Systematically Understanding the Cyber Attack Business

Cyber attacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the cybercrime business, organized using the value chain perspective, to understand cyber attack in a systematic way. Understanding the specialization, commercialization, and cooperation for cyber attacks helps us to identify 24 key value-added activities and their relations. These can be offered “as a service” for use in a cyber attack. This framework helps to understand the cybercriminal service ecosystem and hacking innovations. Finally, a few examples are provided showing how this framework can help to build a more cyber immune system, like targeting cybercrime control-points and assigning defense responsibilities to encourage collaboration.

[1]  Vrizlynn L. L. Thing,et al.  Securing Android , 2015, ACM Comput. Surv..

[2]  Yashwant K. Malaiya,et al.  Software Vulnerability Markets: Discoverers and Buyers , 2014 .

[3]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[4]  William J. Stevenson,et al.  Operations Management , 2011 .

[5]  Cécile Paris,et al.  A survey of trust in social networks , 2013, CSUR.

[6]  A. Porter Phishing on Mobile Devices , 2011 .

[7]  Thorsten Holz,et al.  No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells , 2016, WWW.

[8]  Jason Livingood,et al.  Recommendations for the Remediation of Bots in ISP Networks , 2012, RFC.

[9]  Martin C. Libicki,et al.  Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar , 2014 .

[10]  Juan E. Tapiador,et al.  Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families , 2014, Expert Syst. Appl..

[11]  Insup Lee,et al.  Analyzing and defending against web-based malware , 2013, CSUR.

[12]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[13]  Richard Dobbs,et al.  A labor market that works: connecting talent with opportunity in the digital age , 2015 .

[14]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[15]  Nicolas Christin,et al.  Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[16]  Ashley Harris Cyber ethics: Assessment on government and the private industry , 2016 .

[17]  Richard J. Enbody,et al.  Crimeware-as-a-service - A survey of commoditized crimeware in the underground market , 2013, Int. J. Crit. Infrastructure Prot..

[18]  Alex C. Snoeren,et al.  Pinning Down Abuse on Google Maps , 2017, WWW.

[19]  Johannes M. Bauer,et al.  The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data , 2010, WEIS.

[20]  M. Soudijn,et al.  Cybercrime and virtual offender convergence settings , 2012, Trends in Organized Crime.

[21]  Kumar Amit,et al.  A Wide Scale Survey on Botnet , 2011 .

[22]  Danton Bryans,et al.  Bitcoin and Money Laundering: Mining for an Effective Solution , 2013 .

[23]  G. Odinot,et al.  Organised Cybercrime in the Netherlands , 2017 .

[24]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[25]  Cormac Herley,et al.  Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy , 2009, WEIS.

[26]  Marco Balduzzi,et al.  Automatic Extraction of Indicators of Compromise for Web Applications , 2016, WWW.

[27]  Fabio Massacci,et al.  Then and Now: On the Maturity of the Cybercrime Markets The Lesson That Black-Hat Marketeers Learned , 2016, IEEE Transactions on Emerging Topics in Computing.

[28]  C. Rossow,et al.  Using Malware Analysis to Evaluate Botnet Resilience , 2013 .

[29]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[30]  Fatemeh Shirazi,et al.  A Survey on Tor and I2P , 2014 .

[31]  Jens Grossklags,et al.  Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs , 2016, J. Cybersecur..

[32]  Leyla Bilge,et al.  Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence , 2015, USENIX Security Symposium.

[33]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[34]  RYAN HEARTFIELD,et al.  A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks , 2015, ACM Comput. Surv..

[35]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[36]  Wei-Tek Tsai,et al.  Mobile Application Testing: A Tutorial , 2014, Computer.

[37]  Catherine A. Theohary,et al.  Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement , 2012 .

[38]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[39]  Nicolas Christin,et al.  Sweetening android lemon markets: measuring and combating malware in application marketplaces , 2013, CODASPY '13.

[40]  Yong Lu,et al.  Social Network Analysis of a Criminal Hacker Community , 2010, J. Comput. Inf. Syst..

[41]  Derek Manky,et al.  Cybercrime as a service: a very modern business , 2013 .

[42]  David Décary-Hétu,et al.  The ecology of trust among hackers , 2016 .

[43]  Vrizlynn L. L. Thing,et al.  Traffic Redirection Attack Protection System (TRAPS) , 2005 .

[44]  David Brumley,et al.  AEG: Automatic Exploit Generation , 2011, NDSS.

[45]  Judy Anderson Cyberethics: Morality and Law in Cyberspace , 2005 .

[46]  Jia Zhang,et al.  Shifting to Mobile: Network-Based Empirical Study of Mobile Vulnerability Market , 2020, IEEE Transactions on Services Computing.

