014), 480--490.Google Scholar
Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy. 2017. Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service provider networks. In Proceedings of the 2017 IEEE Symposium on Security and Privacy. 805--823.Google ScholarCross Ref
Mashael Alsabah and Ian Goldberg. 2014. Performance and security improvements for Tor: A survey. Comput. Surveys 49, 2 (2014), 1--38. Google ScholarDigital Library
Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michel J. G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. 2013. Measuring the cost of cybercrime. In The Economics of Information Security and Privacy. Springer-Verlag Berlin Heidelberg 2013, 265--300.Google ScholarCross Ref
Thanassis Avgerinos, Sang Kil Cha, Brent Lim, Tze Hao, and David Brumley. 2011. AEG: Automatic exploit generation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium, Vol. 14. 1--18.Google Scholar
Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and David Brumley. 2017. Your exploit is mine: Automatic shellcode transplant for remote exploits. In Proceedings of the IEEE Symposium on Security and Privacy. 824--839.Google ScholarCross Ref
Bradley Barth. 2018. RIG and GrandSoft exploit kits shell out new GandCrab ransomware. Retrieved from www.scmagazine.com/rig-and-grandsoft-exploit-kits-shell-out-new-gandcrab-ransomware/article/740900/.Google Scholar
Eli Blumenthal and Elizabeth Weise. 2016. Hacked home devices caused massive Internet outage. Retrieved from https://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/.Google Scholar
Danny Bradbury. 2014. Testing the defences of bulletproof hosting companies. Netw. Secur. 2014, 6 (2014), 8--12. Google ScholarDigital Library
Russell Brandom. 2017. An Anonymous group just took down a fifth of the dark web. Retrieved from https://www.theverge.com/2017/2/3/14497992/freedom-hosting-ii-hacked-anonymous-dark-web-tor.Google Scholar
David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. 2008. Automatic patch-based exploit generation is possible: Techniques and implications. In Proceedings of the IEEE Symposium on Security and Privacy. 143--157. Google ScholarDigital Library
Danton Bryans. 2014. Bitcoin and Money Laundering: Mining for an Effective Solution. Vol. 89. Indiana Law Journal, 441--472.Google Scholar
Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. 2011. Measuring pay-per-install: The commoditization of malware distribution. In Proceeddings of the USENIX Security Symposium. 13:1--13:16. Google ScholarDigital Library
Vince D. Calhoun and Tülay Adali. 2009. Feature-based fusion of medical imaging data. IEEE Trans. Info. Technol. Biomed. 13, 5 (2009), 711--720. Google ScholarDigital Library
Alejandro Calleja, Juan Tapiador, and Juan Caballero. 2016. A look into 30 years of malware development from a software metrics perspective. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses, Vol. 9854 LNCS. 325--345.Google ScholarCross Ref
Davide Canali and Davide Balzarotti. 2013. Behind the scenes of online attacks: An analysis of exploitation behaviors on the web. In Proceedings of the 20th Annual Network 8 Distributed System Security Symposium.Google Scholar
Onur Catakoglu, Marco Balduzzi, and Davide Balzarotti. 2016. Automatic extraction of indicators of compromise for web applications. In Proceedings of the World Wide Web Conference. 333--343. Google ScholarDigital Library
Onur Catakoglu, Marco Balduzzi, and Davide Balzarotti. 2017. Attacks landscape in the dark side of the web. In Proceedings of the ACM Symposium on Applied Computing. 1739--1746. Google ScholarDigital Library
New Jersey Cybersecurity 8 Communications Integration Cell. 2016. Exploit kit variants: Neutrino. Retrieved from https://www.cyber.nj.gov/threat-profiles/exploit-kit-variants/neutrino.Google Scholar
Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, and Insup Lee. 2013. Analyzing and defending against web-based malware. Comput. Surveys 45, 4 (2013), 1--35. Google ScholarDigital Library
Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, and Dawn Song. 2011. MACE: Model-inference-assisted concolic exploration for protocol and vulnerability discovery. In Proceedings of the USENIX Security Symposium. 139--154. Google ScholarDigital Library
