advertise publicly trade privately analysing the
play

Advertise publicly, trade privately? Analysing the - PowerPoint PPT Presentation

Oct 02, 2022 •24 likes •314 views

Advertise publicly, trade privately? Analysing the Cybercrime-as-a-Service (CaaS) Offerings in Underground Forums Dr. Ugur Akyazi PostDoc Researcher Cyber Security Group - TPM Technical University of Delft 1 2 3 as-a-service model 4

  1. Advertise publicly, trade privately? Analysing the Cybercrime-as-a-Service (CaaS) Offerings in Underground Forums Dr. Ugur Akyazi PostDoc Researcher Cyber Security Group - TPM Technical University of Delft 1

  2. 2

  3. 3

  4. ‘as-a-service’ model 4

  5. What CaaS provides? 1. Makes cybercrime easily accessible to novice criminals with limited technical skills 2. Enables specialization, commercialization and cooperation for advanced cyber criminals “CaaS is a blackbox : The attacker can purchase the desired “service” through the dark/surface web without a detailed understanding of what is involved in its execution.” 5

  6. Marketing shift to Forums ▪ Similar resources also tell that cybercriminals have increasingly taken to using specialist sites and forums to advertise their services, before conducting transactions on private communication channels like Telegram, Discord, Skype, Jabber, or IRC. ▪ This marketing shift is claimed to be a result of the loss of trust to darknet marketplaces after the seizure or closure of the underground markets (Alphabay, Hansa, Dream, Wall Street). 6

  7. 7

  8. Two of the big dark web marketplaces have been taken down in simultaneous global operations, supported by Europol: the Wall Street Market and the Silkkitie (known as the Valhalla Marketplace), 3 May 2019 8

  9. To combat cybercrimes in an effective way, we not only need to develop technical solutions to protect against attacks but also need to understand the business structure of underground cybercrime and its development . 9

  10. ▪ Which parts of cybercrime value chains are successfully commoditized and which are not? ▪ What kind of revenue do these criminal business-to-business services generate and how fast are they growing? 10

  11. In our previous paper : ▪ Analyzed the dataset of Soska and Christin (2015) on seven prominent online anonymous marketplaces (2011-2015) and AlphaBay (2014-2017). ▪ Implemented a Support Vector Machine (SVM) classifier to predict ten B2B and seven B2C product classes. 11

  12. 12

  13. Take-aways ▪ There is evidence of commoditization, but outsourcing options are restricted and transaction volume is often modest.  partial fulfillment of cybercriminal demand ▪ The scarcity of supply suggests potentially vulnerable components in criminal value chains. These choke points might be targeted by interventions to raise the transaction costs. 13

  14. Research questions (work in progress) ▪ Which CaaS crimewares are demanded and supplied in underground forums? What is the volume and diversity of these advertisements and ratio of them to non-CaaS ones? ▪ How do the real CaaS transactions happen? Via the links to external trading platforms or private communication channels? 14

  15. Methodology 1. Conceptualize the framework of CaaS ecosystem within the cybercrime value chain model, 2. Compile dataset of underground forums and preprocess the data, 3. Create and annotate the ‘ground-truth’ listings manually iot train and test the ML classifier, 4. Develop the ML classifier (w/o decision rules) to map the cybercrime products/services, buy/sell, contact, external links, 5. Analyze the dynamics of CaaS in the fora. 15

  16. Value Chain Model * Keman Huang, Michael Siegel, and Stuart Madnick. 2018. Systematically Understanding the Cyber Attack Business: A Survey. ACM Computing Surveys. 51, 4, Article 70 (July 2018), 36 pages. https://doi.org/10.1145/3199674 16

  17. Cybercriminal Service Ecosystem Framework 17

  18. 18

  19. More CaaS ▪ CAPTCHA solvers ▪ Phone/SMS verification ▪ Password cracking ▪ E-whoring ▪ Networking and hosting  Proxies  Remote Desktop Protocol (RDP) service 19

  20. CrimeBB Dataset of Cambridge Cybercrime Centre 20

  21. 21

  22. • “All the trades on Hack Forums should be made in the Marketplace section, regardless of content. • A seven-day posting ban and a warning is the penalty for posting marketplace threads outside of the Market tab.” 22

