This module of the course on Cybercrime, Cyberespionage and Cyberconflicts introduces the topic of cybercrime. It first provides an overview of the abuse ecosystem focusing on the main cybercrime activities (spamvertised products, ransomware, identity theft, carding and banking fraud). It then explores the supply chains that facilitate cybercrime and the commoditization of the key products (accounts, hosting, distribution, traffic, botnets, coding and crypters, etc.). The module concludes with some walkthroughs on representative marketplaces and forums.
Learning Outcomes
- Know the different types of cybercrime activities.
- Understand the commoditization of capabilities and services tailored to the cybercrime ecosystem.
- Know the different types of services available in the cybercriminal undergound, the role they play in the supply chain, and their prices/pricing models.
- What is Cybercrime
- The Underground Economy of Cybercrime
- K. Thomas, D. Yuxing Huang, D. Y. Wang, E. Bursztein, C. Grier, T. Holt, C. Kruegel, D. McCoy, S. Savage, G. Vigna. Framing Dependencies Introduced by Underground Commoditization. WEIS 2015.
- K. Huang, M. Siegel, and S. Madnick. Systematically Understanding the Cyber Attack Business: A Survey. ACM Computing Surveys, Vol. 51, Issue 4 September 2018, pp. 1–36.
- Microsoft Defender Threat Intelligence & Microsoft Threat Intelligence Center (MSTIC) , Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself, 2022.
- Marketplaces
- No mandatory reading
- Intervention
- Larry G. Wlosinski. Cybersecurity Takedowns. 15 November 2019.
The slides used in class for this module are available here.
The list of questions for this module are available here.
- Cybercrime conceptualization:
- K. Phillips, J.C. Davidson, R.R. Farr, C. Burkhardt, S. Caneppele, and M.P. Aiken, Conceptualizing Cybercrime: Definitions, Typologies and Taxonomies, Forensic Sciences 2022, 2(2), 379-398.
- Threat landscape:
- ENISA. Threat Landscape.
- Magno Logan, Erika Mendoza, Ryan Maglaque, and Nikko Tamaña. The State of Ransomware: 2020's Catch-22. Trend Micro. February 03, 2021.
- Identity theft:
- Krebs on Security. How Much Is Your Identity Worth?, November 8, 2011
- Krebs on Security. Confessions of an ID Theft Kingpin, Part I. August 26, 2020.
- Krebs on Security. Confessions of an ID Theft Kingpin, Part II. August 27, 2020.
- K. Tomas et al. Data breaches, phishing, or malware? Understanding the risks of stolen credentials. CCS 2017.
- Ransomware:
- UK NCSC and NCA. Ransomware, extortion and the cyber crime ecosystem. September 11, 2023.
- Josh Highet. Ransomwatch.
- Botnets:
- Mark Bowden. The Worm That Nearly Ate the Internet. New York Times. June 29, 2019.
- Operation Tovar. Wikipedia.
- M. Antonakakis et al. Understanding the Mirai Botnet. USENIX Security 2017.
- Stealers:
- Quentin Bourgue, Livia Tibirna and Sekoia TDR. Traffers: a deep dive into the information stealer ecosystem. August 29, 2022
- Hosting infrastructure:
- Vladimir Kropotov, Robert McArdle, and Fyodor Yarochkin. The Hacker Infrastructure and Underground Hosting: Services Used by Criminals. Trend Micro. September 01, 2020.
- Brian Krebs. Stark Industries Solutions: An Iron Hammer in the Cloud. Krebs on Security. May 23, 2024.
- Residential proxies:
- X. Mi, X. Feng, X. Liao, B. Liu, X. Wang, F. Qian, Z. Li, S. Alrwais, L. Sun, and Y. Liu. Resident Evil: Understanding Residential IP Proxy as a Dark Service, IEEE Symposium on Security and Privacy, 2019.
- Click fraud:
- Martin Laine. How a Russian Mobile App Developer Recruited Phones into a Secret Ad-Watching Robot Army. OCCRP, 9 September 2021.
- Phone scams:
- Jim Browning. Spying on the Scammers [Parts 1-4]. Mar 2, 2020.
- Cybercrime supply chains:
- R. Bhalerao, M. Aliapoulios, I. Shumailov, S. Afroz, D. McCoy. Mapping the Underground: Supervised Discovery of Cybercrime Supply Chains, eCrime 2019.
- J. Inclan. Emotet Exposed: A Look Inside the Cybercriminal Supply Chain, VMware Security Blog, October 2022.
- WithSecure. The Professionalization of Cyber Crime, 2023.
- Mercenary groups / Hack-4-hire:
- Google Threat Analysis Group (TAG). Countering hack-for-hire groups. Jun 30, 2022.
- Reuters. How mercenary hackers sway litigation battles. June 30, 2022.