The growing of Information and Communication Technologies (ICT) that has been experienced in recent years, has led to new and more sophisticated ways of doing business. Consequently, worldwide organized criminal groups have been able to adapt their activities to new trends in the area of information security. In this paper the problem of cyber-crime as a profitable business and the model Cybercrime-as-a-service (CaaS) are exposed. For this purpose, the ransomware, which is one of the threats that have generated more profit in the last two years, is analyzed. This kind of malware is able to block assets in the victim systems and blackmail their owners with their deletion, if they fail to pay a ransom. In this sense, a game theory model of the behavior of actors involved in a ransomware attack is proposed. The proposed model describes the extortion process between the attacker and victim and estimates the probability of payment of ransom

Barona López, Lorena Isabel

Maestre Vidal, Jorge

Martínez Monterrubio, Sergio Mauricio

Sotelo Monge, Marco Antonio

Valdivieso  Caraguay, Ángel Leonardo

English

Repositorio Institucional Ulima

Document details  98 of 195  Profits at the dawn of cybercrime-as-a-service (Conference Paper)[Ganancias del Cibercrimen como Servicio],  ,  ,  ,  Indra, Digital Lab, Madrid, SpainUniversidad de Lima, PeruDepartamento de Ingeniería Del Software e Inteligencia Artificial, Universidad Complutense de Madrid, SpainAbstractThe growing of Information and Communication Technologies (ICT) that has been experienced in recent years, has ledto new and more sophisticated ways of doing business. Consequently, worldwide organized criminal groups have beenable to adapt their activities to new trends in the area of information security. In this paper the problem of cyber-crimeas a profitable business and the model Cybercrime-as-a-service (CaaS) are exposed. For this purpose, the ransomware,which is one of the threats that have generated more profit in the last two years, is analyzed. This kind of malware isable to block assets in the victim systems and blackmail their owners with their deletion, if they fail to pay a ransom. Inthis sense, a game theory model of the behavior of actors involved in a ransomware attack is proposed. The proposedmodel describes the extortion process between the attacker and victim and estimates the probability of payment ofransom. © 2019 IEEE.Author keywordsCaaS Cibercrimen Malware RansomwareIndexed keywordsEngineeringcontrolled terms:Crime Game theory Information systems Information use ProfitabilityEngineeringuncontrolled termsCaaS Cibercrimen Cyber-crimes Cybercrime Game theory modelsInformation and Communication TechnologiesEngineering mainheading:Malware◅ Back to results ◅ Previous  ▻NextCSV export  Download  Print  E-mail  Save to PDF ⋆ Save to list  ▻More...View at PublisherProceedings - 2019 International Conference on Information Systems and Software Technologies,ICI2ST 2019November 2019, Article number 8940381, Pages 71-781st International Conference on Information Systems and Software Technologies, ICI2ST 2019;Escuela Politecnica NacionalQuito; Ecuador; 13 November 2019 through 15 November 2019;Category numberCFP19V56-ART; Code 156415Vidal, J.M.a  Monge, M.A.S.b  Monterrubio, S.M.M.c  Lopez, L.I.B.d  Caraguay, A.L.V.d   Save all to author listabc  View additional affiliations View references (28)ISBN: 978-172814886-1Source Type: Conference ProceedingOriginal language: SpanishDOI: 10.1109/ICI2ST.2019.00017Document Type: Conference PaperVolume Editors: Hallo M.,Molina M.,Valdivieso L.Publisher: Institute of Electrical and Electronics Engineers Inc.PlumX MetricsUsage, Captures, Mentions,Social Media and Citationsbeyond Scopus.Metrics Cited by 0 documentsInform me when this documentis cited in Scopus: Related documents,  ,(2019) RISTI - Revista Iberica deSistemas e Tecnologias deInformacao,  ,(2019) Remote Sensing,  ,(2019) RISTI - Revista Iberica deSistemas e Tecnologias deInformacao Find more