[47]  David Brumley,et al.  Q: Exploit Hardening Made Easy , 2011, USENIX Security Symposium.

[48]  Nir Kshetri,et al.  The simple economics of cybercrimes , 2006, IEEE Security & Privacy Magazine.

[49]  David Sarne,et al.  Enhancing comparison shopping agents through ordering and gradual information disclosure , 2017, Autonomous Agents and Multi-Agent Systems.

[50]  C. Causer The Art of War , 2011, IEEE Potentials.

[51]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[52]  Gianluca Stringhini,et al.  All your cards are belong to us: Understanding online carding forums , 2016, 2017 APWG Symposium on Electronic Crime Research (eCrime).

[53]  M. Porter Competitive Advantage: Creating and Sustaining Superior Performance , 1985 .

[54]  Peter Grabosky,et al.  Organizations and Cyber crime: An Analysis of the Nature of Groups engaged in Cyber Crime , 2014 .

[55]  Marcin Nawrocki,et al.  A Survey on Honeypot Software and Data Analysis , 2016, ArXiv.

[56]  Levente Buttyán,et al.  A Survey of Interdependent Information Security Games , 2014, ACM Comput. Surv..

[57]  He Liu,et al.  Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[58]  Marco Balduzzi,et al.  Attacks landscape in the dark side of the web , 2017, SAC.

[59]  David Clark Control Point Analysis , 2012 .

[60]  Guillermo L. Grinblat,et al.  Toward Large-Scale Vulnerability Discovery using Machine Learning , 2016, CODASPY.

[61]  Angelos Stavrou,et al.  E-commerce Reputation Manipulation: The Emergence of Reputation-Escalation-as-a-Service , 2015, WWW.

[62]  Elaine Shi,et al.  Characterizing Long-tail SEO Spam on Cloud Web Hosting Services , 2016, WWW.

[63]  Peng Liu,et al.  An Empirical Study of Web Vulnerability Discovery Ecosystems , 2015, CCS.

[64]  Dawn Xiaodong Song,et al.  Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.

[65]  Daniel A. Gruber,et al.  Organizational response to adversity: Fusing crisis management and resilience research streams , 2017 .

[66]  Tyler Moore,et al.  The Impact of Incentives on Notice and Take-down , 2008, WEIS.

[67]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[68]  Danny Bradbury Testing the defences of bulletproof hosting companies , 2014, Netw. Secur..

[69]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[70]  Jay F. Nunamaker,et al.  Identifying and Profiling Key Sellers in Cyber Carding Community: AZSecure Text Mining System , 2016, J. Manag. Inf. Syst..

[71]  Tyler Moore,et al.  The E-Commerce Market for "Lemons": Identification and Analysis of Websites Selling Counterfeit Goods , 2015, WWW.

[72]  Steve Mansfield-Devine The imitation game: how business email compromise scams are robbing organisations , 2016 .

[73]  Kieran McLaughlin,et al.  Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[74]  David Brumley,et al.  Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[75]  Christian Jutten,et al.  Multimodal Data Fusion: An Overview of Methods, Challenges, and Prospects , 2015, Proceedings of the IEEE.

[76]  Money Laundering : Methods and Markets , 2004 .

[77]  Gianluca Stringhini,et al.  What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild , 2016, Internet Measurement Conference.

[78]  Michael Siegel,et al.  Poster: Diversity or Concentration? Hackers’ Strategy for Working Across Multiple Bug Bounty Programs , 2016 .

[79]  Johan Sigholm,et al.  Non-State Actors in Cyberspace Operations , 2013 .

[80]  Matthew Smith,et al.  SoK: Lessons Learned from Android Security Research for Appified Software Platforms , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[81]  E. R. Leukfeldt,et al.  Cybercrime and social ties , 2014, Trends in Organized Crime.

[82]  Christopher Krügel,et al.  Framing Dependencies Introduced by Underground Commoditization , 2015, WEIS.

[83]  Thomas J. Holt,et al.  Identifying gaps in the research literature on illicit markets on-line , 2017 .

[84]  Feng Qian,et al.  Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[85]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[86]  Mitsuaki Akiyama,et al.  HoneyCirculator: distributing credential honeytoken for introspection of web-based attack cycle , 2018, International Journal of Information Security.

[87]  Glen Gibb,et al.  Outsourcing network functionality , 2012, HotSDN '12.

[88]  Gianluca Stringhini,et al.  The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape , 2014, AsiaCCS.

