survey

Open access

Systematically Understanding the Cyber Attack Business: A Survey

Authors:

Michael Siegel,

Stuart MadnickAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 51, Issue 4

Article No.: 70, Pages 1 - 36

https://doi.org/10.1145/3199674

Published: 06 July 2018 Publication History

Abstract

Cyber attacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the cybercrime business, organized using the value chain perspective, to understand cyber attack in a systematic way. Understanding the specialization, commercialization, and cooperation for cyber attacks helps us to identify 24 key value-added activities and their relations. These can be offered “as a service” for use in a cyber attack. This framework helps to understand the cybercriminal service ecosystem and hacking innovations. Finally, a few examples are provided showing how this framework can help to build a more cyber immune system, like targeting cybercrime control-points and assigning defense responsibilities to encourage collaboration.

Supplementary Material

a70-huang-supp.pdf (huang.zip)

Supplemental movie, appendix, image and software files for, Systematically Understanding the Cyber Attack Business: A Survey

Download
1.35 MB

References

[1]

ABC NEWS. 2008. Bad economy helping Web scammers recruit mules. Retrieved from http://abcnews.go.com/Technology/story?id&equal;6428943.

[2]

Lillian Ablon, Martin C. Libicki, and Andrea A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Technical Report. RAND Corporation. 1--85.

[3]

Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick Mcdaniel, and Matthew Smith. 2016. SoK: Lessons learned from Android security research for appified software platforms. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. 433--451.

[4]

Abdullah M. Algarni and Yashwant K. Malaiya. 2014. Software vulnerability markets: Discoverers and buyers. Int. J. Comput., Electr., Automat., Control Info. Eng. 8, 3 (2014), 480--490.

[5]

Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy. 2017. Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service provider networks. In Proceedings of the 2017 IEEE Symposium on Security and Privacy. 805--823.

[6]

Mashael Alsabah and Ian Goldberg. 2014. Performance and security improvements for Tor: A survey. Comput. Surveys 49, 2 (2014), 1--38.

Digital Library

[7]

Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michel J. G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. 2013. Measuring the cost of cybercrime. In The Economics of Information Security and Privacy. Springer-Verlag Berlin Heidelberg 2013, 265--300.

[8]

Thanassis Avgerinos, Sang Kil Cha, Brent Lim, Tze Hao, and David Brumley. 2011. AEG: Automatic exploit generation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium, Vol. 14. 1--18.

[9]

Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and David Brumley. 2017. Your exploit is mine: Automatic shellcode transplant for remote exploits. In Proceedings of the IEEE Symposium on Security and Privacy. 824--839.

[10]

Bradley Barth. 2018. RIG and GrandSoft exploit kits shell out new GandCrab ransomware. Retrieved from www.scmagazine.com/rig-and-grandsoft-exploit-kits-shell-out-new-gandcrab-ransomware/article/740900/.

[11]

Eli Blumenthal and Elizabeth Weise. 2016. Hacked home devices caused massive Internet outage. Retrieved from https://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/.

[12]

Danny Bradbury. 2014. Testing the defences of bulletproof hosting companies. Netw. Secur. 2014, 6 (2014), 8--12.

Digital Library

[13]

Russell Brandom. 2017. An Anonymous group just took down a fifth of the dark web. Retrieved from https://www.theverge.com/2017/2/3/14497992/freedom-hosting-ii-hacked-anonymous-dark-web-tor.

[14]

David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. 2008. Automatic patch-based exploit generation is possible: Techniques and implications. In Proceedings of the IEEE Symposium on Security and Privacy. 143--157.

Digital Library

[15]

Danton Bryans. 2014. Bitcoin and Money Laundering: Mining for an Effective Solution. Vol. 89. Indiana Law Journal, 441--472.

[16]

Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. 2011. Measuring pay-per-install: The commoditization of malware distribution. In Proceeddings of the USENIX Security Symposium. 13:1--13:16.

Digital Library

[17]

Vince D. Calhoun and Tülay Adali. 2009. Feature-based fusion of medical imaging data. IEEE Trans. Info. Technol. Biomed. 13, 5 (2009), 711--720.

Digital Library

[18]

Alejandro Calleja, Juan Tapiador, and Juan Caballero. 2016. A look into 30 years of malware development from a software metrics perspective. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses, Vol. 9854 LNCS. 325--345.

[19]

Davide Canali and Davide Balzarotti. 2013. Behind the scenes of online attacks: An analysis of exploitation behaviors on the web. In Proceedings of the 20th Annual Network 8 Distributed System Security Symposium.

[20]

Onur Catakoglu, Marco Balduzzi, and Davide Balzarotti. 2016. Automatic extraction of indicators of compromise for web applications. In Proceedings of the World Wide Web Conference. 333--343.

Digital Library

[21]

Onur Catakoglu, Marco Balduzzi, and Davide Balzarotti. 2017. Attacks landscape in the dark side of the web. In Proceedings of the ACM Symposium on Applied Computing. 1739--1746.