Kim-Kwang Raymond Choo. 2011. The cyber threat landscape: Challenges and future research directions. Comput. Secur. 30, 8 (2011), 719--731. Google ScholarDigital Library
Nicolas Christin. 2013. Traveling the silk road: A measurement analysis of a large anonymous online marketplace. In Proceedings of the 22nd International Conference on World Wide Web. 213--224. Google ScholarDigital Library
Cuong Xuan Chu, Niket Tandon, and Gerhard Weikum. 2017. Distilling task knowledge from how-to communities. In Proceedings of the World Wide Web Conference. 805--814. Google ScholarDigital Library
Cisco. 2016. Cisco 2016 Annual Security Report. Technical Report. Cisco. 1--87.Google Scholar
David D. Clark. 2012. Control point analysis. In Proceedings of the TRPC Conference. 25. Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract.Google ScholarCross Ref
Bernd Conrad and Fatemeh Shirazi. 2014. A survey on Tor and I2P. In Proceedings of the 9th International Conference on Internet Monitoring and Protection. 22--28.Google Scholar
Contagio. 2015. An Overview of Exploit Packs (Update 25) May 2015. Retrieved from http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html.Google Scholar
CSIMarket. 2017. CSIMarket return on investment screening. Retrieved from https://csimarket.com/screening/index.php?s&equal;roi.Google Scholar
Exploit Database. 2017. The exploit database. Retrieved from https://www.exploit-db.com/.Google Scholar
DEEPDOTWEB. 2018. Updated: List of Dark Net Markets. Retrieved from https://www.deepdotweb.com/2013/10/28/updated-llist-of-hidden-marketplaces-tor-i2p/.Google Scholar
DEEPWEBADMIN. 2017. Build a black market in dark web only for &dollar;4500; Cybercrime goes PAAS. Retrieved from https://www.deepweb-sites.com/build-black-market-dark-web-4500-cybercrime-goes-paas/.Google Scholar
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. Naval Research Lab Washington DC.Google ScholarCross Ref
Thomas Donilon, Chair Samuel Palmisano, Keith Alexander, Ana Antón, Ajay Banga, Steven Chabinsky, Patrick Gallagher, Peter Lee, Herbert Lin, Heather Murren, Joseph Sullivan, Maggie Wilderotter, and Kiersten Todt. 2016. Commission on Enhancing National Cybersecurity. Technical Report. NIST, 1--100.Google Scholar
Benoit Dupont, Anne-Marie Cote, Claire Savine, and David Decary-Hetu. 2016. The ecology of trust among hackers. Global Crime 17, 2 (2016), 129--151.Google ScholarCross Ref
Rober M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid. Technical Report. SANS ICS and E-ISAC, 23.Google Scholar
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. Comput. Surveys 44, 2 (2012), 1--42. Google ScholarDigital Library
Jose Esteves, Elisabete Ramalho, and Guillermo de Haro. 2017. To improve cybersecurity, think like a hacker. MIT Sloan Manage. Rev. 58, 3 (2017), 71--77.Google Scholar
Adrienne Porter Felt and David Wagner. 2011. Phishing on mobile devices. In Web 2.0 Security and Privacy, Vol. 2. 1--10.Google Scholar
Kristin M. Finklea and Catherine A. Theohary. 2015. Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement. Technical Report. Congressional Research Service, R42547, 1--27.Google Scholar
Thomas Fox-Brewster. 2016. Android Gooligan hackers just scored the biggest ever theft of Google accounts. Retrieved from https://www.forbes.com/sites/thomasbrewster/2016/11/30/gooligan-android-malware-1m-google-account-breaches-check-point-finds.Google Scholar
Thomas Fox-Brewster. 2017. Forget Silk Road, cops just scored their biggest victory against the dark web drug trade. Retrieved from https://www.forbes.com/sites/thomasbrewster/2017/07/20/alphabay-hansa-dark-web-markets-taken-down-in-massive-drug-bust-operation.Google Scholar
Anonymous France. 2016. Anonymity and privacy first lesson taught on OnionIRC. Retrieved from https://www.anonymous-france.eu/anonymity-and-privacy-first-lesson-taught-on-onionirc.html.Google Scholar
Jerry Gao, Xiaoying Bai, Wei-Tek Tsai, and Tadahiro Uehara. 2014. Mobile application testing: A tutorial. Computer 47, 2 (2014), 46--55. Google ScholarDigital Library
Glen Gibb, Hongyi Zeng, and Nick McKeown. 2012. Outsourcing network functionality. In Proceedings of the ACM Workshop on Hot Topics in Software Defined Networking (HotSDN’12). 73. Retrieved from http://dl.acm.org/citation.cfm?doid&equal;2342441.2342457. Google ScholarDigital Library
