发布求助
文献互助 智能选刊 最新文献

2020 APWG Symposium on Electronic Crime Research (eCrime)最新文献

筛选
英文 中文
Beneath the radar: Exploring the economics of business fraud via underground markets 在雷达之下:通过地下市场探索商业欺诈的经济学
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493263
C. Gañán, U. Akyazi, E. Tsvetkova
{"title":"Beneath the radar: Exploring the economics of business fraud via underground markets","authors":"C. Gañán, U. Akyazi, E. Tsvetkova","doi":"10.1109/eCrime51433.2020.9493263","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493263","url":null,"abstract":"Underground marketplaces have emerged as a common channel for criminals to offer their products and services. A portion of these product comprises the illegal trading of consumer products such as vouchers, coupons, and loyalty program accounts that are later used to commit business fraud. Despite its well-known existence, the impact of this type of business fraud has not been analyzed in depth before. By leveraging longitudinal data from 8 major underground markets from 2011–2017, we identify, classify and quantify different types of business fraud to then analyze the characteristics of the companies who suffered from them. Moreover, we investigate factors that influence the impact of business fraud on these companies. Our models show that cybercriminals prefer selling products of well-established companies, while smaller companies appear to suffer higher revenue losses. Stolen accounts are the most transacted items, while pirated software together with loyalty programs create the heaviest revenue losses. The estimated criminal revenues are relatively low, at under $600 000 in total for the whole period; but the total estimated revenue losses are up to $7.5 millions.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129234753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Analysis of Darknet Market Activity as a Country-Specific, Socio-Economic and Technological Phenomenon 分析暗网市场活动作为一个特定的国家,社会经济和技术现象
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493259
Anela Sutanrikulu, Sandra Czajkowska, Jens Grossklags
{"title":"Analysis of Darknet Market Activity as a Country-Specific, Socio-Economic and Technological Phenomenon","authors":"Anela Sutanrikulu, Sandra Czajkowska, Jens Grossklags","doi":"10.1109/eCrime51433.2020.9493259","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493259","url":null,"abstract":"The technological peculiarities of the Darknet as well as the availability of illicit items on the embedded market-places have raised heated debates in the media and keen interest by law enforcement and academics. In prior work, researchers have already investigated the infrastructure of Darknet platforms and the global distribution of Darknet market activity.In our work, we take a broader perspective by studying the Darknet as a regional, socio-economic and technological phenomenon. Our starting assumption is that there exist cross-country indicators that are related to Darknet market activity. We identify relevant indicators, and discuss their relationship to cybercrime from a theoretical perspective. We apply regression modelling and conduct a qualitative comparative analysis (QCA) to study the impact of the identified indicators on the number of items offered on the Darknet. We find that GDP per capita, the number of Bitcoin downloads per capita, the number of Tor relay users per capita and an education index correlate with market activity on Darknet platforms.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"55 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126566036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Patterns of online repeat victimisation and implications for crime prevention 网上重复受害的模式及其对预防犯罪的影响
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493258
S. Correia
{"title":"Patterns of online repeat victimisation and implications for crime prevention","authors":"S. Correia","doi":"10.1109/eCrime51433.2020.9493258","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493258","url":null,"abstract":"This paper explores the characteristics of repeat victimisation (RV) in relation to fraud and computer misuse (F&CM) crimes recorded in Wales, United Kingdom (UK). The wider study included mixed-methods analysis of a sample of cases (n = 10,001) reported by individuals in Wales, over a period of two years (ending in September 2016). In this paper, key results from the quantitative part of this study concerning RV are presented. This paper contributes to an empirically grounded understanding RV with respect to F&CM and its insights are of direct relevance to theoretical understandings of victimisation and the formulation of interventions within the ‘Protect’ strand of policing in the UK. It suggests that older age is associated with RV for these crime types, that a repeat report is likely to be of the same general type as the crime which preceded it and that interventions to protect individuals from being re-victimised are best targeted within two weeks to one month of the first report. The paper also highlights the extent to which RV analysis is constrained by the rules which shape crime recording and identifies avenues for improvement of data collection and further research. Furthermore, it suggests the need to develop a framework of F&CM vulnerability which goes beyond risk of re-victimisation and better accounts for and enables a response to victims’ wider support needs.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131448870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