Digital Library

[22]

New Jersey Cybersecurity 8 Communications Integration Cell. 2016. Exploit kit variants: Neutrino. Retrieved from https://www.cyber.nj.gov/threat-profiles/exploit-kit-variants/neutrino.

[23]

Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, and Insup Lee. 2013. Analyzing and defending against web-based malware. Comput. Surveys 45, 4 (2013), 1--35.

Digital Library

[24]

Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, and Dawn Song. 2011. MACE: Model-inference-assisted concolic exploration for protocol and vulnerability discovery. In Proceedings of the USENIX Security Symposium. 139--154.

Digital Library

[25]

Kim-Kwang Raymond Choo. 2011. The cyber threat landscape: Challenges and future research directions. Comput. Secur. 30, 8 (2011), 719--731.

Digital Library

[26]

Nicolas Christin. 2013. Traveling the silk road: A measurement analysis of a large anonymous online marketplace. In Proceedings of the 22nd International Conference on World Wide Web. 213--224.

Digital Library

[27]

Cuong Xuan Chu, Niket Tandon, and Gerhard Weikum. 2017. Distilling task knowledge from how-to communities. In Proceedings of the World Wide Web Conference. 805--814.

Digital Library

[28]

Cisco. 2016. Cisco 2016 Annual Security Report. Technical Report. Cisco. 1--87.

[29]

David D. Clark. 2012. Control point analysis. In Proceedings of the TRPC Conference. 25. Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract.

[30]

Bernd Conrad and Fatemeh Shirazi. 2014. A survey on Tor and I2P. In Proceedings of the 9th International Conference on Internet Monitoring and Protection. 22--28.

[31]

Contagio. 2015. An Overview of Exploit Packs (Update 25) May 2015. Retrieved from http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html.

[32]

CSIMarket. 2017. CSIMarket return on investment screening. Retrieved from https://csimarket.com/screening/index.php?s&equal;roi.

[33]

Exploit Database. 2017. The exploit database. Retrieved from https://www.exploit-db.com/.

[34]

DEEPDOTWEB. 2018. Updated: List of Dark Net Markets. Retrieved from https://www.deepdotweb.com/2013/10/28/updated-llist-of-hidden-marketplaces-tor-i2p/.

[35]

DEEPWEBADMIN. 2017. Build a black market in dark web only for &dollar;4500; Cybercrime goes PAAS. Retrieved from https://www.deepweb-sites.com/build-black-market-dark-web-4500-cybercrime-goes-paas/.

[36]

Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. Naval Research Lab Washington DC.

[37]

Thomas Donilon, Chair Samuel Palmisano, Keith Alexander, Ana Antón, Ajay Banga, Steven Chabinsky, Patrick Gallagher, Peter Lee, Herbert Lin, Heather Murren, Joseph Sullivan, Maggie Wilderotter, and Kiersten Todt. 2016. Commission on Enhancing National Cybersecurity. Technical Report. NIST, 1--100.

[38]

Benoit Dupont, Anne-Marie Cote, Claire Savine, and David Decary-Hetu. 2016. The ecology of trust among hackers. Global Crime 17, 2 (2016), 129--151.

[39]

Rober M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid. Technical Report. SANS ICS and E-ISAC, 23.

[40]

Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. Comput. Surveys 44, 2 (2012), 1--42.

Digital Library

[41]

Jose Esteves, Elisabete Ramalho, and Guillermo de Haro. 2017. To improve cybersecurity, think like a hacker. MIT Sloan Manage. Rev. 58, 3 (2017), 71--77.

[42]

Adrienne Porter Felt and David Wagner. 2011. Phishing on mobile devices. In Web 2.0 Security and Privacy, Vol. 2. 1--10.

[43]

Kristin M. Finklea and Catherine A. Theohary. 2015. Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement. Technical Report. Congressional Research Service, R42547, 1--27.

[44]

Thomas Fox-Brewster. 2016. Android Gooligan hackers just scored the biggest ever theft of Google accounts. Retrieved from https://www.forbes.com/sites/thomasbrewster/2016/11/30/gooligan-android-malware-1m-google-account-breaches-check-point-finds.

[45]

Thomas Fox-Brewster. 2017. Forget Silk Road, cops just scored their biggest victory against the dark web drug trade. Retrieved from https://www.forbes.com/sites/thomasbrewster/2017/07/20/alphabay-hansa-dark-web-markets-taken-down-in-massive-drug-bust-operation.

[46]

Anonymous France. 2016. Anonymity and privacy first lesson taught on OnionIRC. Retrieved from https://www.anonymous-france.eu/anonymity-and-privacy-first-lesson-taught-on-onionirc.html.

[47]

Jerry Gao, Xiaoying Bai, Wei-Tek Tsai, and Tadahiro Uehara. 2014. Mobile application testing: A tutorial. Computer 47, 2 (2014), 46--55.