[89]  Muhammad Zubair Shafiq,et al.  A large scale exploratory analysis of software vulnerability life cycles , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[90]  Rainer Böhme,et al.  Strategic Aspects of Cyber Risk Information Sharing , 2017, ACM Comput. Surv..

[91]  Patrick Traynor,et al.  *droid , 2016, ACM Comput. Surv..

[92]  Christopher Krügel,et al.  The Underground Economy of Fake Antivirus Software , 2011, WEIS.

[93]  Hamid M Salim,et al.  Cyber safety : a systems thinking and systems theory approach to managing cyber security risks , 2014 .

[94]  Boualem Benatallah,et al.  Web Service Composition , 2015 .

[95]  Hilarie Orman,et al.  The Compleat Story of Phish , 2013, IEEE Internet Computing.

[96]  Damon McCoy,et al.  Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services , 2016, WWW.

[97]  Nicolas Christin,et al.  Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem , 2015, USENIX Security Symposium.

[98]  Nick Feamster,et al.  ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes , 2015, SIGCOMM.

[99]  Nigel Shadbolt,et al.  Why forums?: an empirical analysis into the facilitating factors of carding forums , 2013, WebSci.

[100]  G. Stringhini,et al.  What Happens After You Are Pwnd : Understanding The Use Of Leaked Account Credentials In The Wild , 2016 .

[101]  Mohammad S. Rahman,et al.  Economic and Policy Implications of Restricted Patch Distribution , 2016, Manag. Sci..

[102]  Gabriel Maciá-Fernández,et al.  Survey and taxonomy of botnet research through life-cycle , 2013, CSUR.

[103]  Davide Balzarotti,et al.  Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web , 2013, NDSS.

[104]  Dawn Xiaodong Song,et al.  MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery , 2011, USENIX Security Symposium.

[105]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[106]  Vern Paxson,et al.  Tools for Automated Analysis of Cybercriminal Markets , 2017, WWW.

[107]  Stuart E. Madnick,et al.  A Systems Theoretic Approach to the Security Threats in Cyber Physical Systems Applied to Stuxnet , 2018, IEEE Transactions on Dependable and Secure Computing.

[108]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[109]  Ernesto Damiani,et al.  From Security to Assurance in the Cloud , 2015, ACM Comput. Surv..

[110]  Stefan Katzenbeisser,et al.  Protecting Software through Obfuscation , 2016, ACM Comput. Surv..

[111]  Tyler Moore,et al.  Abuse Reporting and the Fight Against Cybercrime , 2017, ACM Comput. Surv..

[112]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[113]  Ian Goldberg,et al.  Performance and Security Improvements for Tor , 2016, IACR Cryptol. ePrint Arch..

[114]  Helge Janicke,et al.  Semantics-aware detection of targeted attacks: a survey , 2017, Journal of Computer Virology and Hacking Techniques.

[115]  Chris Sharp,et al.  Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software , 2016, USENIX Security Symposium.

[116]  A. Ozment,et al.  Bug Auctions: Vulnerability Markets Reconsidered , 2004 .

[117]  Harald P. E. Vranken,et al.  The Role of Internet Service Providers in Botnet Mitigation , 2016, 2016 European Intelligence and Security Informatics Conference (EISIC).

[118]  Ziming Zhao,et al.  Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces , 2016, IEEE Security & Privacy.

[119]  Thomas J. Holt,et al.  Examining the social networks of malware writers and hackers , 2012 .

[120]  Bushra Mohamed Elamin Elnaim,et al.  The Current State of Phishing Attacks against Saudi Arabia University Students , 2017 .

[121]  Vince D. Calhoun,et al.  Feature-Based Fusion of Medical Imaging Data , 2009, IEEE Transactions on Information Technology in Biomedicine.

[122]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[123]  David Brumley,et al.  Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[124]  Patrick Traynor,et al.  Sending Out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[125]  Ahmad-Reza Sadeghi,et al.  Software distribution as a malware infection vector , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[126]  Eric Wustrow,et al.  DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work , 2016, WOOT.

[127]  Misha Glenny,et al.  DarkMarket: Cyberthieves, Cybercops and You , 2011 .

[128]  Shizhan Chen,et al.  A Skewness-Based Framework for Mobile App Permission Recommendation and Risk Evaluation , 2016, ICSOC.

[129]  Luka Perkov,et al.  Social Engineering Toolkit — A systematic approach to social engineering , 2011, 2011 Proceedings of the 34th International Convention MIPRO.

[130]  Juan E. Tapiador,et al.  A Look into 30 Years of Malware Development from a Software Metrics Perspective , 2016, RAID.

[131]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[132]  Gerhard Weikum,et al.  Distilling Task Knowledge from How-To Communities , 2017, WWW.