COORDINATE: A model to analyse the benefits and costs of coordinating cybercrime

Recent leaks (such as Conti) have provided greater insights on the working of cybercriminal organisations. Just like any other business, these malicious actors strategically manage their processes in order to maximise their revenues. Coordinating different types of cybercrimes as part of a single attack campaign provides another opportunity to these criminal groups to improve the efficiency of their attacks. To investigate the promise of this “coordination” between cybercrimes in improving the financial gains realised by cybercriminals, we take a two-step approach. First, we perform a bibliometric analysis of past scientific literature discussing the concept of “coordination” w.r.t to cybercrime. Second, as a case study, analysing the attack chains of DDoS, phishing and ransomware attacks, we identify vantage points for potential coordination from an attacker’s perspective. Based on our findings, we propose a model (COORDINATE) to identify the types of potential cybercrime “coordinations”. COORDINATE considers three relevant types of coordination: direct collaborated coordination, indirect collaborated coordination, and opportunistic coordination. Given the advantages of coordinated attacks, our results suggest that one crime may provide opportunities for the next one. Coordinated attacks will become more prevalent, and that we may witness the development of a dynamic that leads to more online crime.