Digital Library

[48]

Glen Gibb, Hongyi Zeng, and Nick McKeown. 2012. Outsourcing network functionality. In Proceedings of the ACM Workshop on Hot Topics in Software Defined Networking (HotSDN’12). 73. Retrieved from http://dl.acm.org/citation.cfm?doid&equal;2342441.2342457.

Digital Library

[49]

Misha Glenny. 2011. DarkMarket: Cyberthieves, Cybercops and You. Retrieved from http://books.google.nl/books?id&equal;uxAcuzbyw9YC

[50]

Max Goncharov. 2012. Russian Underground 101. Technical Report. Trend Micro. 1--29.

[51]

Google. 2015. Vulnerability Research Grant Rules. Retrieved from https://www.google.com/about/appsecurity/research-grants/.

[52]

Diana Granger. 2017. Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum. Retrieved from https://www.recordedfuture.com/fatboy-ransomware-analysis/.

[53]

Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence. In Proceedings of the 24th USENIX Security Symposium. 1057--1072.

Digital Library

[54]

Andy Greenberg. 2016. Hackers claim to auction data they stole from NSA-linked spies. Retrieved from https://www.wired.com/2016/08/hackers-claim-auction-data-stolen-nsa-linked-spies/.

[55]

Gustavo Grieco, Guillermo Luis Grinblat, Lucas Uzal, Sanjay Rawat, Josselin Feist, and Laurent Mounier. 2016. Toward large-scale vulnerability discovery using machine learning. In Proceedings of the ACM Conference on Data and Application Security and Privacy. 85--96.

Digital Library

[56]

Felix Gröbert, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Software distribution as a malware infection vector. In Proceedings of the International Conference for Internet Technology and Secured Transactions. 1--6.

[57]

Chen Hajaj, Noam Hazon, and David Sarne. 2017. Enhancing comparison shopping agents through ordering and gradual information disclosure. Auton. Agents Multi-Agent Syst. 31, 3 (2017), 696--714.

Digital Library

[58]

Ashley Harris. 2016. Cyber Ethics: An assessment of government and private industry. Ph.D. Dissertation. Utica College.

[59]

Andreas Haslebacher, Jeremiah Onaolapo, and Gianluca Stringhini. 2016. All your cards are belong to us: Understanding online carding forums. CoRR abs/1607.00117 vol. 1. Retrieved from http://arxiv.org/abs/1607.00117.

[60]

Ryan Heartfield and George Loukas. 2015. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. Comput. Surveys 48, 3 (2015), 1--39.

Digital Library

[61]

Cormac Herley and Dinei Florêncio. 2010. Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In Economics of Information Security and Privacy. Springer Science+Business Media, LLC, 33--53.

[62]

Alex Hern. 2015. Hacking Team hacked: Firm sold spying tools to repressive regimes, documents claim. Retrieved from https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim.

[63]

Thomas J. Holt. 2017. Identifying gaps in the research literature on illicit markets on-line. Global Crime 18, 1 (2017), 1--10.

[64]

Thomas J. Holt, Deborah Strumsky, Olga Smirnova, and Max Kilger. 2012. Examining the social networks of malware writers and hackers. Int. J. Cyber Criminol. 6, 1 (2012), 891--903.

[65]

Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C. Freiling. 2008. Measuring and detecting fast-flux service networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS’08). 24--31.

[66]

Jason Hong. 2012. The current state of phishing attacks. Commun. ACM 55, 1 (2012), 74--81.

Digital Library

[67]

Danny Yuxing Huang, Doug Grundman, Kurt Thomas, Abhishek Kumar, Elie Bursztein, Kirill Levchenko, and Alex C. Snoeren. 2017. Pinning down abuse on google maps. In Proceedings of the 26th International World Wide Web Conference. 1471--1479.

Digital Library

[68]

Keman Huang, Jinjing Han, Shizhan Chen, and Zhiyong Feng. 2016. A skewness-based framework for mobile app permission recommendation and risk evaluation. In Proceedings of the International Conference on Service-Oriented Computing. 252--266.

[69]

Keman Huang, Michael Siegel, Stuart Madnick, Xiaohong Li, and Zhiyong Feng. 2016. Diversity or concentration? Hackers’ strategy for working across multiple bug bounty programs. In Proceedings of the IEEE Symposium on Security and Privacy. 2.

[70]

Keman Huang, Jia Zhang, Wei Tan, and Zhiyong Feng. 2017. Shifting to mobile: Network-based empirical study of mobile vulnerability market. IEEE Trans. Services Comput. 99 (2017), 1--14.

[71]

Inj3ct0r. 2018. Oday.today. Retrieved from https://0day.today.

[72]

Steven K. 2011. Tracking cyber crime: scan4you.net (Private AV Checker). Retrieved from http://www.xylibox.com/2011/10/scan4younet-private-av-checker.html.

[73]

Vitaly Kamluk and Alexander Gostev. 2016. Adwind-a Cross Platform RAT. Technical Report. Kaspersky.

