203 research outputs found
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
Illicit crypto-mining leverages resources stolen from victims to mine
cryptocurrencies on behalf of criminals. While recent works have analyzed one
side of this threat, i.e.: web-browser cryptojacking, only commercial reports
have partially covered binary-based crypto-mining malware. In this paper, we
conduct the largest measurement of crypto-mining malware to date, analyzing
approximately 4.5 million malware samples (1.2 million malicious miners), over
a period of twelve years from 2007 to 2019. Our analysis pipeline applies both
static and dynamic analysis to extract information from the samples, such as
wallet identifiers and mining pools. Together with OSINT data, this information
is used to group samples into campaigns. We then analyze publicly-available
payments sent to the wallets from mining-pools as a reward for mining, and
estimate profits for the different campaigns. All this together is is done in a
fully automated fashion, which enables us to leverage measurement-based
findings of illicit crypto-mining at scale. Our profit analysis reveals
campaigns with multi-million earnings, associating over 4.4% of Monero with
illicit mining. We analyze the infrastructure related with the different
campaigns, showing that a high proportion of this ecosystem is supported by
underground economies such as Pay-Per-Install services. We also uncover novel
techniques that allow criminals to run successful campaigns.Comment: A shorter version of this paper appears in the Proceedings of 19th
ACM Internet Measurement Conference (IMC 2019). This is the full versio
Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access
We investigate the criminal market dynamics of infostealer malware and
publish three evidence datasets on malware infections and trade. We justify the
value chain between illicit enterprises using the datasets, compare the prices
and added value, and use the value chain to identify the most effective
countermeasures.
We begin by examining infostealer malware victim logs shared by actors on
hacking forums, and extract victim information and mask sensitive data to
protect privacy. We find access to these same victims for sale at Genesis
Market. This technically sophisticated marketplace provides its own browser to
access victim's online accounts. We collect a second dataset and discover that
91% of prices fall between 1--20 US dollars, with a median of 5 US dollars.
Database Market sells access to compromised online accounts. We produce yet
another dataset, finding 91% of prices fall between 1--30 US dollars, with a
median of 7 US dollars.Comment: In The 18th International Conference on Availability, Reliability and
Security (ARES 2023), August 29 -- September 1, 2023, Benevento, Ital
Strategy and Organisational Cybersecurity: A Knowledge-Problem Perspective
Purpose: The purpose of this paper is to frame organisational cybersecurity through a strategic lens, as a function of an interplay of pragmatism, inference, holism and adaptation. The authors address the hostile epistemic climate for intellectual capital management presented by the dynamics of cybersecurity as a phenomenon. The drivers of this hostility are identified and their implications for research and practice are discussed. Design/methodology/approach: The philosophical foundations of cybersecurity in its relation with strategy, knowledge and intellectual capital are explored through a review of the literature as a mechanism to contribute to the emerging theoretical underpinnings of the cybersecurity domain. Findings: This conceptual paper argues that a knowledge-based perspective can serve as the necessary platform for a phenomenon-based view of organisational cybersecurity, given its multi-disciplinary nature. Research limitations/implications: By recognising the knowledge-related vectors, mechanisms and tendencies at play, a novel perspective on the topic can be developed: cybersecurity as a “knowledge problem”. In order to facilitate such a perspective, the paper proposes an emergent epistemology, rooted in systems thinking and pragmatism. Practical implications: In practice, the knowledge-problem narrative can underpin the development of new organisational support constructs and systems. These can address the distinctiveness of the strategic challenges that cybersecurity poses for the growing operational reliance on intellectual capital. Originality/value: The research narrative presents a novel knowledge-based analysis of organisational cybersecurity, with significant implications for both interdisciplinary research in the field, and practice
- …