When will my PLC support Mirai? The security economics of large-scale attacks against Internet-connected ICS devices 我的PLC什么时候支持Mirai?针对联网ICS设备的大规模攻击的安全经济学
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493257
Michael Dodson, A. Beresford, Daniel R. Thomas
{"title":"When will my PLC support Mirai? The security economics of large-scale attacks against Internet-connected ICS devices","authors":"Michael Dodson, A. Beresford, Daniel R. Thomas","doi":"10.1109/eCrime51433.2020.9493257","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493257","url":null,"abstract":"For nearly a decade, security researchers have highlighted the grave risk presented by Internet-connected Industrial Control Systems (ICS). Predictions of targeted and indiscriminate attacks have yet to materialise despite continued growth of a vulnerable population of devices. We investigate the missing attacks against ICS, focusing on large-scale attacks enabled by Internet-connected populations. We fingerprint and track more than 10 000 devices over four years to confirm that the population is growing, continuously-connected, and unpatched. We also track 150 000 botnet hosts, monitor 120 global ICS honeypots, and sift 70 million underground forum posts to show that the cybercrime community has little competence or interest in the ICS domain. Attackers may be dissuaded by the high cost of entry, the fragmented ICS population, and limited onboard resources; however, this justification is incomplete. We use a series of case studies to develop a security economics model for large-scale attacks against Internet-connected populations in general, and use it to explain both the current lack of interest in ICS and the features of Industry 4.0 that will make the domain more accessible and attractive to attackers.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116397625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
WordyThief: A Malicious Spammer WordyThief:恶意垃圾邮件发送者
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493261
Renée Burton, V. Tymchenko, Nicholas Sundvall, Minh Hoang, J. Mozley, M. Josten
{"title":"WordyThief: A Malicious Spammer","authors":"Renée Burton, V. Tymchenko, Nicholas Sundvall, Minh Hoang, J. Mozley, M. Josten","doi":"10.1109/eCrime51433.2020.9493261","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493261","url":null,"abstract":"We detail the tradecraft used to discover and exploit a prolific Russian-affiliated malicious spam actor. To the best of our knowledge, this paper is the first description of the actor, whom we call WordyThief, and the first publication demonstrating the application of graph techniques to the identification of malicious spam campaigns. This work contributes to the threat intelligence community both as a technique that can be utilized in daily practice, and as a thorough account of WordyThief, who continues to spread malware in October 2020. We initially discovered isolated malware campaigns using large-scale bipartite graphs created from email metadata. These graphs and related campaign specifics revealed the use of domain names within the spammer’s infrastructure devised through dictionary domain generation algorithms (DDGAs). Using a second graph-based technique and time series analysis, we recovered the underlying dictionaries and temporal behavior of the actor. A retrospective review of spam collection and correlation with other Domain Name System (DNS) information led us to conclude that the campaigns were all the work of a single actor. We tracked their activity and substantiated our methods retrospectively, through December 2019. We also leveraged open source intelligence (OSINT) to verify our findings. We found that WordyThief operates a large spam infrastructure and distributes malware that steals personal and financial information from victims. This paper includes not only the scientific methods used to detect the actor, but also detailed descriptions and analyses of several elements of their tactics, techniques, and procedures (TTP). We include an analysis of the actor’s tendency to use of aged domains, a text analysis of their emails, use of embedded IP tracking in their campaigns, harvesting of open source images, and an exposition of their evolving exploitation techniques.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114933925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
eCrime 2020 Cover Page 《犯罪犯罪2020》封面
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/ecrime51433.2020.9493249
{"title":"eCrime 2020 Cover Page","authors":"","doi":"10.1109/ecrime51433.2020.9493249","DOIUrl":"https://doi.org/10.1109/ecrime51433.2020.9493249","url":null,"abstract":"","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122212413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Phishing With A Darknet: Imitation of Onion Services 用暗网钓鱼:模仿洋葱服务
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493262
Frederick Barr-Smith, Joss Wright