[74]

Karthik Kannan, Mohammad S. Rahman, and Mohit Tawarmalani. 2016. Economic and policy implications of restricted patch distribution. Manage. Sci. 62, 11 (2016), 3161--3182.

Digital Library

[75]

Mohammad Karami, Youngsam Park, and Damon McCoy. 2016. Stress testing the booters: Understanding and undermining the business of DDoS services. In Proceedings of the 25th International Conference on World Wide Web. 1033--1043.

Digital Library

[76]

Limor Kessem. 2015. The return of Ramnit: Life after a law enforcement takedown. Retrieved from https://securityintelligence.com/the-return-of-ramnit-life-after-a-law-enforcement-takedown/.

[77]

Swati Khandelwal. 2017. Shadow brokers, who leaked WannaCry SMB exploit, are back with more 0-days. Retrieved from http://thehackernews.com/2017/05/shodow-brokers-wannacry-hacking.html.

[78]

Maria Konte and Nick Feamster. 2015. ASwatch: An AS reputation system to expose bulletproof hosting ASes. In Proceedings of the SIGCOMM Conference on Communications Architecture 8 Protocols (SIGCOMM’15). 625--638.

Digital Library

[79]

Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. 2016. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. 839--858.

[80]

Brian Krebs. 2016. Money mule gangs turn to Bitcoin ATMs. Retrieved from https://krebsonsecurity.com/2016/09/money-mule-gangs-turn-to-bitcoin-atms/.

[81]

Nir Kshetri. 2006. The simple economics of cybercrimes. IEEE Secur. Priv. 4, 1 (2006), 33--39.

Digital Library

[82]

Dana Lahat, Tulay Adali, and Christian Jutten. 2015. Multimodal data fusion: An overview of methods, challenges, and prospects. Proc. IEEE 103, 9 (2015), 1449--1477.

[83]

Angel Lagares Lemos, Florian Daniel, and Boualem Benatallah. 2015. Web service composition: A survey of techniques and tools. Comput. Surveys 48, 3 (2015), 1--41.

Digital Library

[84]

E. R. Leukfeldt. 2014. Cybercrime and social ties: Phishing in amsterdam. Trends Organ. Crime 17, 4 (2014), 231--249.

[85]

Rutger Leukfeldt. 2015. Organised cybercrime and social opportunity structures: A proposal for future research directions. Eur. Rev. Organ. Crime 2, 2 (2015), 91--103.

[86]

Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark FelegyhaziGrier, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage. 2011. Click trajectories: End-to-end analysis of the spam value chain. In Proceedings of the IEEE Symposium on Security and Privacy. 431--446.

Digital Library

[87]

Weifeng Li, Hsinchun Chen, and Jay F. Nunamaker Jr. 2017. Identifying and profiling key sellers in cyber carding community : AZSecure text mining system. J. Manage. Info. Syst. 33, 4 (2017), 1059--1086.

[88]

Xiaojing Liao, Damon Mccoy, and Elaine Shi. 2016. Characterizing long-tail SEO spam on cloud web hosting services. In Proceedings of the World Wide Web Conference. 321--332.

Digital Library

[89]

Vincent Loy, Kyra Mattar, Tan Shong Ye, Bahgya Perera, Jimmy Sng, and Maggie Leong. 2015. Reclaiming Cybersecurity: The Global State of Information Security Survey 2016. Technical Report. PwC. 1--8.

[90]

Yong Lu, Xin Luo, Michael Polgar, and Yuanyuan Cao. 2010. Social network analysis of a criminal hacker community. J. Comput. Infor. Syst. 51, 2 (2010), 31.

[91]

Robert Luh, Stefan Marschalek, Manfred Kaiser, Helge Janicke, and Sebastian Schrittwieser. 2017. Semantics-aware detection of targeted attacks: A survey. J. Comput. Virol. Hack. Techn. 13, 1 (2017), 47--85.

[92]

Stuart Madnick. 2016. Dark Web: Hackers trump good guys in sharing information. (2016).

[93]

Stuart Madnick. 2017. Preparing for the cyberattack that will knock out U.S. power grids. Harvard Bus.s Rev. (2017), 5. https://hbr.org/2017/05/preparing-for-the-cyberattack-that-will-knock-out-u-s-power-grids.

[94]

Stuart Madnick. 2017. What executives get wrong about cybersecurity. Sloan Manage. Rev. January (2017), 22--24.

[95]

Thomas Maillart, Mingyi Zhao, Jens Grossklags, and John Chuang. 2016. Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs. In Proceedings of the Workshop on the Economics of Information Security (WEIS’16). 1--19.

[96]

MalwareTech. 2017. How to accidentally stop a global cyber attack. Retrieved from https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html.

[97]

Derek Manky. 2013. Cybercrime as a service: A very modern business. Comput. Fraud Secur. 6 (2013), 9--13.

[98]

Steve Mansfield-Devine. 2016. The imitation game: How business email compromise scams are robbing organisations. Comput. Fraud Secur. 11 (2016), 5--10.

