Advertisement

Cybercrime-as-a-Service Operations

Reference work entry

Abstract

This chapter explores the cybercrime-as-a-service operations that have changed the cybercrime marketplace from a direct sales model to a managed service model. As cybercrime evolved, so did the motivation and skill of the hackers. What began as a highly skilled activity undertaken by individuals driven by curiosity and research grew to a horde of lightly trained yet motivated young people looking for notoriety and/or a quick profit as tools became easier to use and more readily available. As the ability to profit from cybercrime grew exponentially, hackers began to sell their services, and eventually it was more profitable and less risky to sell a packaged cybercrime as a service than commit the crime. The cybercrime-as-a-service operations now involve many types of cybercrime including botnets, distributed denial of service attacks (DDoS), credit card fraud, malware, spam, and phishing attacks. The services are sold through hacker forums, direct web sales, and on the dark web using cryptocurrency. The world’s law enforcement agencies have recognized the threat of cybercrime-as-a-service operations, and there have been recent high-profile arrests of the operators and takedowns of the cybercrime-as-a-service operations.

Keywords

Cybercrime as a service Botnets DDos Fraud Economy Dark web 

References

  1. Alhomoud, A., Awan, I., Disso, J., & Younas, M. (2013). A next-generation approach to combating botnets. Computer, 46(4), 62–66. Retrieved from http://doi.ieeecomputersociety.org/10.1109/MC.2013.67.CrossRefGoogle Scholar
  2. Alnabulsi, H., & Islam, R. (2018). Identification of illegal forum activities inside the dark net. In 2018 international conference on machine learning and data engineering (iCMLDE).  https://doi.org/10.1109/iCMLDE.2018.00015.
  3. Arbor Networks. (2015, January). Arbor networks 10th annual worldwide infrastructure security report finds 50X increase in DDoS attack size in past decade. Press Release. Retrieved from http://www.arbornetworks.com/arbor-networks-10th-annual-worldwide-infrastructure-security-report-finds-50x-increase-in-ddos-attack-size-in-past-decade
  4. Arghire, I. (2017a). Poison Ivy RAT campaign leverges new delivery techniques. Security Week. Retrieved from https://www.securityweek.com/poison-ivy-rat-campaign-leverages-new-delivery-techniques
  5. Arghire, I. (2017b). Neverquest trojan ceases operations. Security Week. Retrieved from https://www.securityweek.com/neverquest-trojan-ceases-operations
  6. Bacurio, F., & Salvio, J. (2017). A peculiar case of Orcus RAT targeting bitcoin investors. Fortinet.com. Retrieved from https://www.fortinet.com/blog/threat-research/a-peculiar-case-of-orcus-rat-targeting-bitcoin-investors.html
  7. Bedwell, P. (2016). Exploit kits for drive by download attacks. Alienvalut.com. Retrieved from https://www.alienvault.com/blogs/security-essentials/exploit-kits-for-drive-by-download-attacks
  8. Bell, S. (2018). The dark art of malware creation. BullGuard Blog. Retrieved from https://www.bullguard.com/blog/2018/02/the-dark-art-of-malware-creation
  9. Benjamin, V., Li, W., Holt, T., & Chen, H. (2015). Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops. In Proceedings of the 2015 IEEE international conference on intelligence and security informatics. Baltimore.  https://doi.org/10.1109/ISI.2015.7165944.
  10. Botsman, R. (2017). How darknet sellers build trust, the Amazon for drug dealing is built around user reviews. Nautilus. Retrieved from http://nautil.us/issue/55/trust/how-darknet-sellers-build-trust
  11. Brison, U. (2015, February). ‘Fullz’, ‘Dumps’, and more: Here’s what hackers are selling on the black market. Venturebeat.com. Retrieved from https://venturebeat.com/2015/02/08/fullz-dumps-and-cvvs-heres-what-hackers-are-selling-on-the-black-market/