  23. Data preparation posts in ‘Marketplace’ section = 9,795,204 • First post of each thread is a supply/demand offering • = 1,104,046 Random ‘ground-truth’ items ≈ 1% = 10,000 • Labelling manually • 23

  24. Types of CaaS offerings 1. Renting the infrastructure or/and the platform, 2. Selling the service of committing the crime, 3. Selling the product but continuing to provide some required services remotely after sale, 4. Selling the product but giving customer support when necessary, …others are not CaaS but only products. 24

  25. • Product/service category • Buy/sell or other • Contact • External trading link 25

  26. So far.. Products: RAT, currency exchange, account, game • account, game utility, cryptominer, malware As-a-services: phone verification, reputation • escalation, hacker, obfuscation, password cracking, DDoS, exploit, e-whoring, money laundering, RDP Other • 26

  27. 27

  28. Conclusion to better understand the risks to businesses and • consumers, to support designing better disruption strategies • against cybercrime business models, We aim to disclose how cybercriminals are adapting to new trading and communication processes. 28

  29. Questions? u.akyazi@tudelft.nl

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Father- IS LOVE Son and Spirit- As we privately and publicly grow closer to the Father,

The Father- IS LOVE Son and Spirit- As we privately and publicly grow closer to the Father,

A description of Who is behind Real relationships and how we particiate! The Father- IS LOVE Son and Spirit- As we privately and publicly grow closer to the Father, through Jesus, and in the Spirit, we grow closer to each other! The

212 views • 18 slides
Outline Introduction Background Progress on the implementation of the MTSF

Outline Introduction Background Progress on the implementation of the MTSF

Outline Introduction Background Progress on the implementation of the MTSF Analysing the Programme of Action Report Analysing the 2014 2019 MTSFs Analysing the performance management system of government Analysing

946 views • 18 slides
Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Idaho Section Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1. Why Privately Develop Managed Aquifer Recharge? 2. What are: Recharge Development Corporation

406 views • 22 slides
Week 5 Kullmann Analysing BFS Depth-first search Depth-first search Analysing DFS

Week 5 Kullmann Analysing BFS Depth-first search Depth-first search Analysing DFS

CS 270 Algorithms Oliver Week 5 Kullmann Analysing BFS Depth-first search Depth-first search Analysing DFS Analysing BFS Dags and 1 topological sorting Detecting Depth-first search 2 cycles Analysing DFS 3 Dags and topological

482 views • 23 slides
Monitoring and analysing multilingual media reports Monitoring and analysing multilingual media

Monitoring and analysing multilingual media reports Monitoring and analysing multilingual media

The Second KYOTO Workshop, Gifu, Japan, 26 January 2011 1 Monitoring and analysing multilingual media reports Monitoring and analysing multilingual media reports to support users in their daily work Ralf Steinberger & the JRCs OPTIMA

319 views • 28 slides
Marketing and CS 2. Where to advertise? TV, radio, newspaper, magazine, internet, 3. Who

Marketing and CS 2. Where to advertise? TV, radio, newspaper, magazine, internet, 3. Who

Enticing you to buy a product 1. What is the content of the ad? Marketing and CS 2. Where to advertise? TV, radio, newspaper, magazine, internet, 3. Who is the target audience/customers? Philip Chan Which question is the most

422 views • 14 slides
Analysing Kauffman Boolean Networks PAVEL EMELYANOV Institute of Informatics Systems and

Analysing Kauffman Boolean Networks PAVEL EMELYANOV Institute of Informatics Systems and

Analysing Kauffman Boolean Networks Analysing Kauffman Boolean Networks PAVEL EMELYANOV Institute of Informatics Systems and Novosibirsk State University May 31, 2016 Analysing Kauffman Boolean Networks Plan 1 Introduction 2 Problem

1.14k views • 46 slides
WALLET PSYCHOLOGY CONSUMER BEHAVIOUR AND CLIENT FOCUSED TARGETING IF YOU ARE GOING TO ADVERTISE AT