related documents inScopus based on:❓  ▻View all metricsSet citation alert ▻ ▻Set citation feedRansomware dataset based ondynamic analysis | Dataset deRansomware basado en análisisdinámico Herrera Silva, J.A. Veloz, F.D.B.López, L.I.B.A survey on situational awarenessof ransomware attacks-detectionand prevention parameters Silva, J.A.H. López, L.I.B.Caraguay, Á.L.V.Key indicators in ransomwaredetection | Indicadores para ladetección de ataquesransomware Veloz, F.D.B. López, L.I.B.Caraguay, Á.L.V.View all related documents basedon references ▻Authors  ▻Keywords FRSearch Sources Lists  ↗SciValReferences (28)An, J., Kim, H.-W. (Open Access)(2018) IEEE Access, 6, pp. 26636-26652.  .doi: 10.1109/ACCESS.2018.2831667Enbody, R., Sood, A.K., Bajpai, P.(2018) eCrime Researchers Summit, eCrime, 2018-May, pp. 1-12.  .ISBN: 978-153864922-0doi: 10.1109/ECRIME.2018.8376213Cleary, G., Cox, O., Lau, H., Nahorney, B., Gorman, B., O'Brien, D., Wallace, S., (...), Wueest, C.(2018) Internet Security Threat Report Symantec, p. 8089. Conti, M., Gangwal, A., Ruj, S.(2018) Computers and Security, 79, pp. 162-189.  .doi: 10.1016/j.cose.2018.08.008(2014) Police Ransomware Threat Assessment 2014.  . Goode, L.(2015) Popular Communication, 13 (1), pp. 74-86.  .doi: 10.1080/15405702.2014.978000Hernandez-Castro, J., Cartwright, E., Stepanova, A.(2017) Economic Analysis of Ransomware.  . Silva, J.A.H., López, L.I.B., Caraguay, Á.L.V., Hernández-álvarez, M. (Open Access)(2019) Remote Sensing, 11 (10), art. no. 1168.  .doi: 10.3390/rs11101168 ▻View in search results format     All CSV export   Print  E-mail  Save to PDF Create bibliography1A Data Analytics Approach to the Cybercrime Underground EconomyCited 6 timeshttp://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639View at Publisher2A key-management-based taxonomy for ransomwareCited 6 timeshttp://ieeexplore.ieee.org/xpl/conferences.jspView at Publisher34On the economic significance of ransomware campaigns: A Bitcoin transactionsperspectiveCited 13 timesView at Publisher5 Cited 2 timesEuropol6Anonymous and the Political Ethos of HacktivismCited 15 timeshttp://www.tandfonline.com/toc/hppc20/currentView at Publisher7Cited 10 timeshttp://dx.doi.org/10.2139/ssrn.29376418A survey on situational awareness of ransomware attacks-detection and preventionparametersCited 3 timeshttps://res.mdpi.com/remotesensing/remotesensing-11-01168/article_deploy/remotesensing-11-01168.pdf?filename=&attachment=1View at PublisherHuang, K., Siegel, M., Madnick, S. (Open Access)(2018) ACM Computing Surveys, 51 (4), art. no. 3199674.  .doi: 10.1145/3199674Kim, D.W., Yan, P., Zhang, J.(2015) Computers and Security, 49, pp. 95-106.  .doi: 10.1016/j.cose.2014.11.008Kolodenker, E., Koch, W., Stringhini, G., Egele, M.(2017) ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and CommunicationsSecurity, pp. 599-611.  .ISBN: 978-145034944-4doi: 10.1145/3052973.3053035Kshetri, N.(2013) Crime, Law and Social Change, 60 (1), pp. 39-65.  .doi: 10.1007/s10611-013-9431-4Manky, D.(2013) Computer Fraud and Security, 2013 (6), pp. 9-13.  .doi: 10.1016/S1361-3723(13)70053-8(2017) The Economic Impact of Cybercrime No Slowing Down, McAfee White Paper Me, G., Pesticcio, L.(2018) Advanced Sciences and Technologies for Security Applications, pp. 119-140.doi: 10.1007/978-3-319-97181-0_6Naqvi, S.Challenges of cryptocurrencies forensics: A case study of investigating, evidencing and prosecutingorganised cybercriminals(2018) Proceedings of the 13th International Conference on Availability, Reliability and SecurityACM, New York, NY, USA, 1-5 August 9Systematically understanding the cyber attack business: A surveyCited 6 timeshttp://dl.acm.org/citation.cfm?id=J204View at Publisher10Detecting fake anti-virus software distribution webpagesCited 12 timesView at Publisher11PayBreak : Defense against cryptographic ransomwareCited 52 timesView at Publisher12Cybercrimes in the Former Soviet Union and Central and Eastern Europe: Currentstatus and key driversCited 13 timesView at Publisher13Cybercrime as a service: A very modern businessCited 15 timesView at Publisher14McAfee15Tor black markets: Economics, characterization and investigation techniquehttps://link.springer.com/bookseries/5540View at Publisher16Ben Naseir, M.A., Dogan, H., Apeh, E., Richardson, C., Ali, R.