{"title":"Phishing With A Darknet: Imitation of Onion Services","authors":"Frederick Barr-Smith, Joss Wright","doi":"10.1109/eCrime51433.2020.9493262","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493262","url":null,"abstract":"In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other ‘onion services’ as means for phishing, akin to traditional ‘typosquatting’ on the web. This phenomenon occurs due to the complex trust relationships in Tor’s onion services, and particularly the complex webs of trust enabled by darknet markets and similar services. To do so, we built a modular scraper tool to identify networks of maliciously cloned darknet marketplaces; in addition to other characteristics of onion services, in aggregate. The networks of phishing sites identified by this scraper were then subject to clustering and analysis to identify the method of phishing and the networks of ownership across these sites. We present a novel discovery mechanism for sites, means for clustering and analysis of onion service phishing and clone sites, and an analysis of their spectrum of sophistication.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131945613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Ten years of attacks on companies using visual impersonation of domain names 十年来利用视觉模拟域名攻击公司
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493251
Geoffrey Simpson, T. Moore, R. Clayton
{"title":"Ten years of attacks on companies using visual impersonation of domain names","authors":"Geoffrey Simpson, T. Moore, R. Clayton","doi":"10.1109/eCrime51433.2020.9493251","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493251","url":null,"abstract":"We identify over a quarter of a million domains used by medium and large companies within the .com registry. We find that for around 7% of these companies very similar domain names have been registered with character changes that are intended to be indistinguishable at a casual glance. These domains would be suitable for use in Business Email Compromise frauds. Using historical registration and name server data we identify the timing, rate, and movement of these look-alike domains over a ten year period. This allows us to identify clusters of registrations which are quite clearly malicious and show how the criminals have moved their activity over time in response to countermeasures. Although the malicious activity peaked in 2016, there is still sufficient ongoing activity to cause concern.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115606912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Averages don’t characterise the heavy tails of ransoms 平均数并不能描述赎金的重尾
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493256
É. Leverett, E. Jardine, Erin Burns, Ankit Gangwal, Dan Geer
{"title":"Averages don’t characterise the heavy tails of ransoms","authors":"É. Leverett, E. Jardine, Erin Burns, Ankit Gangwal, Dan Geer","doi":"10.1109/eCrime51433.2020.9493256","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493256","url":null,"abstract":"The Bitcoin block-chain is the scoreboard of Ransomware. By mining the data in it and within the malware itself, we can understand the distribution of ransoms and characterise ransomware risk. Ransoms follow the power-law distribution in their amounts. The alpha parameter (α) of those power laws suggest they do not have a well defined average for most years in our study. Indeed, there has not been an α above 2 since 2015 and so there has not been a stable ransomware average since that time. The changing α has strong implications for cyber risk management and policy responses to ransomware attacks.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124859616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Scam Pandemic: How Attackers Exploit Public Fear through Phishing 诈骗流行:攻击者如何利用公众的恐惧通过网络钓鱼
2020 APWG Symposium on Electronic Crime Research (eCrime) Pub Date : 2020-11-16 DOI: 10.1109/eCrime51433.2020.9493260
Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
{"title":"Scam Pandemic: How Attackers Exploit Public Fear through Phishing","authors":"Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn","doi":"10.1109/eCrime51433.2020.9493260","DOIUrl":"https://doi.org/10.1109/eCrime51433.2020.9493260","url":null,"abstract":"As the COVID-19 pandemic started triggering widespread lockdowns across the globe, cybercriminals did not hesitate to take advantage of users’ increased usage of the Internet and their reliance on it. In this paper, we carry out a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. By collecting, synthesizing, and analyzing DNS records, TLS certificates, phishing URLs, phishing website source code, phishing emails, web traffic to phishing websites, news articles, and government announcements, we track trends of phishing activity between January and May 2020 and seek to understand the key implications of the underlying trends.We find that phishing attack traffic in March and April 2020 skyrocketed up to 220% of its pre-COVID-19 rate, far exceeding typical seasonal spikes. Attackers exploited victims’ uncertainty and fear related to the pandemic through a variety of highly targeted scams, including emerging scam types against which current defenses are not sufficient as well as traditional phishing which outpaced the ecosystem’s collective response.","PeriodicalId":103272,"journal":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","volume":"151 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132173247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信