[99]

Etay Maor. 2013. No money mule, no problem: Recruitment website kits for sale. Retrieved from https://securityintelligence.com/money-mule-problem-recruitment-website-kits-sale/.

[100]

Max Goncharov. 2015. Criminal Hideouts for Lease: Bulletproof Hosting Services. Technical Report. Trend Micro. 28 pages.

[101]

Inc. McAfee. 2016. McAfee Labs 2017 Threats Predictions. Technical Report. McAfee. 1--51.

[102]

Michael McCaul. 2017. The war in cyberspace: Why we are losing—How to fight back. Retrieved from https://www.rsaconference.com/videos/the-war-in-cyberspace-why-we-are-losing-and-how-to-fight-back.

[103]

Damon Mccoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. 2008. Shining light in dark places: Understanding the Tor network. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. 63--76.

Digital Library

[104]

Michael McGuire. 2012. Organised Crime in the Digital Age. Technical Report. London: John Grieve Centre for Policing and Security.

[105]

McKinsey 8 Company. 2015. A Labor Market That Works : Connecting Talent With Opportunity in the Digital Age. Technical Report. McKinsey 8 Company. 88.

[106]

William Melicher, Blase Ur, Sean M Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the Usenix Security Conference. 239.

Digital Library

[107]

Max Metzger. 2016. Snapchat got whaled, employee payroll released. Retrieved from https://www.scmagazineuk.com/snapchat-got-whaled-employee-payroll-released/article/530493/.

[108]

Tyler Moore. 2010. Introducing the economics of cybersecurity: Principles and policy options. In Proceedings of the Workshop on Deterring Cyberattacks: Informing Strategis and DEveloping Options for U.S. Policy. 3--23.

[109]

Steve Morgan. 2016. Hackerpocalypse : A Cybercrime Revelation. Technical Report. Cybersecurity Ventures. 1--24.

[110]

Robert S. Mueller III. 2012. Combating threats in the cyber world: Outsmarting terrorists, hackers, and spies. Retrieved from https://archives.fbi.gov/archives/news/speeches/combating-threats-in-the-cyber-world-outsmarting-terrorists-hackers-and-spies.

[111]

Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Bitcoin.org. https://bitcoin.org/bitcoin.pdf.

[112]

Marcin Nawrocki, Matthias Wählisch, Thomas C. Schmidt, Christian Keil, and Jochen Schönfelder. 2016. A survey on honeypot software and data analysis. eprint arXiv:1608.06249 (2016), 1--38.

[113]

Arash Nourian and Stuart Madnick. 2015. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet. IEEE Trans. Depend. Secure Comput.99 (2015), 20.

[114]

NTTSecurity. 2016. SERT Quarterly Threat Report Q2 2016. Technical Report. NTTSecurity.

[115]

G. Odinot, M. A. Verhoeven, R. L. D. Pool, and C. J. de Poot. 2017. Organised Cybercrime in the Netherlands. Technical Report. The WODC (Research and Documentation Centre) of the Ministry of Security and Justice, 1--87.

[116]

Philip O’Kane, Sakir Sezer, and Kieran McLaughlin. 2011. Obfuscation: The hidden malware.IEEE Secur. Priv. 9, 5 (2011), 41--47.

Digital Library

[117]

Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini. 2016. What happens after you are Pwnd: Understanding the use of leaked account credentials in the wild. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference. 1--15.

Digital Library

[118]

Hilarie Orman. 2013. The compleat story of phish. IEEE Internet Comput. 17, 1 (2013), 87--91.

Digital Library

[119]

Andy Ozment. 2004. Bug auctions: Vulnerability markets reconsidered. In Proceedings of the Workshop on Economics of Information Security (WEIS’04). 1--23.

[120]

Pierluigi Paganini. 2016. Ran&dollar;umBin a dark web service dedicated to ransomware. Retrieved from http://securityaffairs.co/wordpress/46770/breaking-news/46770.html.

[121]

N. Pavkovic and L. Perkov. 2011. Social engineering toolkit—A systematic approach to social engineering. In Proceedings of the 34th International Convention on Information and Communication Technology, Electronics and Microelectronics. 1485--1489.

[122]

Michael Porter. 1985. Competitive Advantage: Creating and Sustaining Superior Performance. The Free Press.

[123]

Rebecca S. Portnoff, Sadia Afroz, Greg Durrett, Jonathan K. Kummerfeld, Taylor Berg-Kirkpatrick, Damon Mccoy, and Vern Paxson. 2017. Tools for automated analysis of cybercriminal markets. In Proceedings of the World Wide Web Conference. 657--666.

Digital Library

[124]

PwC. 2016. Global Economic Crime Survey 2016: Adjusting the Lens on Economic Crime. Technical Report. PwC. 1--31.

[125]

Bradley Reaves, Jasmine Bowers, Sigmund Albert, Gorski Iii, North Carolina, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, and Patrick Traynor. 2016. *Droid: Assessment and evaluation of Android application analysis tools. Comput. Surveys 49, 3 (2016), 1--30.