  12. Buntz, B. (2017). 8 strategies to transition to a product-as-a-service business model. IoT World Today. Retrieved from https://www.iotworldtoday.com/2017/06/14/8-strategies-transition-product-service-business-model/
  13. Cao, L, & Qiu, X. (2013, July). Defense against botnets: A formal definition and a general framework. In Proceedings of the 2013 IEEE eighth international conference on networking, architecture, and storage, Xi’an, Shaanxi, China, pp. 237–-241. Retrieved from http://doi.ieeecomputersociety.org/10.1109/NAS.2013.37
  14. Cimpanu, C. (2016). You can rent a Mirai botnet of 400,000 bots. Bleeping Computer. Retrieved from https://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/
  15. CISA. (2018). Security tip (ST18-004), protecting against malicious code. Cyber and Infrastructure Security Agency. Retrieved from https://www.us-cert.gov/ncas/tips/ST18-271
  16. Computer Fraud and Abuse Act of 1986. (2012). 18 U.S.C. Section 1030. Retrieved from https://www.law.cornell.edu/uscode/text/18/1030
  17. Cooke, E., Jahanian, F., McPherson, D. (2005). The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the steps to reducing unwanted traffic on the internet workshop 2005, Cambridge, MA. Retrieved from https://www.usenix.org/legacy/events/sruti05/tech/full_papers/cooke/cooke.pdf
  18. Cooney, M. (2010). Researchers unsheathe new tool to battle botnets. Network World. Retrieved from https://www.networkworld.com/article/2231293/researchers-unsheathe-new-tool-to-battle-botnets.html
  19. Crozier, R. (2009). Cybercrime-as-a-service takes off. ITNews.com. Retrieved from https://www.itnews.com.au/news/cybercrime-as-a-service-takes-off-139711
  20. Curran, D. (2018). My terrifying deep dive into one of Russia’s largest hacking forums. The Guardian. Retrieved from https://www.theguardian.com/commentisfree/2018/jul/24/darknet-dark-web-hacking-forum-internet-safety.
  21. De Groot, J. (2019). A history of ransomware attacks: The biggest and worst ransomware attacks of all time. Data Guardian. Retrieved from https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time
  22. Dhanjani, N., & Rios, B. (2008). Bad sushi: Beating phishers at their own game. Presented at the Annual Blackhat Meetings, Las Vegas, Nevada.Google Scholar
  23. Dittrich, D. (2012). So you want to take over a botnet. In Proceedings of the 5th USENIX workshop on large-scale exploits and emergent threats, LEET ‘12. San Jose. Retrieved from https://www.usenix.org/system/files/conference/leet12/leet12-final23.pdf
  24. DOJ. (2018a). Akron man arrested and charged for launching denial of service attacks that shut down web sites for city of Akron and Akron Police Department. DOJ. [Press Release]. Retrieved from https://www.justice.gov/usao-ndoh/pr/akron-man-arrested-and-charged-launching-denial-service-attacks-shut-down-web-sites
  25. DOJ. (2018b). Latvian national pleads guilty to “Scareware” hacking scheme that targeted Minneapolis star tribune website. DOJ. [Press Release]. Retrieved from https://www.justice.gov/opa/pr/latvian-national-pleads-guilty-scareware-hacking-scheme-targeted-minneapolis-star-tribune
  26. Du, P., Zhang, N., Ebrahimi, M., Samtani, S., Lazarine, B., Arnold, N., Dunn, R., Suntwal, S., Angeles, G., Schweitzer, R., & Chen, H. (2018). Identifying, collecting, and presenting hacker community data: Forums, IRC, carding shops, and DNMs. 2018 IEEE international conference on intelligence and security informatics (ISI).  https://doi.org/10.1109/ISI.2018.8587327.
  27. Egan, M. (2019). What is the dark web & how to access it. Tech Advisor. Retrieved from https://www.techadvisor.co.uk/how-to/internet/dark-web-3593569/
