3,889 research outputs found
Economic Factors of Vulnerability Trade and Exploitation
Cybercrime markets support the development and diffusion of new attack
technologies, vulnerability exploits, and malware. Whereas the revenue streams
of cyber attackers have been studied multiple times in the literature, no
quantitative account currently exists on the economics of attack acquisition
and deployment. Yet, this understanding is critical to characterize the
production of (traded) exploits, the economy that drives it, and its effects on
the overall attack scenario. In this paper we provide an empirical
investigation of the economics of vulnerability exploitation, and the effects
of market factors on likelihood of exploit. Our data is collected
first-handedly from a prominent Russian cybercrime market where the trading of
the most active attack tools reported by the security industry happens. Our
findings reveal that exploits in the underground are priced similarly or above
vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle
of exploits is slower than currently often assumed. On the other hand,
cybercriminals are becoming faster at introducing selected vulnerabilities, and
the market is in clear expansion both in terms of players, traded exploits, and
exploit pricing. We then evaluate the effects of these market variables on
likelihood of attack realization, and find strong evidence of the correlation
between market activity and exploit deployment. We discuss implications on
vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table
Adversarial behaviours knowledge area
The technological advancements witnessed by our society in recent decades have brought
improvements in our quality of life, but they have also created a number of opportunities for
attackers to cause harm. Before the Internet revolution, most crime and malicious activity
generally required a victim and a perpetrator to come into physical contact, and this limited
the reach that malicious parties had. Technology has removed the need for physical contact
to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attackerâs motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio
The Australian Cyber Security Centre threat report 2015
Introduction: The number, type and sophistication of cyber security threats to Australia and Australians are increasing. Due to the varied nature of motivations for cyber adversaries targeting Australian organisations, organisations could be a target for malicious activities even if they do not think the information held on their networks is valuable, or that their business would be of interest to cyber adversaries.
This first unclassified report by the ACSC describes the range of cyber adversaries targeting Australian networks, explains their motivations, the malicious activities they are conducting and their impact, and provides specific examples of activity targeting Australian networks during 2014. This report also offers mitigation advice on how organisations can defend against these activities.
The ACSCâs ability to detect and defend against sophisticated cyber threats continues to improve. But cyber adversaries are constantly improving their tradecraft in their attempts to defeat our network defences and exploit the new technologies we embrace.
There are gaps in our understanding of the extent and nature of malicious activity, particularly against the business sector. The ACSC is reaching out to industry to build partnerships to improve our collective understanding. Future iterations of the Threat Report will benefit from these partnerships and help to close gaps in our knowledge
Global Cyber Intermediary Liability: A Legal & Cultural Strategy
This Article fills the gap in the debate on fighting cybercrime. It considers the role of intermediaries and the legal and cultural strategies that countries may adopt. Part II.A of this Article examines the critical role of intermediaries in cybercrime. It shows that the intermediariesâ active participation by facilitating the transmission of cybercrime traffic removes a significant barrier for individual perpetrators. Part II.B offers a brief overview of legal efforts to combat cybercrime, and examines the legal liability of intermediaries in both the civil and criminal context and in varying legal regimes with an emphasis on ISPs. Aside from some level of injunctive relief, intermediaries operate in a largely unregulated environment. Part III looks at what we can learn from other countries. The cleanest intermediary country, Finland, and the worst country, Lithuania, were selected in order to explore the causes for the differences between country performances. The section examines the remarkable distinctions between national cultures to explain differences in national cybercrime rates.
Part III.A of this Article argues that the criminal code laws do not account for the difference in host and ISP performances between Finland and Lithuania. There are few differences in the codified laws pertaining to cybercrime between these countries. Instead, it is Finlandâs cultural and business environments that appear to drive its cybercrime ranking. Part IV suggests reforms to shift a countryâs culture to make it less prone to corruption. However, changing a culture takes time so Part IV also proposes a private law scheme in which intermediaries are unable to wave the âflag of immunity,â as they do now. The guiding philosophy for this proposal is that harmed parties should be permitted to recover damages directly from âbadâ intermediaries
UK security breach investigations report: an analysis of data compromise cases
This report, rather than relying on questionnaires and self-reporting, concerns cases that were investigated by the forensic investigation team at 7Safe. Whilst removing any inaccuracies arising from self-reporting, the authors acknowledge that the limitation of the sample size remains. It is hoped that the unbiased reporting by independent investigators has yielded interesting facts about modern security breaches. All data in this study is based on genuine completed breach investigations conducted by the compromise investigation team over the last 18 months
Underground web: the cybercrime challenge
The two papers in this Special Report examine the central role that cybercrime plays in modern society and how technological developments create new opportunities for criminals to exploit.
Overview
Calum Jeffrayâs paper, Caught in the net: the law enforcement response to international cybercrime, surveys the strategic cybercrime landscape and illustrates that, despite calls for law enforcement to âdo moreâ to prevent and investigate cybercrime, the agencies involved are often hampered in acting due to jurisdictional issues or the complexity of the investigations.
Tobias Feakinâs paper, Cryptomarketsâillicit goods in the darknet, examines the emergence of the âdarknetâ, where trading in illicit goods and services in online black markets has become increasingly commonplace and exacerbates the problems that law enforcement already facesâtracing and prosecuting illegal activities online.
This Special Report includes a foreword by Australian Federal Police Commissioner Andrew Colvin
Conceptualizing human resilience in the face of the global epidemiology of cyber attacks
Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
Illicit crypto-mining leverages resources stolen from victims to mine
cryptocurrencies on behalf of criminals. While recent works have analyzed one
side of this threat, i.e.: web-browser cryptojacking, only commercial reports
have partially covered binary-based crypto-mining malware. In this paper, we
conduct the largest measurement of crypto-mining malware to date, analyzing
approximately 4.5 million malware samples (1.2 million malicious miners), over
a period of twelve years from 2007 to 2019. Our analysis pipeline applies both
static and dynamic analysis to extract information from the samples, such as
wallet identifiers and mining pools. Together with OSINT data, this information
is used to group samples into campaigns. We then analyze publicly-available
payments sent to the wallets from mining-pools as a reward for mining, and
estimate profits for the different campaigns. All this together is is done in a
fully automated fashion, which enables us to leverage measurement-based
findings of illicit crypto-mining at scale. Our profit analysis reveals
campaigns with multi-million earnings, associating over 4.4% of Monero with
illicit mining. We analyze the infrastructure related with the different
campaigns, showing that a high proportion of this ecosystem is supported by
underground economies such as Pay-Per-Install services. We also uncover novel
techniques that allow criminals to run successful campaigns.Comment: A shorter version of this paper appears in the Proceedings of 19th
ACM Internet Measurement Conference (IMC 2019). This is the full versio
A shared agenda for the Seoul Conference on Cyberspace, South Korea, 2013
This briefing is ASPIâs distillation of the thoughts of a group of prominent members of the Australian cybersecurity community. We held a workshop in Canberra on the key panel sessions that will take place at the Seoul Conference on Cyberspace, South Korea, in October 2013.
Workshop participants included the Australian Government departments with a stake in cyber issues and members of the private sector, including the banking and IT sectors, defence and security industries and representatives from the wider business community. The aim of the workshop was to provide creative Australian perspectives to take to the Seoul conference
- âŠ