Digital Library

[126]

Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin R. B. Butler. 2016. Sending out an SMS: Characterizing the security of the SMS ecosystem with public gateways. In Proceedings of the IEEE Symposium on Security and Privacy. 339--356.

[127]

Peter Reuter and Edwin M. Truman. 2003. Money laundering: Methods and markets. In Chasing Dirty Money: The Fight Against Money Laundering. Peterson Institute, 25--43.

[128]

Rick Holland. 2016. the hacker talent shortage: What organizations can learn from the recruitment efforts of their attackers. Proceedings of the https://www.digitalshadows.com/blog-and-research/the-hacker-talent-shortage-what-organizations-can-learn-from-the-recruitment-efforts-of-their-attackers/.

[129]

Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández, and Pedro García-Teodoro. 2013. Survey and taxonomy of botnet research through life-cycle. Comput. Surveys 45, 4 (2013), 1--33.

Digital Library

[130]

Christian Rossow. 2013. Using Malware Analysis to Evaluate Botnet Resilience. Ph.D. Dissertation. Vrije Universiteit.

[131]

RSA Whitepaper. 2016. 2016: Current State of Cybercrime. Technical Report. RSA. 1--7.

[132]

Ryan Ellis, Keman Huang, Michael Siegel, Katie Moussouris, and James Houghton. 2017. Fixing a hole: The labor market for bugs. In New Solutions for Cybersecurity, Alex Pentland, Howard Shrobe, and David Shrier (Eds.). MIT Press, 122--147.

[133]

Hamid Salim and Stuart Madnick. 2016. Cyber safety: A systems theory approach to managing cyber security risks-applied to TJX cyber attack. Cybersecurity at MIT Sloan, Working Paper, 1--17. http://web.mit.edu/smadnick/www/wp/2016-09.pdf.

[134]

Raj Samani and Francois Paget. 2013. Cybercrime Exposed: Cybercrime-as-a-Service. Technical Report. McAfee. 1--18.

[135]

Bruce Schneier. 2015. Secrets and Lies: Digital Security in a Networked World. Wiley.

Digital Library

[136]

Sebastian Schrittwieser, Johannes Kinder, Georg Merzdovnik, Edgar Weippl, and Stefan Katzenbeisser. 2015. Protecting software through obfuscation: Can it keep pace with progress in code analysis? Comput. Surveys 49, 4 (2015), 1--40.

Digital Library

[137]

E. J. Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit hardening made easy. In Proceedings of the USENIX Security Conference, vol. 8. 25.

Digital Library

[138]

Offensive Security. 2017. Offensive security training, certifications, and services. Retrieved from https://www.offensive-security.com/.

[139]

Securityfocus. 2012. Payload Definition. Retrieved from http://www.securityfocus.com/glossary/P.

[140]

Dave Shackleford. 2015. Combatting Cyber Risks in the Supply Chain. Technical Report. SANS Institute, 1--20.

[141]

Wanita Sherchan, Surya Nepal, and Cecile Paris. 2013. A survey of trust in social networks. Comput. Surveys 45, 4 (2013), 47--47:33.

Digital Library

[142]

Sergei Shevchenko. 2016. Two bytes to &dollar;951M. Retrieved from http://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html.

[143]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SOK: (State of) the art of war: Offensive techniques in binary analysis. In Proceedings of the IEEE Symposium on Security and Privacy. 138--157.

[144]

Johan Sigholm. 2013. Non-state actors in cyberspace operations. J. Military Studies 4, 1 (2013), 1--37.

[145]

Aditya K. Sood and Richard J. Enbody. 2013. Crimeware-as-a-service-a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Protect. 6, 1 (2013), 28--38.

[146]

Aditya K. Sood and Richard J. Enbody. 2013. Targeted cyberattacks: A superset of advanced persistent threats. IEEE Secur. Priv. 11, 1 (2013), 54--61.

Digital Library

[147]

Kyle Soska, Nicolas Christin, Kyle Soska, and Nicolas Christin. 2015. Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In Proceedings of the 24th USENIX Security Symposium. 33--48.

Digital Library

[148]

Melvin R. J. Soudijn and Birgit C. H. T. Zegers. 2012. Cybercrime and virtual offender convergence settings. Trends Organ. Crime 15, 2--3 (2012), 111--129.

[149]

Richard Spinello. 2016. Cyberethics: Morality and Law in Cyberspace. Jones 8 Bartlett Learning.

[150]

Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, and Nick Nikiforakis. 2016. No honor among thieves: A large-scale analysis of malicious web shells. In Proceedings of the World Wide Web Conferernce. 1021--1032.

Digital Library

[151]

Steemit. 2017. theshadowbrokers. Retrieved from https://steemit.com/@theshadowbrokers.

[152]

William J. Stevenson. 2012. Operations Management (11th ed.). Tim Vertovec.