Misha Glenny. 2011. DarkMarket: Cyberthieves, Cybercops and You. Retrieved from http://books.google.nl/books?id&equal;uxAcuzbyw9YCGoogle Scholar
Max Goncharov. 2012. Russian Underground 101. Technical Report. Trend Micro. 1--29.Google Scholar
Google. 2015. Vulnerability Research Grant Rules. Retrieved from https://www.google.com/about/appsecurity/research-grants/.Google Scholar
Diana Granger. 2017. Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum. Retrieved from https://www.recordedfuture.com/fatboy-ransomware-analysis/.Google Scholar
Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence. In Proceedings of the 24th USENIX Security Symposium. 1057--1072. Google ScholarDigital Library
Andy Greenberg. 2016. Hackers claim to auction data they stole from NSA-linked spies. Retrieved from https://www.wired.com/2016/08/hackers-claim-auction-data-stolen-nsa-linked-spies/.Google Scholar
Gustavo Grieco, Guillermo Luis Grinblat, Lucas Uzal, Sanjay Rawat, Josselin Feist, and Laurent Mounier. 2016. Toward large-scale vulnerability discovery using machine learning. In Proceedings of the ACM Conference on Data and Application Security and Privacy. 85--96. Google ScholarDigital Library
Felix Gröbert, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Software distribution as a malware infection vector. In Proceedings of the International Conference for Internet Technology and Secured Transactions. 1--6.Google ScholarCross Ref
Chen Hajaj, Noam Hazon, and David Sarne. 2017. Enhancing comparison shopping agents through ordering and gradual information disclosure. Auton. Agents Multi-Agent Syst. 31, 3 (2017), 696--714. Google ScholarDigital Library
Ashley Harris. 2016. Cyber Ethics: An assessment of government and private industry. Ph.D. Dissertation. Utica College.Google Scholar
Andreas Haslebacher, Jeremiah Onaolapo, and Gianluca Stringhini. 2016. All your cards are belong to us: Understanding online carding forums. CoRR abs/1607.00117 vol. 1. Retrieved from http://arxiv.org/abs/1607.00117.Google Scholar
Ryan Heartfield and George Loukas. 2015. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. Comput. Surveys 48, 3 (2015), 1--39. Google ScholarDigital Library
Cormac Herley and Dinei Florêncio. 2010. Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In Economics of Information Security and Privacy. Springer Science+Business Media, LLC, 33--53.Google Scholar
Alex Hern. 2015. Hacking Team hacked: Firm sold spying tools to repressive regimes, documents claim. Retrieved from https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim.Google Scholar
Thomas J. Holt. 2017. Identifying gaps in the research literature on illicit markets on-line. Global Crime 18, 1 (2017), 1--10.Google ScholarCross Ref
Thomas J. Holt, Deborah Strumsky, Olga Smirnova, and Max Kilger. 2012. Examining the social networks of malware writers and hackers. Int. J. Cyber Criminol. 6, 1 (2012), 891--903.Google Scholar
Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C. Freiling. 2008. Measuring and detecting fast-flux service networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS’08). 24--31.Google Scholar
Jason Hong. 2012. The current state of phishing attacks. Commun. ACM 55, 1 (2012), 74--81. Google ScholarDigital Library
Danny Yuxing Huang, Doug Grundman, Kurt Thomas, Abhishek Kumar, Elie Bursztein, Kirill Levchenko, and Alex C. Snoeren. 2017. Pinning down abuse on google maps. In Proceedings of the 26th International World Wide Web Conference. 1471--1479. Google ScholarDigital Library
Keman Huang, Jinjing Han, Shizhan Chen, and Zhiyong Feng. 2016. A skewness-based framework for mobile app permission recommendation and risk evaluation. In Proceedings of the International Conference on Service-Oriented Computing. 252--266.Google ScholarCross Ref
Keman Huang, Michael Siegel, Stuart Madnick, Xiaohong Li, and Zhiyong Feng. 2016. Diversity or concentration? Hackers’ strategy for working across multiple bug bounty programs. In Proceedings of the IEEE Symposium on Security and Privacy. 2.Google Scholar
Keman Huang, Jia Zhang, Wei Tan, and Zhiyong Feng. 2017. Shifting to mobile: Network-based empirical study of mobile vulnerability market. IEEE Trans. Services Comput. 99 (2017), 1--14.Google ScholarCross Ref
Inj3ct0r. 2018. Oday.today. Retrieved from https://0day.today.Google Scholar
Steven K. 2011. Tracking cyber crime: scan4you.net (Private AV Checker). Retrieved from http://www.xylibox.com/2011/10/scan4younet-private-av-checker.html.Google Scholar
Vitaly Kamluk and Alexander Gostev. 2016. Adwind-a Cross Platform RAT. Technical Report. Kaspersky.Google Scholar
Karthik Kannan, Mohammad S. Rahman, and Mohit Tawarmalani. 2016. Economic and policy implications of restricted patch distribution. Manage. Sci. 62, 11 (2016), 3161--3182. Google ScholarDigital Library
Mohammad Karami, Youngsam Park, and Damon McCoy. 2016. Stress testing the booters: Understanding and undermining the business of DDoS services. In Proceedings of the 25th International Conference on World Wide Web. 1033--1043. Google ScholarDigital Library
Limor Kessem. 2015. The return of Ramnit: Life after a law enforcement takedown. Retrieved from https://securityintelligence.com/the-return-of-ramnit-life-after-a-law-enforcement-takedown/.Google Scholar
Swati Khandelwal. 2017. Shadow brokers, who leaked WannaCry SMB exploit, are back with more 0-days. Retrieved from http://thehackernews.com/2017/05/shodow-brokers-wannacry-hacking.html.Google Scholar
Maria Konte and Nick Feamster. 2015. ASwatch: An AS reputation system to expose bulletproof hosting ASes. In Proceedings of the SIGCOMM Conference on Communications Architecture 8 Protocols (SIGCOMM’15). 625--638. Google ScholarDigital Library
Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. 2016. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. 839--858.Google ScholarCross Ref
Brian Krebs. 2016. Money mule gangs turn to Bitcoin ATMs. Retrieved from https://krebsonsecurity.com/2016/09/money-mule-gangs-turn-to-bitcoin-atms/.Google Scholar
Nir Kshetri. 2006. The simple economics of cybercrimes. IEEE Secur. Priv. 4, 1 (2006), 33--39. Google ScholarDigital Library
Dana Lahat, Tulay Adali, and Christian Jutten. 2015. Multimodal data fusion: An overview of methods, challenges, and prospects. Proc. IEEE 103, 9 (2015), 1449--1477.Google ScholarCross Ref
Angel Lagares Lemos, Florian Daniel, and Boualem Benatallah. 2015. Web service composition: A survey of techniques and tools. Comput. Surveys 48, 3 (2015), 1--41. Google ScholarDigital Library
E. R. Leukfeldt. 2014. Cybercrime and social ties: Phishing in amsterdam. Trends Organ. Crime 17, 4 (2014), 231--249.Google Scholar
Rutger Leukfeldt. 2015. Organised cybercrime and social opportunity structures: A proposal for future research directions. Eur. Rev. Organ. Crime 2, 2 (2015), 91--103.Google Scholar
Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark FelegyhaziGrier, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage. 2011. Click trajectories: End-to-end analysis of the spam value chain. In Proceedings of the IEEE Symposium on Security and Privacy. 431--446. Google ScholarDigital Library
Weifeng Li, Hsinchun Chen, and Jay F. Nunamaker Jr. 2017. Identifying and profiling key sellers in cyber carding community : AZSecure text mining system. J. Manage. Info. Syst. 33, 4 (2017), 1059--1086.Google ScholarCross Ref
Xiaojing Liao, Damon Mccoy, and Elaine Shi. 2016. Characterizing long-tail SEO spam on cloud web hosting services. In Proceedings of the World Wide Web Conference. 321--332. Google ScholarDigital Library
Vincent Loy, Kyra Mattar, Tan Shong Ye, Bahgya Perera, Jimmy Sng, and Maggie Leong. 2015. Reclaiming Cybersecurity: The Global State of Information Security Survey 2016. Technical Report. PwC. 1--8.Google Scholar
Yong Lu, Xin Luo, Michael Polgar, and Yuanyuan Cao. 2010. Social network analysis of a criminal hacker community. J. Comput. Infor. Syst. 51, 2 (2010), 31.Google Scholar
Robert Luh, Stefan Marschalek, Manfred Kaiser, Helge Janicke, and Sebastian Schrittwieser. 2017. Semantics-aware detection of targeted attacks: A survey. J. Comput. Virol. Hack. Techn. 13, 1 (2017), 47--85.Google ScholarCross Ref
Stuart Madnick. 2016. Dark Web: Hackers trump good guys in sharing information. (2016).Google Scholar
Stuart Madnick. 2017. Preparing for the cyberattack that will knock out U.S. power grids. Harvard Bus.s Rev. (2017), 5. https://hbr.org/2017/05/preparing-for-the-cyberattack-that-will-knock-out-u-s-power-grids.Google Scholar