  28. Europol. (2017). Five arrested for spreading ransomware throughout Europe and US. Europol. [Press Release]. Retrieved from https://www.europol.europa.eu/newsroom/news/five-arrested-for-spreading-ransomware-throughout-europe-and-us
  29. Europol. (2018). World’s biggest marketplace selling Internet paralyzing DDOS attacks taken down. Europol. [Press Release]. Retrieved from https://www.europol.europa.eu/newsroom/news/world’s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-do
  30. FBI. (2017). Darknet takedown authorities shutter online criminal market AlphaBay. FBI.gov. Retrieved from https://www.fbi.gov/news/stories/alphabay-takedown
  31. Fireeye. (2014). Poison Ivy: Assessing damage and extracting intelligence. Fireeye. Retrieved from https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
  32. Franklin, J., Paxson, V., Perrig, A., & Savage, S. (2007). An inquiry into the nature and cause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, 2007 in Alexandria, VA.Google Scholar
  33. Fruhlinger, J. (2018). What is ransomware? How these attacks work and how to recover from them. CSO Online. Retrieved from https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html
  34. Fruhlinger, J. (2019). What is phishing? How this cyber attack works and how to prevent it. CSO Online. Retrieved from https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html
  35. F-Secure. (2018). SPAM is still choice of online criminals, 40 years later. F-Secure. Retrieved fromhttps://press.f-secure.com/2018/07/31/spam-is-still-the-choice-of-online-criminals-40-years-later/
  36. FTC. (2019). Malware. Federal Trade Commission. Retrieved from https://www.consumer.ftc.gov/articles/0011-malware
  37. Grebennikov, N. (2007). Keyloggers: How they work and how to detect them. Kaspersky Lab. Retrieved from https://securelist.com/keyloggers-how-they-work-and-how-to-detect-them-part-1/36138/
  38. Greenberg, A. (2013). End of the silk road: FBI says it’s busted the web’s biggest anonymous drug black market. Forbes. Retrieved from https://www.forbes.com/sites/andygreenberg/2013/10/02/end-of-the-silk-road-fbi-busts-the-webs-biggest-anonymous-drug-black-market/#3581cac65b4f
  39. Greenberg, A. (2018). Operation bayonet: Inside the sting that hijacked an entire dark web drug market. Weird. Retrieved from https://www.wired.com/story/hansa-dutch-police-sting-operation/
  40. Guccione, D. (2019). What is the dark web? How to access it and what you’ll find. CSO Online. Retrieved from https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html
  41. Hahad, M. (2018). Ransomware-as-a-service: Hackers’ big business. Security Magazine. Retrieved from https://www.securitymagazine.com/articles/88786-ransomware-as-a-service-hackers-big-business
  42. Hamandi, K., Salman, A., Elhajj, I., Chehab, A., & Kayssi, A. (2015). Messaging attacks on Android: Vulnerabilities and intrusion detection. Mobile Information Systems, 2015, 1–13.  https://doi.org/10.1155/2015/746930.CrossRefGoogle Scholar
  43. Herley, C., & Florencio, D. (2010). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In T. Moor, D. J. Pym, & C. Ionnidis (Eds.), Economics of information security and privacy (pp. 35–53). New York: Springer.Google Scholar
  44. Holt, T. (2013). Examining the forces shaping cybercrime markets online. Social Science Computer Review, 31, 165–177. Retrieved from https://journals.sagepub.com/stoken/default+domain/H3WiYFUj8TAJJXtbUE9e/full.CrossRefGoogle Scholar
  45. Holt, T. (2014). Understanding the underground economy for stolen data (ACJS Today, November 2014). Greenbelt: Academy of Criminal Justice Sciences. Retrieved from http://www.acjs.org/uploads/file/ACJS_Today_November_2014.pdf.Google Scholar