[153]

Brett Stone-gross, Ryan Abman, Richard A. Kemmerer, Christopher Kruegel, Douglas G. Steigerwald, and Giovanni Vigna. 2013. The underground economy of fake antivirus software. In Economics of Information Security and Privacy III. Springer, New York, 55--78.

[154]

Gianluca Stringhini, Oliver Hohlfeld, Christopher Kruegel, and Giovanni Vigna. 2014. The harvester, the botmaster, and the spammer: On the relations between the different actors in the spam landscape. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. 353--364.

Digital Library

[155]

Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, and Jorge Blasco. 2014. Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families. Expert Syst. Appl. 41, 4, 1 (2014), 1104--1117.

Digital Library

[156]

Sufatrio, Darell J. J. Tan, Tong-wei Chua, and Vrizlynn L. L. Thing. 2015. Securing Android: A survey, taxonomy, and challenges. Comput. Surveys 47, 4 (2015), 1--45.

Digital Library

[157]

Kimberly Tam, A. L. I. Feizollah, N. O. R. Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. 2017. The evolution of Android malware and Android analysis techniques. Comput. Surveys 49, 4 (2017), 1--41.

Digital Library

[158]

Digital Shadows Analyst Team. 2017. Innovation in the underworld: Reducing the risk of ripper fraud. Retrieved from https://www.digitalshadows.com/blog-and-research/innovation-in-the-underworld-reducing-the-risk-of-ripper-fraud.

[159]

Vrizlynn L. L. Thing, Henry C. J. Lee, and Morris Sloman. 2005. Traffic redirection attack protection system (TRAPS). In IFIP Advances in Information and Communication Technology, vol. 181. Springer, Boston, 309--325.

[160]

Kurt Thomas, Juan Antonio Elices Crespo, Ryan Rasti, Jean-Michel Picod, Damon Mccoy, Lucas Ballard, Elie Bursztein, Moheeb Abu Rajab, and Niels Provos. 2016. Investigating commercial pay-per-install and the distribution of unwanted software. In Proceedings of the 25th USENIX Security Symposium. 721--738.

Digital Library

[161]

Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, and Dawn Song. 2011. Design and evaluation of a real-time URL spam filtering service. In Proceedings of the IEEE Symposium on Security and Privacy. 447--462.

Digital Library

[162]

Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, and Giovanni Vigna. 2015. Framing dependencies introduced by underground commoditization. In Proceedings of the Workshop on the Economics of Information Security. 1--24.

[163]

Kevin Townsend. 2017. Latest WannaCry theory: Currency manipulation. Retrieved from http://www.securityweek.com/latest-wannacry-theory-currency-manipulation.

[164]

Amit Kumar Tyagi and G. Aghila. 2011. A wide scale survey on botnet. Int. J. Comput. Appl. 34, 9 (2011), 975--8887.

[165]

Sun Tzu. 2005. The Art of War. Shambhala Publications.

[166]

Verizon. 2017. 2017 Data Breach Investigations Report. Technical Report. Verizon.

[167]

John Wadleigh, Jake Drew, and Tyler Moore. 2015. The E-commerce market for “lemons”: Identification and analysis of websites selling counterfeit goods. In Proceeddings of the 24th International Conference on World Wide Web. 1188--1197.

Digital Library

[168]

Wikileaks. 2017. Vault 7: CIA Hacking Tools Revealed. Retrieved from https://wikileaks.org/ciav7p1/.

[169]

Eric Wustrow and Benjamin VanderSloot. 2016. DDoSCoin: Cryptocurrency with a malicious proof-of-work. In Proceeddings of the USENIX Workshop on Offensive Technologies.

Digital Library

[170]

Haitao Xu, Daiping Liu, Haining Wang, and Angelos Stavrou. 2015. E-commerce reputation manipulation: The emergence of reputation-escalation-as-a-service. In Proceedings of the 24th International Conference on World Wide Web. 1296--1306.

Digital Library

[171]

Michael Yip, Nigel Shadbolt, and Craig Webber. 2013. Why forums?: An empirical analysis into the facilitating factors of carding forums. In Proceedings of the 5th Annual ACM Web Science. 453--462.

Digital Library

[172]

Kim Zetter. 2014. A Google site meant to protect you is helping hackers attack you. Retrieved from https://www.wired.com/2014/09/how-hackers-use-virustotal/.

[173]

Mingyi Zhao, Jens Grossklags, and Peng Liu. 2015. An empirical study of web vulnerability discovery ecosystems. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1105--1117.

Digital Library

[174]

Ziming Zhao, Mukund Sankaran, Gail Joon Ahn, Thomas J. Holt, Yiming Jing, and Hongxin Hu. 2016. Mules, seals, and attacking tools: Analyzing 12 online marketplaces. IEEE Secur. Priv. 14, 3 (2016), 32--43.