WALLET PSYCHOLOGY CONSUMER BEHAVIOUR AND CLIENT FOCUSED TARGETING IF YOU ARE GOING TO ADVERTISE AT

WALLET PSYCHOLOGY CONSUMER BEHAVIOUR AND CLIENT FOCUSED TARGETING IF YOU ARE GOING TO ADVERTISE AT ALL, MAKE SURE THAT IT IS NOT MONEY DOWN THE DRAIN, CHOOSE WISELY HOW YOU SPEND YOUR MONEY! TRADITIONAL ADVERTISING TV Print Big budget bang

423 views • 27 slides
Everyone leaves . . . Nationally . . . 2009 US Census: 94,875 youth under the age of 21 in

Everyone leaves . . . Nationally . . . 2009 US Census: 94,875 youth under the age of 21 in

Transition & Reintegration Everyone leaves . . . Nationally . . . 2009 US Census: 94,875 youth under the age of 21 in 3,257 publicly and privately owned institutions. (2009 US Census; Tannis, 2014; Read & OCummings, 2011; Snyder

368 views • 12 slides
Jersey Advertisement Pitch By Alex, Ethan and Charles AIM OF THE ADVERT. Advertise Jersey to

Jersey Advertisement Pitch By Alex, Ethan and Charles AIM OF THE ADVERT. Advertise Jersey to

Jersey Advertisement Pitch By Alex, Ethan and Charles AIM OF THE ADVERT. Advertise Jersey to Young Adults with a Low Budget. Show Jersey as a good place for a Holiday. How It Speaks To The Audience Different Activities Tamba Arcade

702 views • 21 slides
Using Groove for analysing RPGame models Model Driven Engineering Brent van Bladel University of

Using Groove for analysing RPGame models Model Driven Engineering Brent van Bladel University of

Using Groove for analysing RPGame models Using Groove for analysing RPGame models Model Driven Engineering Brent van Bladel University of Antwerp 22 January 2015 Using Groove for analysing RPGame models Overview Type graph Transformation

359 views • 25 slides
Monitoring DNS? Analysing DNS! Roy Arends Research Fellow Nominet UK What is Monitoring?

Monitoring DNS? Analysing DNS! Roy Arends Research Fellow Nominet UK What is Monitoring?

Monitoring DNS? Analysing DNS! Roy Arends Research Fellow Nominet UK What is Monitoring? Monitoring hints at an incident (what is happening) Analysing is the actual hard work (why is it happening) Technology BumbleBee has been

604 views • 12 slides
Why Do Businesses Advertise? To increase sales! Selling digital signage is solving a problem for

Why Do Businesses Advertise? To increase sales! Selling digital signage is solving a problem for

Why Do Businesses Advertise? To increase sales! Selling digital signage is solving a problem for your customer Television & Radio FACT: 48.1% of all homes in Satellite radio America have at least 1 DVR. iTunes and MP3 players

196 views • 7 slides
Analysing Object-Capability Security Toby Murray Oxford University Computing Laboratory

Analysing Object-Capability Security Toby Murray Oxford University Computing Laboratory

Analysing Object-Capability Security 01 Analysing Object-Capability Security Toby Murray Oxford University Computing Laboratory Analysing Object-Capability Security 02 Cooperation and Vulnerability Much of the power and utility of modern

542 views • 50 slides
In Maries Steps by SUMUS 5 Problem Definition Advertise the movie: Maries Leben by Rolf

In Maries Steps by SUMUS 5 Problem Definition Advertise the movie: Maries Leben by Rolf

In Maries Steps by SUMUS 5 Problem Definition Advertise the movie: Maries Leben by Rolf Kasteleiner Create a pop up installation that is both visually appealing, modern and establishes a direct connection to the movie Entice people to

472 views • 15 slides
ONPAR golf advertising ONPAR golf advertising WHY ADVERTISE TO CONSUMERS AND BUSINESS OWNERS

ONPAR golf advertising ONPAR golf advertising WHY ADVERTISE TO CONSUMERS AND BUSINESS OWNERS

ONPAR golf advertising ONPAR golf advertising WHY ADVERTISE TO CONSUMERS AND BUSINESS OWNERS WHO PLAY GOLF? Engaged community that socialise together and influence each other #1 participation 5 million rounds of sport in New Zealand