(2019) Advances in Intelligent Systems and Computing, 930, pp. 373-382.ISBN: 978-303016180-4doi: 10.1007/978-3-030-16181-1_35Phelps, A., Watt, A.(2014) Digital Investigation, 11 (4), pp. 261-272.  .doi: 10.1016/j.diin.2014.08.001Ring, T.(2014) Computer Fraud and Security, 2014 (2), pp. 16-20.  .doi: 10.1016/S1361-3723(14)70463-4Schirrmacher, N.B., Ondrus, J., Tan, F.T.C.Towards a response to ransomware: Examining digital capabilities of the wannacry attack(2018) Proceedings of Pacific Asia Conference on Information Systems, pp. 1-9.  .Yokohama, Japan, June Schrittwieser, S., Katzenbeisser, S., Kieseberg, P., Huber, M., Leithner, M., Mulazzani, M., Weippl, E.(2014) Computers and Security, 42, pp. 13-26.  .doi: 10.1016/j.cose.2013.12.006Snader, R., Borisov, N.(2011) IEEE Transactions on Dependable and Secure Computing, 8 (5), art. no. 5560675, pp. 728-741. .doi: 10.1109/TDSC.2010.40Sood, A.K., Enbody, R.J.(2013) International Journal of Critical Infrastructure Protection, 6 (1), pp. 28-38.  .doi: 10.1016/j.ijcip.2013.01.00217Contextualising the National Cyber Security Capacity in an Unstable Environment: ASpring Land Case Studyhttp://www.springer.com/series/11156View at Publisher18I shop online - Recreationally! Internet anonymity and Silk Road enabling drug use inAustraliaCited 18 timeshttp://www.elsevier.com/wps/find/journaldescription.cws_home/702130/description#descriptionView at Publisher19Why bug hunters are coming in from the wildCited 3 timesView at Publisher20Cited 3 times21Covert Computation - Hiding code in code through compile-time obfuscationCited 7 timesView at Publisher22Improving security and performance in the tor network through tunable pathselectionCited20 timesView at Publisher23Crimeware-as-a-service-A survey of commoditized crimeware in the undergroundmarketCited 40 timesView at Publisher  98 of 195  Wainwright, P., Kettani, H.(2019) ACM International Conference Proceeding Series, pp. 116-121.ISBN: 978-145036634-2doi: 10.1145/3314545.3314562Young, Adam, Yung, Moti(1996) Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 129-140.  .Monika, Zavarsky, P., Lindskog, D. (Open Access)(2016) Procedia Computer Science, 94, pp. 465-472.  .doi: 10.1016/j.procs.2016.08.072(2013) Security Watch: The Crimeware-As-A-Service RealitySunday Business Post, N/a Dupont, B.(2017) Crime, Law and Social Change, 67 (1), pp. 97-116.  .doi: 10.1007/s10611-016-9649-z© Copyright 2020 Elsevier B.V., All rights reserved.24An analysis of botnet modelshttp://portal.acm.org/View at Publisher25Cryptovirology: extortion-based security threats and countermeasuresCited 77 timesView at Publisher26Experimental Analysis of Ransomware on Windows and Android Platforms: Evolutionand CharacterizationCited 25 timeshttp://www.sciencedirect.com/science/journal/18770509View at Publisher2728Bots, cops, and corporations: on the limits of enforcement and the promise ofpolycentric regulation as a way to control large-scale cybercrimeCited 16 timeshttp://www.kluweronline.com/issn/0925-4994View at Publisher◅ Back to results ◅ Previous  ▻Next  Top of pageAbout ScopusWhat is ScopusContent coverageScopus blogScopus APIPrivacy mattersLanguage⽇本語に切り替える切换到简体中文切換到繁體中文Русский языкCustomer ServiceHelpContact us Copyright © . All rights reserved. Scopus® is a registered trademark of Elsevier B.V.We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the.↗Terms and conditions ↗Privacy policy ↗Elsevier B.V use of cookies 

Profits at the dawn of cybercrime-as-a-service

https://repositorio.ulima.edu.pe/bitstream/20.500.12724/10150/1/Abstract_References.pdf

Profits at the dawn of cybercrime-as-a-service

Abstract

Similar works

Full text

Available Versions

Repositorio Institucional Ulima