Malware and Exploits on the Dark Web

In recent years, the darknet has become the key location for the distribution of malware and exploits. We have seen scenarios where software vulnerabilities have been disclosed by vendors and shortly after, operational exploits are available on darknet forums and marketplaces. Many marketplace vendors offer zero-day exploits that have not yet been discovered or disclosed. This trend has led to security companies offering darknet analysis services to detect new exploits and malware, providing proactive threat intelligence. This paper presents information on the scale of malware distribution, the trends of malware types offered, the methods for discovering new exploits and the effectiveness of darknet analysis in detecting malware at the earliest possible stage.Comment: 5 pages, 0 figure

Big data og Cyberkriminalitet : En litteraturstudie om hvordan Big Data kan brukes for å bekjempe cyberkriminalitet

Masteroppgave informasjonssystemer IS501 - Universitetet i Agder 2019Cyberkriminalitet er et økende problemi samfunnetoghackerangrepblir stadig mer komplekse og sofistikerte. Bruken av Big Data som et forvarsverktøy mot angrep er et revolusjonerendesteg i utviklingen avsikkerhetssystemerog har enormt et potensialfor å oppdage angrep og truslermot et data-eller nettverkssystem. I denne masterutredningen er det utført en litteraturstudiesomtar for seg aktuell tidligere forskning om temaet Big Data og cyberkriminalitet for å kartlegge hvor langt forskningen har kommet på akkurat dette området. Studien ønsker å bidra med å belyse sentrale trender innen Big Data og cyberkriminalitet de siste seks årene, samt avdekke eventuelle forskningshull hvor ytterligere forskning er nødvendig. Vår problemstilling er følgende:“Hva sier litteraturen om bruken av Big Data for åbekjempe cyberkriminalitet,og hvilke trender fremkommer i nyere forskning?“Bakgrunnen for valget av problemstilling skyldes masterstudiets fokus på Big Data, samt dagsaktuelle nyhetssaker hvor store aktører oppleverat deres datasystemer blir angrepet og skadet. Denne typen angrep forårsaker skader for flere milliarder årlig. På bakgrunn av dette ønsket vi å se nærmere på Big Data i et sikkerhetsperspektiv og hvordan Big Data kan bli brukt for å bekjempe cyberkriminalitet.Studienidentifiserte 37 relevanteartiklerom Big Data og cyberkriminalitetpublisertetter 2013. Studiens funn har blitt delt opp i tre hovedkategorier: Utfordringer, foreslåtte løsninger og trender. Totalt 13 utfordringer og 9 foreslåtte løsninger ble identifisert i studien, samt trender som preger forskningen de siste 6 årene. Studien har avdekket at det eksisterer trender innen nyere forskning. Da spesielt IDS som dominerer forskningsfeltet, men også litt mindre markante trender som visualisering av Big Data systemer, redusering av data og bruken av rammeverk og systemdesign. Dette er alle trender innen foreslåtte løsninger. Videre viser funnene i studien en rekke utfordringer som blir nevnt hyppig i litteraturen. Av utfordringer er det verdt å nevne blant annet “zero-day attacks”,Big Data prosessering, identifisering av avvik/anomalier og konfigurering av maskinlæringsalgoritmer

The Dark Web Phenomenon: A Review and Research Agenda

The internet can be broadly divided into three parts: surface, deep and dark. The dark web has become notorious in the media for being a hidden part of the web where all manner of illegal activities take place. This review investigates how the dark web is being utilised with an emphasis on cybercrime, and how law enforcement plays the role of its adversary. The review describes these hidden spaces, sheds light on their history, the activities that they harbour – including cybercrime, the nature of attention they receive, and methodologies employed by law enforcement in an attempt to defeat their purpose. More importantly, it is argued that these spaces should be considered a phenomenon and not an isolated occurrence to be taken as merely a natural consequence of technology. This paper contributes to the area of dark web research by serving as a reference document and by proposing a research agenda

Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

Dynamics of Dark Web Financial Marketplaces: An Exploratory Study of Underground Fraud and Scam Business

The number of Dark Web financial marketplaces where Dark Web users and sellers actively trade illegal goods and services anonymously has been growing exponentially in recent years. The Dark Web has expanded illegal activities via selling various illicit products, from hacked credit cards to stolen crypto accounts. This study aims to delineate the characteristics of the Dark Web financial market and its scams. Data were derived from leading Dark Web financial websites, including Hidden Wiki, Onion List, and Dark Web Wiki, using Dark Web search engines. The study combines statistical analysis with thematic analysis of Dark Web content. Offering promotions and customer services with the payment methods of cryptocurrencies were prevalent, similar to the Surface Web\u27s e-commerce market. The findings suggest that the Dark Web financial market is likely to harbor scams targeting Dark Web buyers. Dark Web sellers construct a website to sell scam products and recommend purchasing Escrow services to ensure safe transactions as an additional scam. The results from this study provided empirical support for the components of the routine activity theory of the Dark Web financial market to substantiate a more comprehensive view of patterns of fraud/ scams. Enhancing law enforcement capabilities of investigating financial marketplaces and promoting public awareness and consumer safety programs are discussed as effective preventive measures

Knowledge Sharing Network in a Community of Illicit Practice: A Cybermarket Subreddit Case

Often neglected in the literature about communities of practice is the fact that online knowledge-sharing communities thrive among illicit collectives whose activities are stigmatized or outlawed. This paper focuses on a knowledge-sharing community of users who engage in illegal practices by examining the ways in which the community’s network structure changes when a high-stakes, uncertain event—the July 2017 shutdown of the dark web market Alphabay—occurs. This study compares the discussion network structures in the subreddit r/AlphaBay during pre-shutdown days (the “routine” period) and shutdown days (the “market defect” period) and offers a content analysis of the knowledge and resources shared by users during these periods. Several differences were observed: (a) the network structure changed such that the network size grew while becoming more centralized; (b) new crisis-specific players emerged; (c) types of knowledge shared during the market defect period was qualitatively different from the routine period