696 views • 17 slides
Joint Eur oint Europea opean n Stak Stakeholder Gr eholder Group oup Thursday 21 September

Joint Eur oint Europea opean n Stak Stakeholder Gr eholder Group oup Thursday 21 September

Joint Eur oint Europea opean n Stak Stakeholder Gr eholder Group oup Thursday 21 September 2017 Meeting 24 WebEx Agenda Title Lead Time ID 1 Welcome & Introductions Chair 10:00 -10:05 CACM Methodologies, Inc. Recent Submission

580 views • 47 slides
The global behaviour of Finsler geodesics. Applications Sorin V. Sabau Tokai University,

The global behaviour of Finsler geodesics. Applications Sorin V. Sabau Tokai University,

The global behaviour of Finsler geodesics. Applications Sorin V. Sabau Tokai University, Sapporo, Japan Sorin V. Sabau The global behaviour of Finsler geodesics. Applications 1. Finsler metrics Definition A Finsler norm, or metric, on a real

1.05k views • 73 slides
Jiazi Yi, Eddy Cizeron, Salima Hamma, Benot Parrein, Pascal Lesage l ECOLE POLYTECHNIQUE

Jiazi Yi, Eddy Cizeron, Salima Hamma, Benot Parrein, Pascal Lesage l ECOLE POLYTECHNIQUE

Jiazi Yi, Eddy Cizeron, Salima Hamma, Benot Parrein, Pascal Lesage l ECOLE POLYTECHNIQUE DE LUNIVERSITE DE NANTES, FRANCE Institut de Recherche en Communications et en Cyberntique de Nantes SE SE curit des RE seaux it d RE AD

318 views • 27 slides
Quantum Gravity: A Brief Review of the Past, a Selective Picture of the Present, a Glimpse of the

Quantum Gravity: A Brief Review of the Past, a Selective Picture of the Present, a Glimpse of the

Quantum Gravity: A Brief Review of the Past, a Selective Picture of the Present, a Glimpse of the Future Daniele Oriti Arnold Sommerfeld Center for Theoretical Physics Munich Center for Mathematical Philosophy LMU-Munich, Germany, EU Conference

1.69k views • 84 slides
Navigate with Covenham Sailability & NAVIGO CASE STUDY Dene Covenham has helped

Navigate with Covenham Sailability & NAVIGO CASE STUDY Dene Covenham has helped

Navigate with Covenham Sailability & NAVIGO CASE STUDY Dene Covenham has helped me learn new skills, meet new people and to get involved with group activities. Group working is not something I was used to but with the help of the

582 views • 8 slides
Woolverstone Project Pontoons different setups Pontoons Welcome Peter Hibberd

Woolverstone Project Pontoons different setups Pontoons Welcome Peter Hibberd

Woolverstone Project Pontoons different setups Pontoons Welcome Peter Hibberd Chief Instructor Woolverstone Project 18 Hansa dinghies 2 RS Ventures 3 Challengers 1 Wheelyboat 1 Sonar Waveney Sailability

581 views • 30 slides
Content CEBC Energy Efficiency Working Group 2019 ESCO Survey Profile of the

Content CEBC Energy Efficiency Working Group 2019 ESCO Survey Profile of the

Clean Energy Business Council 2019 ESCO Survey Mustapha Aanzi, CEBC Energy Efficiency Workgroup, ESCO Subgroup 15 September 2019 1 Content CEBC Energy Efficiency Working Group 2019 ESCO Survey Profile of the ESCOs

679 views • 18 slides
Provocation #1 (by Frank van Harmelen, CIA-ws, Edinburgh, 11 Sep 2006) Ontology research

Provocation #1 (by Frank van Harmelen, CIA-ws, Edinburgh, 11 Sep 2006) Ontology research

Ontology, Scientific Method, and the Research Agenda: Two Provocations and One Argument ! o w T Hans Akkermans & Jaap Gordijn Hans A & Jaap G EKAW-06, Podebrady, CZ, 05 Oct 2006 1 Provocation #1 (by Frank van Harmelen,

334 views • 9 slides

More recommend