Stuart Madnick. 2017. What executives get wrong about cybersecurity. Sloan Manage. Rev. January (2017), 22--24.Google Scholar
Thomas Maillart, Mingyi Zhao, Jens Grossklags, and John Chuang. 2016. Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs. In Proceedings of the Workshop on the Economics of Information Security (WEIS’16). 1--19.Google Scholar
MalwareTech. 2017. How to accidentally stop a global cyber attack. Retrieved from https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html.Google Scholar
Derek Manky. 2013. Cybercrime as a service: A very modern business. Comput. Fraud Secur. 6 (2013), 9--13.Google ScholarCross Ref
Steve Mansfield-Devine. 2016. The imitation game: How business email compromise scams are robbing organisations. Comput. Fraud Secur. 11 (2016), 5--10.Google Scholar
Etay Maor. 2013. No money mule, no problem: Recruitment website kits for sale. Retrieved from https://securityintelligence.com/money-mule-problem-recruitment-website-kits-sale/.Google Scholar
Max Goncharov. 2015. Criminal Hideouts for Lease: Bulletproof Hosting Services. Technical Report. Trend Micro. 28 pages.Google Scholar
Inc. McAfee. 2016. McAfee Labs 2017 Threats Predictions. Technical Report. McAfee. 1--51.Google Scholar
Michael McCaul. 2017. The war in cyberspace: Why we are losing—How to fight back. Retrieved from https://www.rsaconference.com/videos/the-war-in-cyberspace-why-we-are-losing-and-how-to-fight-back.Google Scholar
Damon Mccoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. 2008. Shining light in dark places: Understanding the Tor network. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. 63--76. Google ScholarDigital Library
Michael McGuire. 2012. Organised Crime in the Digital Age. Technical Report. London: John Grieve Centre for Policing and Security.Google Scholar
McKinsey 8 Company. 2015. A Labor Market That Works : Connecting Talent With Opportunity in the Digital Age. Technical Report. McKinsey 8 Company. 88.Google Scholar
William Melicher, Blase Ur, Sean M Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the Usenix Security Conference. 239. Google ScholarDigital Library
Max Metzger. 2016. Snapchat got whaled, employee payroll released. Retrieved from https://www.scmagazineuk.com/snapchat-got-whaled-employee-payroll-released/article/530493/.Google Scholar
Tyler Moore. 2010. Introducing the economics of cybersecurity: Principles and policy options. In Proceedings of the Workshop on Deterring Cyberattacks: Informing Strategis and DEveloping Options for U.S. Policy. 3--23.Google Scholar
Steve Morgan. 2016. Hackerpocalypse : A Cybercrime Revelation. Technical Report. Cybersecurity Ventures. 1--24.Google Scholar
Robert S. Mueller III. 2012. Combating threats in the cyber world: Outsmarting terrorists, hackers, and spies. Retrieved from https://archives.fbi.gov/archives/news/speeches/combating-threats-in-the-cyber-world-outsmarting-terrorists-hackers-and-spies.Google Scholar
Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Bitcoin.org. https://bitcoin.org/bitcoin.pdf.Google Scholar
Marcin Nawrocki, Matthias Wählisch, Thomas C. Schmidt, Christian Keil, and Jochen Schönfelder. 2016. A survey on honeypot software and data analysis. eprint arXiv:1608.06249 (2016), 1--38.Google Scholar
Arash Nourian and Stuart Madnick. 2015. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet. IEEE Trans. Depend. Secure Comput.99 (2015), 20.Google Scholar
NTTSecurity. 2016. SERT Quarterly Threat Report Q2 2016. Technical Report. NTTSecurity.Google Scholar
G. Odinot, M. A. Verhoeven, R. L. D. Pool, and C. J. de Poot. 2017. Organised Cybercrime in the Netherlands. Technical Report. The WODC (Research and Documentation Centre) of the Ministry of Security and Justice, 1--87.Google Scholar
Philip O’Kane, Sakir Sezer, and Kieran McLaughlin. 2011. Obfuscation: The hidden malware.IEEE Secur. Priv. 9, 5 (2011), 41--47. Google ScholarDigital Library
Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini. 2016. What happens after you are Pwnd: Understanding the use of leaked account credentials in the wild. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference. 1--15. Google ScholarDigital Library
Hilarie Orman. 2013. The compleat story of phish. IEEE Internet Comput. 17, 1 (2013), 87--91. Google ScholarDigital Library
Andy Ozment. 2004. Bug auctions: Vulnerability markets reconsidered. In Proceedings of the Workshop on Economics of Information Security (WEIS’04). 1--23.Google Scholar
Pierluigi Paganini. 2016. Ran&dollar;umBin a dark web service dedicated to ransomware. Retrieved from http://securityaffairs.co/wordpress/46770/breaking-news/46770.html.Google Scholar
N. Pavkovic and L. Perkov. 2011. Social engineering toolkit—A systematic approach to social engineering. In Proceedings of the 34th International Convention on Information and Communication Technology, Electronics and Microelectronics. 1485--1489.Google Scholar
Michael Porter. 1985. Competitive Advantage: Creating and Sustaining Superior Performance. The Free Press.Google Scholar
Rebecca S. Portnoff, Sadia Afroz, Greg Durrett, Jonathan K. Kummerfeld, Taylor Berg-Kirkpatrick, Damon Mccoy, and Vern Paxson. 2017. Tools for automated analysis of cybercriminal markets. In Proceedings of the World Wide Web Conference. 657--666. Google ScholarDigital Library
PwC. 2016. Global Economic Crime Survey 2016: Adjusting the Lens on Economic Crime. Technical Report. PwC. 1--31.Google Scholar
Bradley Reaves, Jasmine Bowers, Sigmund Albert, Gorski Iii, North Carolina, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, and Patrick Traynor. 2016. *Droid: Assessment and evaluation of Android application analysis tools. Comput. Surveys 49, 3 (2016), 1--30. Google ScholarDigital Library
Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler. 2016. Sending out an SMS: Characterizing the security of the SMS ecosystem with public gateways. In Proceedings of the IEEE Symposium on Security and Privacy. 339--356.Google Scholar
Peter Reuter and Edwin M. Truman. 2003. Money laundering: Methods and markets. In Chasing Dirty Money: The Fight Against Money Laundering. Peterson Institute, 25--43.Google Scholar
Rick Holland. 2016. the hacker talent shortage: What organizations can learn from the recruitment efforts of their attackers. Proceedings of the https://www.digitalshadows.com/blog-and-research/the-hacker-talent-shortage-what-organizations-can-learn-from-the-recruitment-efforts-of-their-attackers/.Google Scholar
Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández, and Pedro García-Teodoro. 2013. Survey and taxonomy of botnet research through life-cycle. Comput. Surveys 45, 4 (2013), 1--33. Google ScholarDigital Library
Christian Rossow. 2013. Using Malware Analysis to Evaluate Botnet Resilience. Ph.D. Dissertation. Vrije Universiteit.Google Scholar
RSA Whitepaper. 2016. 2016: Current State of Cybercrime. Technical Report. RSA. 1--7.Google Scholar
Ryan Ellis, Keman Huang, Michael Siegel, Katie Moussouris, and James Houghton. 2017. Fixing a hole: The labor market for bugs. In New Solutions for Cybersecurity, Alex Pentland, Howard Shrobe, and David Shrier (Eds.). MIT Press, 122--147.Google Scholar
Hamid Salim and Stuart Madnick. 2016. Cyber safety: A systems theory approach to managing cyber security risks-applied to TJX cyber attack. Cybersecurity at MIT Sloan, Working Paper, 1--17. http://web.mit.edu/smadnick/www/wp/2016-09.pdf.Google Scholar
Raj Samani and Francois Paget. 2013. Cybercrime Exposed: Cybercrime-as-a-Service. Technical Report. McAfee. 1--18.Google Scholar
Bruce Schneier. 2015. Secrets and Lies: Digital Security in a Networked World. Wiley. Google ScholarDigital Library
Sebastian Schrittwieser, Johannes Kinder, Georg Merzdovnik, Edgar Weippl, and Stefan Katzenbeisser. 2015. Protecting software through obfuscation: Can it keep pace with progress in code analysis? Comput. Surveys 49, 4 (2015), 1--40. Google ScholarDigital Library
E. J. Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit hardening made easy. In Proceedings of the USENIX Security Conference, vol. 8. 25. Google ScholarDigital Library
Offensive Security. 2017. Offensive security training, certifications, and services. Retrieved from https://www.offensive-security.com/.Google Scholar
Securityfocus. 2012. Payload Definition. Retrieved from http://www.securityfocus.com/glossary/P.Google Scholar
Dave Shackleford. 2015. Combatting Cyber Risks in the Supply Chain. Technical Report. SANS Institute, 1--20.Google Scholar
Wanita Sherchan, Surya Nepal, and Cecile Paris. 2013. A survey of trust in social networks. Comput. Surveys 45, 4 (2013), 47--47:33. Google ScholarDigital Library
Sergei Shevchenko. 2016. Two bytes to &dollar;951M. Retrieved from http://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html.Google Scholar
Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SOK: (State of) the art of war: Offensive techniques in binary analysis. In Proceedings of the IEEE Symposium on Security and Privacy. 138--157.Google ScholarCross Ref
Johan Sigholm. 2013. Non-state actors in cyberspace operations. J. Military Studies 4, 1 (2013), 1--37.Google ScholarCross Ref
Aditya K. Sood and Richard J. Enbody. 2013. Crimeware-as-a-service-a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Protect. 6, 1 (2013), 28--38.Google ScholarCross Ref
Aditya K. Sood and Richard J. Enbody. 2013. Targeted cyberattacks: A superset of advanced persistent threats. IEEE Secur. Priv. 11, 1 (2013), 54--61. Google ScholarDigital Library
Kyle Soska, Nicolas Christin, Kyle Soska, and Nicolas Christin. 2015. Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In Proceedings of the 24th USENIX Security Symposium. 33--48. Google ScholarDigital Library
Melvin R. J. Soudijn and Birgit C. H. T. Zegers. 2012. Cybercrime and virtual offender convergence settings. Trends Organ. Crime 15, 2--3 (2012), 111--129.Google ScholarCross Ref
Richard Spinello. 2016. Cyberethics: Morality and Law in Cyberspace. Jones 8 Bartlett Learning.Google Scholar
Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, and Nick Nikiforakis. 2016. No honor among thieves: A large-scale analysis of malicious web shells. In Proceedings of the World Wide Web Conferernce. 1021--1032. Google ScholarDigital Library
Steemit. 2017. theshadowbrokers. Retrieved from https://steemit.com/@theshadowbrokers.Google Scholar
William J. Stevenson. 2012. Operations Management (11th ed.). Tim Vertovec.Google Scholar
Brett Stone-gross, Ryan Abman, Richard A. Kemmerer, Christopher Kruegel, Douglas G. Steigerwald, and Giovanni Vigna. 2013. The underground economy of fake antivirus software. In Economics of Information Security and Privacy III. Springer, New York, 55--78.Google Scholar
Gianluca Stringhini, Oliver Hohlfeld, Christopher Kruegel, and Giovanni Vigna. 2014. The harvester, the botmaster, and the spammer: On the relations between the different actors in the spam landscape. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. 353--364. Google ScholarDigital Library
Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, and Jorge Blasco. 2014. Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families. Expert Syst. Appl. 41, 4, 1 (2014), 1104--1117. Google ScholarDigital Library
Sufatrio, Darell J. J. Tan, Tong-wei Chua, and Vrizlynn L. L. Thing. 2015. Securing Android: A survey, taxonomy, and challenges. Comput. Surveys 47, 4 (2015), 1--45. Google ScholarDigital Library
Kimberly Tam, A. L. I. Feizollah, N. O. R. Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. 2017. The evolution of Android malware and Android analysis techniques. Comput. Surveys 49, 4 (2017), 1--41. Google ScholarDigital Library
Digital Shadows Analyst Team. 2017. Innovation in the underworld: Reducing the risk of ripper fraud. Retrieved from https://www.digitalshadows.com/blog-and-research/innovation-in-the-underworld-reducing-the-risk-of-ripper-fraud.Google Scholar
Vrizlynn L. L. Thing, Henry C. J. Lee, and Morris Sloman. 2005. Traffic redirection attack protection system (TRAPS). In IFIP Advances in Information and Communication Technology, vol. 181. Springer, Boston, 309--325.Google Scholar
Kurt Thomas, Juan Antonio Elices Crespo, Ryan Rasti, Jean-Michel Picod, Damon Mccoy, Lucas Ballard, Elie Bursztein, Moheeb Abu Rajab, and Niels Provos. 2016. Investigating commercial pay-per-install and the distribution of unwanted software. In Proceedings of the 25th USENIX Security Symposium. 721--738. Google ScholarDigital Library
Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, and Dawn Song. 2011. Design and evaluation of a real-time URL spam filtering service. In Proceedings of the IEEE Symposium on Security and Privacy. 447--462. Google ScholarDigital Library
Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, and Giovanni Vigna. 2015. Framing dependencies introduced by underground commoditization. In Proceedings of the Workshop on the Economics of Information Security. 1--24.Google Scholar
Kevin Townsend. 2017. Latest WannaCry theory: Currency manipulation. Retrieved from http://www.securityweek.com/latest-wannacry-theory-currency-manipulation.Google Scholar
Amit Kumar Tyagi and G. Aghila. 2011. A wide scale survey on botnet. Int. J. Comput. Appl. 34, 9 (2011), 975--8887.Google Scholar
Sun Tzu. 2005. The Art of War. Shambhala Publications.Google Scholar
Verizon. 2017. 2017 Data Breach Investigations Report. Technical Report. Verizon.Google Scholar
John Wadleigh, Jake Drew, and Tyler Moore. 2015. The E-commerce market for “lemons”: Identification and analysis of websites selling counterfeit goods. In Proceeddings of the 24th International Conference on World Wide Web. 1188--1197. Google ScholarDigital Library
Wikileaks. 2017. Vault 7: CIA Hacking Tools Revealed. Retrieved from https://wikileaks.org/ciav7p1/.Google Scholar
Eric Wustrow and Benjamin VanderSloot. 2016. DDoSCoin: Cryptocurrency with a malicious proof-of-work. In Proceeddings of the USENIX Workshop on Offensive Technologies. Google ScholarDigital Library
Haitao Xu, Daiping Liu, Haining Wang, and Angelos Stavrou. 2015. E-commerce reputation manipulation: The emergence of reputation-escalation-as-a-service. In Proceedings of the 24th International Conference on World Wide Web. 1296--1306. Google ScholarDigital Library
Michael Yip, Nigel Shadbolt, and Craig Webber. 2013. Why forums?: An empirical analysis into the facilitating factors of carding forums. In Proceedings of the 5th Annual ACM Web Science. 453--462. Google ScholarDigital Library
Kim Zetter. 2014. A Google site meant to protect you is helping hackers attack you. Retrieved from https://www.wired.com/2014/09/how-hackers-use-virustotal/.Google Scholar
Mingyi Zhao, Jens Grossklags, and Peng Liu. 2015. An empirical study of web vulnerability discovery ecosystems. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1105--1117. Google ScholarDigital Library
Ziming Zhao, Mukund Sankaran, Gail Joon Ahn, Thomas J. Holt, Yiming Jing, and Hongxin Hu. 2016. Mules, seals, and attacking tools: Analyzing 12 online marketplaces. IEEE Secur. Priv. 14, 3 (2016), 32--43.Google ScholarDigital Library

Index Terms

Systematically Understanding the Cyber Attack Business: A Survey
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Computing and business
      1. Socio-technical systems

Recommendations

Identify Uncertainty of Cyber Crime and Cyber Laws
CSNT '13: Proceedings of the 2013 International Conference on Communication Systems and Network Technologies

Cyber crime used different new methods in modern era. Cyber crime not well defined. It is very typical to identify new types of cyber crime. Cyber crime is defined in proper and standard manner than easy to make cyber laws. This uncertainty makes ...
Read More
Understanding cyber threats and vulnerabilities
Critical Infrastructure Protection

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ...
Read More
Cyber Attack: The Truth about Digital Crime, Cyber Warfare and Government Snooping
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 51, Issue 4
July 2019
765 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3236632
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2018 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 July 2018
- Revised: 1 March 2018
- Accepted: 1 March 2018
- Received: 1 November 2017
Published in csur Volume 51, Issue 4

Check for updates
Author Tags
Cyber attack business
control point
cyber crime
cyber-crime-as-a-service
hacking innovation
sharing responsibility
value chain model
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 59
  Total Citations
  View Citations
- 12,120
  Total Downloads
- Downloads (Last 12 months)3,323
- Downloads (Last 6 weeks)511
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Systematically Understanding the Cyber Attack Business: A Survey

ACM Computing Surveys

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

Identify Uncertainty of Cyber Crime and Cyber Laws

Understanding cyber threats and vulnerabilities

Cyber Attack: The Truth about Digital Crime, Cyber Warfare and Government Snooping