  46. Holt, T. J., & Lampke, E. (2010). Exploring stolen data markets on-line: Products and market forces. Criminal Justice Studies, 23, 33–50.CrossRefGoogle Scholar
  47. Holt, T. J., Smirnova, O., & Chua, Y.-T. (2016). Exploring and estimating the revenues and profits of participants in stolen data markets. Deviant Behavior, 37(4), 353–367.CrossRefGoogle Scholar
  48. Holz, T., Engelberth, M., & Freiling, F. (2009). Learning more about the underground economy: A case-study of keyloggers and dropzones. In M. Backes & P. Ning (Eds.), Computer security-ESCORICS (pp. 1–18). Berlin/Heidelberg: Springer.Google Scholar
  49. Hord, J. (2019). How SMS works. Howstuffworks.com. Retrieved from https://computer.howstuffworks.com/e-mail-messaging/sms.htm
  50. Huang, K., Siegel, M., & Madnick, S. (2017). Cybercrime-as-a-service: Identifying control points to disrupt. Interdisciplinary consortium for improving critical infrastructure cybersecurity, MIT. Retrieved from http://web.mit.edu/smadnick/www/wp/2017-17.pdf
  51. Hutchings, A., & Clayton, R. (2016). Exploring the provision of online booter services. Deviant Behavior, 37, 1163–1178.CrossRefGoogle Scholar
  52. Hyslip, T., & Holt, T. (2019). Assessing the capacity of DDoS-for-hire services in markets. Deviant Behavior.  https://doi.org/10.1080/01639625.2019.1616489
  53. Hyslip, T., & Pittman, J. (2015). A survey of botnet detection techniques by command and control infrastructure. The Journal of Digital Forensics, Security, and Law, 10(1), 7–26.Google Scholar
  54. Imperva. (2019). Botnet DDoS attacks. Imperva.com. Retrieved from https://www.imperva.com/learn/application-security/botnet-ddos/?utm_campaign=Incapsula-moved
  55. Jackson, D. (2007). Gozi Trojan. Secureowrks.com. Retrieved from https://www.secureworks.com/research/gozi
  56. Karami, M., & McCoy, D. (2013). Understanding the emerging threat of DDoS-as-a-Service. In Proceedings of the 6th USENIX workshop on large-scale exploits and emergent threats.Google Scholar
  57. Karami, M., Park, Y., & McCoy, D. (2015). Stress testing the booters: Understanding and undermining the business of DDoS services. WWW2016, 1033–1044.Google Scholar
  58. Kaspersky. (2019). What is a botnet. Kaspersky Lab. Retrieved from https://usa.kaspersky.com/resource-center/threats/botnet-attacks
  59. Kim, E., McDaniel, P., & LaPorta, T. (2013). A detection mechanism for SMS flooding attacks in cellular networks. In Proceedings of the 9th international conference on security and privacy in communication systems. Sydney.Google Scholar
  60. Knote, M., Perdisci, R., & Feamster, N. (2015). ASwatch: An AS reputation system to expose bulletproof hosting ASes. In Proceedings of SIGCOMM 2015. London. Retrieved from https://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p625.pdf
  61. Kolias, C., Kambourakis, G., Stabrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80–84.CrossRefGoogle Scholar
  62. Krebs, B. (2010). Body armor for the bad web sites. Krebs on Security. Retrieved from https://krebsonsecurity.com/2010/11/body-armor-for-bad-web-sites/
  63. Krebs, B. (2014). Peek inside a professional carding shop. Krebs on Securty. Retrieved from https://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/
  64. Krebs, B. (2017). Ransomware for dummies: Anyone can do it. Krebsonsecurity.com. Retrieved from https://krebsonsecurity.com/tag/philadelphia-ransomware/
  65. Krebs, B. (2019). Canadian police raid “Orcus RAT” author. KrebsonSecurity.com. Retrieved from https://krebsonsecurity.com/2019/04/canadian-police-raid-orcus-rat-author/
  66. Kwon, K.-N., & Lee, J. (2003). Concerns about payment security of internet purchases: A perspective on current on-line shoppers. Clothing and Textiles Research Journal, 21(4), 174–184.CrossRefGoogle Scholar
  67. Laing, B. (2018). Malware-as-a-service: The 9-to-5 of organized cybercrime. Lastline.com. Retrieved from https://www.lastline.com/blog/malware-as-a-service-the-9-to-5-of-organized-cybercrime/
  68. Lewis, J. (2018). Economic impact of cybercrime – No slowing down. McAfee. Retrieved from https://www.mcafee.com/enterprise/en-us/solutions/lp/economics-cybercrime.html
  69. Lynch, S. (2018). U.S. shuts down cyber crime ring launched by Ukrainian. Reuters. Retrieved from https://www.reuters.com/article/us-usa-cybercrime/u-s-shuts-down-cyber-crime-ring-launched-by-ukrainian-idUSKBN1FR2M7
  70. Manky, D. (2013). Cybercrime as a service: A very modern business. Computer Fraud and Security, 6, 9–13.CrossRefGoogle Scholar
  71. Mark, J. (2019). SMS attacks on the risk in 2019. DFNDR Blog. Retrieved from https://www.psafe.com/en/blog/sms-attacks-on-the-rise-in-2019/
  72. Martindale, J. (2018). From pranks to nuclear sabotage, this is the history of malware. Digitaltrends.com. Retrieved from https://www.digitaltrends.com/computing/history-of-malware/
  73. Mathews, L. (2016). World’s biggest Mirai botnet is being rented out for DDoS attacks. Forebes.com. Retrieved from https://www.forbes.com/sites/leemathews/2016/11/29/worlds-biggest-mirai-botnet-is-being-rented-out-for-ddos-attacks/#79bf817358ad
  74. McAfee. (2013a). What is a “Drive-By” download? McAfee. Retrieved from https://securingtomorrow.mcafee.com/consumer/family-safety/drive-by-download/
  75. McAfee. (2013b). What is a keylogger? McAfee. Retrieved from https://securingtomorrow.mcafee.com/consumer/family-safety/what-is-a-keylogger/
  76. McAfee. (2018). Economic impact of cybercrime – No slowing down. McAfee. Retrieved from https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-economic-impact-cybercrime.pdf
  77. Medium. (2018). Protect your website: How to avoid SMS traffic flooding attacks. Medium.com. Retrieved from https://medium.com/@Alibaba_Cloud/protect-your-website-how-to-avoid-sms-traffic-flooding-attacks-d8d9561dcdeb
  78. Mendoza, M. (2016). The cybercrime business model and its value chain. Welivesecuirty.com. Retrieved from https://www.welivesecurity.com/2016/12/08/cybercrime-business-model-value-chain/
  79. Microsoft. (2018). Exploits and exploit kits. Microsoft.com. Retrieved from https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/exploits-malware
  80. Moreno, M. (2016). Malware as a service: As easy as it gets. WebRoot. Retrieved from https://www.webroot.com/blog/2016/03/31/malware-service-easy-gets/
  81. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., & Voelker, G. M. (2011). An analysis of underground forums. IMC, 11, 71–79.Google Scholar
  82. Mullis, S. (2013). Cybercriminal intent: How to build your own botnet in less than 15 minutes. Fireeye. Retrieved from https://www.fireeye.com/blog/executive-perspective/2013/08/cybercriminal-intent-how-to-build-your-own-botnet-in-less-than-15-minutes.html
  83. NJCCIC. (2017). Poison Ivy. Trojan Variants. Retrieved from https://www.cyber.nj.gov/threat-profiles/trojan-variants/poison-ivy
  84. NJCCIC. (2019). Exploit kits. NJCCIC. Retrieved from https://www.cyber.nj.gov/threat-profiles/exploit-kits/
  85. Noga. (2017). New “dissain” exploit kit may signal reemergence of the popular hacker tool. Intsights.com. Retrieved from https://www.intsights.com/blog/new-disdain-exploit-kit-may-signal-reemergence-of-the-popular-hacker-tool
  86. Norton. (2019a). What is bulletproof hosting. Norton by Symantec. Retrieved from https://us.norton.com/internetsecurity-emerging-threats-what-is-bulletproof-hosting.html
  87. Norton. (2019b). What is malware and how can we prevent it. Norton.com. Retrieved from https://us.norton.com/internetsecurity-malware.html
  88. Oikarinen, J., & Reed, D. (1993). Internet relay chat protocol RFC 1459. Internet Engineering Task Force. Retrieved from http://tools.ietf.org/html/rfc1459.html
  89. Otto, G. (2018). Asia’s hackers are finding a home on the dark web. Cyberscoop. Retrieved from https://www.cyberscoop.com/asia-dark-web-china-hackers-intsights/
  90. Paganini, P. (2013). Cybercrime as a service. Infosec Institute. Retrieved from https://resources.infosecinstitute.com/cybercrime-as-a-service/#gref
  91. Palmer, D. (2016). Phishing-as-a-service is making it easier than ever for hackers to steal your data. ZDNet. Retrieved from https://www.zdnet.com/article/phishing-as-a-service-is-making-it-easier-than-ever-for-hackers-to-steal-data/
  92. Palmer, D. (2017). New dark web scheme lets wannabe cybercriminals get in on ransomware – for free. ZDNet. Retrieved from https://www.zdnet.com/article/new-dark-web-scheme-lets-wannabe-cybercriminals-get-in-on-ransomware-for-free/
  93. Palmer, D. (2018). What is ransomware? Everything you need to know about one of the biggest menaces on the web. ZDNet.com. Retrieved from https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/
  94. Palotay, D. (2017). Ransomware as a Service (RaaS): Deconstructing Philadelphia. Sophos. Retrieved from https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/RaaS-Philadelphia.pdf?la=en
  95. Patterson, D. (2018). Dark web: A cheat sheet for business professionals. TechRepublic. Retrieved from https://www.techrepublic.com/article/dark-web-the-smart-persons-guide/
  96. Proofpoint. (2017). Philadelphia ransomware brings customization to commodity malware. Proofpoint. Retrieved from https://www.proofpoint.com/us/threat-insight/post/philadelphia-ransomware-customization-commodity-malware
  97. Proofpoint. (2018). Proofpoint threat report: Banking Trojans dominate the malware landscape in the first months of 2018. Proofpoint.com. Retrieved from https://www.proofpoint.com/us/threat-insight/post/proofpoint-threat-report-banking-trojans-dominate-malware-landscape-first-months
  98. Rankin, B. (2018). A brief history of malware – Its evolution and impact. Lastline.com. Retrieved from https://www.lastline.com/blog/history-of-malware-its-evolution-and-impact/
  99. Rendell, D. (2019). Understanding Malware. Computer Fraud and Security 2019(1):17–19.  https://doi.org/10.1016/S1361-3723(19)30010-7CrossRefGoogle Scholar
  100. Rossow, C., & Gortz, H. (2014). Amplification hell: Revisiting network protocols for DDoS abuse. In Proceedings of the 2014 Network and Distributed System Security (NDSS) symposium. San Diego. Retrieved from http://www.internetsociety.org/sites/default/files/01_5.pdf
  101. RSA. (2019). Drive-by download. [White paper]. RSA. Retrieved from https://www.rsa.com/content/dam/en/case-study/asoc-drive-by-download.pdf
  102. Rutherford, R. (2018). The changing face of phishing. Computer Fraud and Security, 2018(11), 6–8.  https://doi.org/10.1016/S1361-3723(18)30107-6.CrossRefGoogle Scholar
  103. Schwartz, M. (2017). Rent the latest exploit toolkit for $80 per day. Bank Info Security. Retrieved from https://www.bankinfosecurity.com/rent-latest-exploit-toolkit-for-80-per-day-a-10201
  104. Seals, T. (2018). Bad botnet growth skyrockets in 2017. Insecurity Magazine. Retrieved from https://www.infosecurity-magazine.com/news/bad-botnet-growth-skyrockets-in/
  105. Searchsecurity. (2019). Keylogger (keystroke logger or system monitor). Tech Target. Retrieved from https://searchsecurity.techtarget.com/definition/keylogger
  106. SentinelOne. (2016). What is “bulletproof hosting” and why should you worry? SentinelOne.com. Retrieved from https://www.sentinelone.com/blog/what-is-bulletproof-hosting-and-why-should-you-worry/
  107. SETI. (2019). SETI@Home. Berkeley SETI. Retrieved from https://setiathome.berkeley.edu/
  108. Shapira, Y. (2018). DarkSky Botnet. Radware Blog. Retrieved from https://blog.radware.com/security/2018/02/darksky-botnet/
  109. Sood, A., & Enbody, R. (2013). Crimeware-as-a-service-A survey of commoditized crimeware in the underground market. International Journal of Critical Infrastructure Protection, 6, 28–38.  https://doi.org/10.1016/j.ijcip.2013.01.002.CrossRefGoogle Scholar
  110. Spamhaus. (2019). The definition of Spam. Spamhaus. Retrieved from https://www.spamhaus.org/consumer/definition/
  111. Stefnission, S. (2018). Malware businesses blending the legitimate and the illegitimate. Security Week. Retrieved from https://www.securityweek.com/malware-businesses-blending-legitimate-and-illegitimate
  112. Trend Micro. (2019). Command and Control [C&C] server. Trend Micro. Retrieved from https://www.trendmicro.com/vinfo/us/security/definition/command-and-control-server
  113. Turiel, A. (2017a). Build, buy, or lease? The 15 minute botnet. Cyren Security Blog. Cyren.com. Retrieved https://www.cyren.com/blog/articles/build-buy-or-lease-the-15-minute-botnet
  114. Turiel, A. (2017b). Legitimate botnets do exist. Cyren Security Blog. Cyren.com. Retrieved from https://www.cyren.com/blog/articles/legitimate-botnets-do-exist
  115. Turkel, D. (2015). There are now programs that anyone can use to extort money from you. Business Insider. Retrieved from https://www.businessinsider.com/ransomware-as-a-service-is-the-next-big-cyber-crime-2015-12
  116. Veracode. (2019). Rootkit: What is a rootkit? Veracode. Retrieved from https://www.veracode.com/security/rootkit
  117. Vipre. (2019). Security 101: Combat exploit kits with patch management. [White Paper]. Vipre.com. Retrieved from https://www.vipre.com/wp-content/uploads/2017/06/Security-101-Exploits.pdf
  118. Wainwright, R., & Cilluffo, F. (2017). Responding to cybercrime at scale: Operation Avalanche – A case study. Center for Cyber & Homeland Security, The George Washington University. Retrieved from https://cchs.gwu.edu/sites/g/files/zaxdzs2371/f/Responding%20to%20Cybercrime%20at%20Scale%20FINAL.pdf
  119. Wales, F. (2014). 10 signs a career in coding and software development might be right for you. The Guardian. Retrieved from https://www.theguardian.com/careers/ten-signs-career-coding-software-development-right-for-you
  120. Webroot. (2013). How much does it cost to buy 10,000 U.S.-based malware-infected hosts? Webroot.com. Retrieved from https://www.webroot.com/blog/2013/02/28/how-much-does-it-cost-to-buy-10000-u-s-based-malware-infected-hosts/
  121. Whitaker, Z. (2016). BBC, Trump web attacks “just the start,” says hacktivist group. ZDNet. Retrieved from http://www.zdnet.com/article/attackers-targeting-bbc-donald-trump-amazon-web-services/
  122. Williams, R., Samtani, S., Patton, M., & Chen, H. (2018). Incremental hacker forum exploit collection and classification for proactive cyber threat intelligence: An exploratory study. In Proceedings of the 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). Miami.  https://doi.org/10.1109/ISI.2018.8587336.
  123. Witkoswki, T. (2001). Credit fraud usually starts with paper trail. Cincinnati Business Courier. Retrieved from https://www.bizjournals.com/cincinnati/stories/2001/02/12/focus4.html
  124. Yip, M., Webber, C., & Shadbolt, N. (2013). Trust among cybercriminals? Carding forums, uncertainty, and implications for policing. Policing and Society, 23, 1–24.CrossRefGoogle Scholar
  125. Zargar, S., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (distributed denial of service) flooding attacks. IEEE Communications Surveys and Tutorials, PP(99), 1–24.Google Scholar

Copyright information

© The Author(s) 2020

Authors and Affiliations

  1. 1.Norwich UniversityNorthfieldUSA

Personalised recommendations