Digital Library

Cited By

Shah IJhanjhi NRay S(2024)Artificial Intelligence Applications in the Context of the Security Framework for the Logistics IndustryAdvances in Explainable AI Applications for Smart Cities10.4018/978-1-6684-6361-1.ch011(297-316)Online publication date: 18-Jan-2024
https://doi.org/10.4018/978-1-6684-6361-1.ch011
Adel ANorouzifard M(2024)Weaponization of the Growing Cybercrimes inside the Dark Net: The Question of Detection and ApplicationBig Data and Cognitive Computing10.3390/bdcc80800918:8(91)Online publication date: 14-Aug-2024
https://doi.org/10.3390/bdcc8080091
Pan ZChi RHou Z(2024)Distributed Model-Free Adaptive Predictive Control for MIMO Multi-Agent Systems With Deception AttackIEEE Transactions on Signal and Information Processing over Networks10.1109/TSIPN.2023.334699410(32-47)Online publication date: 2024
https://doi.org/10.1109/TSIPN.2023.3346994
Show More Cited By

Index Terms

Systematically Understanding the Cyber Attack Business: A Survey
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Computing and business
      1. Socio-technical systems

Recommendations

Identify Uncertainty of Cyber Crime and Cyber Laws
CSNT '13: Proceedings of the 2013 International Conference on Communication Systems and Network Technologies

Cyber crime used different new methods in modern era. Cyber crime not well defined. It is very typical to identify new types of cyber crime. Cyber crime is defined in proper and standard manner than easy to make cyber laws. This uncertainty makes ...
Understanding cyber threats and vulnerabilities
Critical Infrastructure Protection

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ...
Cyber Attack: The Truth about Digital Crime, Cyber Warfare and Government Snooping

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 51, Issue 4

July 2019

765 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3236632

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611

Issue’s Table of Contents

Copyright © 2018 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 July 2018

Accepted: 01 March 2018

Revised: 01 March 2018

Received: 01 November 2017

Published in CSUR Volume 51, Issue 4

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

Cybersecurity at MIT Sloan
National Natural Science Foundation of China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

63
Total Citations
View Citations
13,241
Total Downloads

Downloads (Last 12 months)3,666
Downloads (Last 6 weeks)466

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shah IJhanjhi NRay S(2024)Artificial Intelligence Applications in the Context of the Security Framework for the Logistics IndustryAdvances in Explainable AI Applications for Smart Cities10.4018/978-1-6684-6361-1.ch011(297-316)Online publication date: 18-Jan-2024
https://doi.org/10.4018/978-1-6684-6361-1.ch011
Adel ANorouzifard M(2024)Weaponization of the Growing Cybercrimes inside the Dark Net: The Question of Detection and ApplicationBig Data and Cognitive Computing10.3390/bdcc80800918:8(91)Online publication date: 14-Aug-2024
https://doi.org/10.3390/bdcc8080091
Pan ZChi RHou Z(2024)Distributed Model-Free Adaptive Predictive Control for MIMO Multi-Agent Systems With Deception AttackIEEE Transactions on Signal and Information Processing over Networks10.1109/TSIPN.2023.334699410(32-47)Online publication date: 2024
https://doi.org/10.1109/TSIPN.2023.3346994
Longtchi TRodriguez RAl-Shawaf LAtyabi AXu S(2024)Internet-Based Social Engineering Psychology, Attacks, and Defenses: A SurveyProceedings of the IEEE10.1109/JPROC.2024.3379855112:3(210-246)Online publication date: Mar-2024
https://doi.org/10.1109/JPROC.2024.3379855
Rosso MAllodi LZambon EHartog J(2024)A Methodology to Measure the “Cost” of CPS Attacks: Not all CPS Networks are Created Equal2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00019(112-129)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00019
Logie KMaras M(2024)Doxing: how a darknet shop created the blackmail as a service business modelJournal of Aggression, Conflict and Peace Research10.1108/JACPR-04-2024-0894Online publication date: 29-Jul-2024
https://doi.org/10.1108/JACPR-04-2024-0894
Javaheri DFahmideh MChizari HLalbakhsh PHur J(2024)Cybersecurity threats in FinTechExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.122697241:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.122697
Meurs TCartwright ECartwright AJunger MAbhishta A(2024)Deception in double extortion ransomware attacks: An analysis of profitability and credibilityComputers & Security10.1016/j.cose.2023.103670138(103670)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2023.103670
Barik KMisra SMishra BMaathuis CChockalingama S(2024)Cyber Resilience for SDG Towards the Digitization: An Imperial StudyArtificial Intelligence of Things for Achieving Sustainable Development Goals10.1007/978-3-031-53433-1_18(361-388)Online publication date: 9-Mar-2024
https://doi.org/10.1007/978-3-031-53433-1_18
Mateo-Casalí MFraile FAlarcón FCubero D(2024)Interoperable Algorithms as Microservices for Zero-Defects Manufacturing: A Containerization Strategy and Workload Distribution Model ProposalEnterprise Interoperability X10.1007/978-3-031-24771-2_19(219-228)Online publication date: 21-Mar-2024
https://doi.org/10.1007/978-3-031-24771-2_19
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents