Cybercrime Trends: an Exploration of Ad-Fraudsters Communities
Jean-Loup Richet, IAE de Paris (Sorbonne Business School)
Abstract/ highlights of the paper
- • This is one of the first studies documenting the way ad-fraud communities innovate and create value for their criminal customers.
- • A multimethod approach was applied for data collection, integrating qualitative and quantitative assessment of six cybercriminal communities.
- • Specialized ad-fraud communities provided a wealth of knowledge and incremental innovations in ad-frauds.
- • General and customer-oriented ad-fraud communities showcased the most internal interactions, as well as exhibiting better performance and growth.
- • General and customer-oriented ad-fraud communities have developed specific capabilities, focusing on innovation through artificial intelligence, which fuels customer engagement and fosters (criminal) attractiveness.
Richet, J.-L. 2022. “How Cybercriminal Communities Grow and Change: An Investigation of Ad-Fraud Communities,” Technological Forecasting and Social Change (174), p. 121282. (https://doi.org/10.1016/j.techfore.2021.121282)
Impact of Proactive Cyber Threat Intelligence on Exploits from the Dark Web
Lawrence J. Awuah
Abstract: The desire to defend against the ever-growing cyber threat landscape necessitates the need to link exploits from the Dark Web to known vulnerabilities with the sole aim of proactively utilizing Cyber Threat Intelligence (CTI) solutions, with Deep Learning (DL) model and Exploit Vulnerability Attention Deep Structured Semantic Model (EVA-DSSM), to maximize data protection, privacy, and security.
A review of “Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-based Deep Structured Semantic Model”. By Samtani, S., Chai, Y., & Chen, H. (2022). MIS Quarterly, 46(2), 911-946.
Summary: “Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel Deep Learning (DL)-based Exploit Vulnerability Attention Deep Structured Semantic Model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel Device Vulnerability Severity Metric (DVSM) that incorporates exploit postdate and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and Denial of Service. Results of these evaluations indicate that the proposed EVA-DSSM achieves Precision at 1 scores 20% – 41% higher than non-DL approaches and 4% – 10% higher than DL-based approaches. We demonstrated the EVA-DSSM’s and DVSM’s practical utility with two CTI case studies: openly accessible systems in the top eight US hospitals and over 20,000 Supervisory Control and Data Acquisition (SCADA) systems worldwide. A complementary user evaluation of the case study results indicated that 45 cybersecurity professionals found the EVA-DSSM and DVSM results more useful for exploit-vulnerability linking and risk prioritization activities than those produced by prevailing approaches. Given the rising cost of cyber-attacks, the EVA-DSSM and DVSM have important implications for analysts in security operations centers, incident response teams, and cybersecurity vendors.”
Keywords: cyber threat intelligence, deep learning, deep structured semantic models, vulnerability assessment, hacker forums, dark web, security operations, cybersecurity analytics
The desire for researchers and subject matter experts to help organizations understand the complexity of attack vectors and support their cyber defense with automated incident response capabilities, driven by machine intelligence, has become so critical in today’s world. We have reached a point where cybersecurity trainees, researchers, and professionals need to continuously gain insights into innovative cybersecurity solutions in the field. The fact that malicious actors consistently use hacking techniques to circumvent security controls and exploit system vulnerabilities in the wake of the current threat landscape motivated Samtani et al.  to develop proactive Cyber Threat Intelligence (CTI) model from the perspective of the Dark Web. More to the point, pattern recognition, anomaly detection, and predictive analytics remain to offer threat intelligence and cybersecurity analytics capabilities that are key ingredients in automated incident response and threats mitigation efforts in the ever-evolving threat landscape.
Additionally, machine intelligence has become so ubiquitous and an indispensable tool, in defensive and offensive operations, that it remains to be a useful resource to cybersecurity leaders and device vendors. As part of their study, the authors adopted a novel Deep Learning (DL)-based model, an Exploit Vulnerability Attention Deep Structured Semantic Model (EVA-DSSM), which comprises bidirectional processing and attention mechanisms with the capability to automatically link exploits from the Dark Web to known vulnerabilities . Additionally, a Device Vulnerability Severity Metric (DVSM) model was developed to be employed by cybersecurity professionals when engaging in device prioritization and risk management activities. A high-Level CTI Framework that captures EVA-DSSM and DVSM models is depicted in figure 1.
In another study, Zhu et al.  adopted a computational design science solution to develop a DL-based, hierarchical, multi-phase Activity of Daily Living (ADL) framework to address similar concerns. Yet, others deployed Tor-use Motivation Model (TMM) and found a network impacted by illicit commerce and money laundering and concluded that criminality on this dark web is based more upon greed and desire, rather than any particular political motivations . These models and frameworks play key roles in emerging cybersecurity mitigation strategies.
Moreover, the vulnerability assessment as part of the automated CTI process, coupled with analytics, facilitate intelligence required by CTI professionals to conduct initial triage of security incidents for anticipated mitigation strategies. Motivated by the dynamic threat landscape, the authors develop a CTI framework and compared the operational differences between the conventional DSSM and their proposed EVA-DSSM . When the proposed EVA-DSSM model was evaluated against both non-DL and DL-based methods for exploit-vulnerability linkages across selected testbeds (figure 1), the DL-based technique was determined to have achieved a much higher precision than the non-DL counterpart.
Furthermore, when a user evaluation of the CTI case study was conducted, the results indicated that a number of cybersecurity professionals found the EVA-DSSM and DVSM to be more efficient in exploitation-vulnerability linking and risk prioritization activities than those produced by conventional solutions. On the other hand, the user evaluation indicated that these professionals serving in the Security Operations Center (SOC), Incident Response (IR), Vulnerability Management (VM), and Operational Cybersecurity (OS) domains of practice found the EVA-DSSM and DVSM results more useful than those generated without these two models (figure 1). Given the rising cost of cyber-attacks, the EVA-DSSM and DVSM have perceived practical significance and important implications for analysts, for example, in the areas of security operations centers, incident response teams, and cybersecurity vendors.
In summary, there is a strong desire to support the fact that the practical and theoretical significance of the proposed EVA-DSSM and DVSM models evidently benefits analysts in SOC and IR teams, as well as security operations vendors. From the preceding analysis, there is also evidence to suggest that DL-based machine intelligence, as noted by the authors, plays a key role in SOC-related engagements. To that end, in mitigating evolving threats, organizations should empower the security operations teams and vendors with automated AI-based mitigation solutions. To efficiently mitigate these threats, organizations should endeavor to empower the security operations team and leadership with appropriate strategies needed to offer security orchestration and response processes to fully automate and manage the complexity of the SOC ecosystems [1-2]. In other words, the ability to seamlessly automate and manage the complexity of security operations to address the dynamic threat landscape remains an important challenge for security researchers, cybersecurity professionals, and cybersecurity vendors. Finally, from the preceding analysis, the EVA-DSSM and DVSM models certainly have crucial implications for those analysts in the SOC-based environment and cybersecurity vendors. Researchers and professionals alike have a major role to play in search of broader cybersecurity solutions for the interest of society.
See the full review here: Research Summary-Exploits from the Dark Web
 Samtani, S., Chai, Y., & Chen, H. (2022). Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-based Deep Structured Semantic Model. MIS Quarterly, 46(2), 911-946. DOI: 10.25300/MISQ/2022/15392
 Kinyua, J. & Awuah, L. (2021). AI/ML in Security Orchestration, Automation and Response: Future Research Directions. Intelligent Automation & Soft Computing, 28(2), 527–545. DOI:10.32604/iasc.2021.016240
 Dalins, J., Wilson, C., & Carman, M. (2018). Criminal motivation on the dark web: A categorisation model for law enforcement. Digital Investigation, 24 (1), pp. 62-71. https://doi.org/10.1016/j.diin.2017.12.003
 Zhu, H., Samtani, S., Brown, R., & Chen, H. (2021). A Deep Learning Approach for Recognizing Activity of Daily Living (ADL) for Senior Care: Exploiting Interaction Dependency and Temporal Patterns. MIS Quarterly 45(2), pp. 859-896.
Blockchain Regulatory Framework, Legal Challenges and the Financial Industry
In order to stay competitive, financial industry must seize the opportunities of the on-going technological disruption, and particularly with the recent so-called blockchain innovation when some argue that this new technology has the potential to replace banks as financial intermediaries for transfer and exchanges of money. In this transitional context, financial sector could face new cybersecurity risks, with sophisticated attacks, which eventually call for a renewed regulation framework. Here the financial sector means banks, insurers, asset managers, and advisory firms.
Blockchain can be defined as “a peer-to-peer operated public digital ledger that records all transactions executed for a particular asset (…) The Blockchain maintains this record across a network of computers, and anyone on the network can access the ledger. Blockchain is ‘decentralised’ meaning people on the network maintain the ledger, requiring no central or third party intermediary involvement. […] Users known as ‘miners’ use specialized software to look for these time stamped ‘blocks’, verify their accuracy using a special algorithm, and add the block to the chain. The chain maintains chronological order for all blocks added because of these time-stamps.” (Alderman, 2015)
Hence, Blockchain, well known through the so-called bit coin, could open much more perspective and should guaranty security and the validation of all the exchange of data. In addition to open room for new business opportunities, this new technology could disrupt the legal conception of privacy, intellectual property right, and presents some issues regarding financial institution accountability given the new associated risks. As a consequence while financial institutions have been under strengths by the new regulatory requirements in the aftermath of the 2008 financial crisis, they might see their accountability rises again to address cybersecurity risks and associated prejudices related to blockchain innovation.
This paper explains how business compliance to new cyber regulatory framework is a strategic issue for financial institutions. It presents the financial institutions specific data profile and linked eventual collateral damages. It highlights blockchain innovation opportunities and associated new cybercrime challenges. It describes the current European regulatory framework and legal accountability scenarios. It then finally supports the hypothesis of cyber compliance as a corporate competitive advantage and maps out some elements
of potential recommendations to strengthen cybersecurity resilience.
Read the full strategic report here: regulatory compliance and cybersecurity
Alderman, P. (2015). Blockchain –emerging legal issues. Lexology, Global.
Privacy on the Internet: a sweet dream?
Quentin Jaubert, Adrien Zamora
“Big Brother is watching you” wrote Georges Orwell. In this groundbreaking book, Orwell describes a society in which the officials know everything that would happen inside the country by performing an omnipresent surveillance over the inhabitants. Today’s police forces and secret services own a numerous number of surveillance tools such as biometry, chips, facial recognition, localization that allow them to become very intrusive security forces. But the “policing” has now also become the property of major private companies (social media platforms, search engines, telecommunication carriers etc). A funny way of rethinking Orwell’s quote in our modern world would be: “Big Browser is watching you”.
There was a time where people had their privacy. One could go shopping when exiting the office, buy several stuffs in cash, go back home, close the doors and curtains, and run their private life. That was it. But privacy has evolved over time. If “privacy” can be defined as a “right to be let alone” (Warren and Brandeis, 1890), or even “the right to prevent the disclosure of personal information to others” (Westin, 1968), the concept has recently taken a multidimensional nature regarding “information, accessibility and expression” (Decew, 1997), and with the rise of the Internet, technology has created new privacy issues (Austin, 2003) which lead us to wonder: is online privacy a sweet dream?
In order to understand the issues linked to our online privacy and generate insights from it, we adopted the following method:
How has the privacy concept evolved with the appearance of the Internet?
In such a connected world, should we/can we protect our privacy? If yes, how?
Where will we be standing in the next 5, 10, 20 years? Will “online privacy” ever mean anything in the next decades?
Read the full strategic report here: privacy on the internet: a sweet dream?
DeCew, J. W. (1997). In pursuit of privacy: Law, ethics, and the rise of technology. Cornell University Press.
Orwell, G. (2009). Nineteen eighty-four. Everyman’s Library.
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard law review, 193-220.
Westin, A. F. (1968). Privacy and freedom. Washington and Lee Law Review, 25(1), 166.
Cybersecurity, a new challenge for the aviation and automotive industries
Hélène Duchamp, Ibrahim Bayram, Ranim Korhani
This paper will focus on cybersecurity in the civil aviation industry, but will also present some of the threats that exist in a much more daily transportation mode: personal cars.
We will present the stakeholders involved in the aviation industry, point out the sources of the vulnerability of the industry to cyber attacks, and then analyze the efforts put in place to deter cyber attacks against commercial aircraft. The same order of reasoning will be applied to the automotive industry
The aviation industry is important to the global economy. In 2013, the air transportation network carried over 48 million tons of freight and over 2.6 billion passengers. Its global economic value was estimated at 2.2 trillion dollars (AIAA, 2013). Any (cyber)-attack in this industry would result in important social and economic consequences.
With the development of new technologies such as internet, the global aviation industry is subject to a new and growing type of threat coming from cyberspace. As in the other industries, cyber threats purposes are for example the robbery of information, political actions, make profit, or simply weaken one stakeholder of the industry.
Because of its complexity and its weight in the economy, breaking the aviation industry’s security constitutes a great challenge for hackers and terrorists. Moreover, this industry relies more and more on information and communication technology (ICT). As an industry that is well known for providing one of the safest type of transportation, it is mandatory for all its stakeholders to understand the risks and to prevent any malicious events for the good of the industry, the economy, the population and the environment.
Read the full strategic report here: cybersecurity, a new challenge for the aviation and automotive industries
AIAA. (2013). The connectivity challenge: protecting critical assets in a networked world – a framework for aviation cybersecurity.
Can ISIS’s cyber-strategy really be thwarted?
Kenza Berrada, Marie Boudier
Never in the history of terrorism had an organization appeared as web-savvy as the Islamic State. The extensive use of the internet allows ISIS to conduct its most vital operations. It can easily spread its hateful and violent messages to every corner of the world, reach vulnerable young people and lure them into joining the force, send orders and raise funds. All of it without much sophistication, only using available tools such as Telegram or the Deep&Dark net. Confronted to the issue, the US government, Silicon Valley’s top executives or the hackers organization Anonymous have each taken action to fight the terrorist organization’s sprawl on the internet. There is no evidence for the moment proving the effectiveness of their initiatives as ISIS continues to recruit, plan attacks and does not show any sign of weakness.
Google stated in February 2016 that more than 50,000 people search for the phrase “Join ISIS” each month. This fact illustrated the latest trend in today’s world terrorism, which is the heavy use of social media and cyber capabilities to assert their domination. The Islamic State of Iraq and Syria (ISIS) is by far one of the most advanced terrorist organizations in terms of their social media capabilities (Farwell, 2014). It is no coincidence ISIS is so successful on the virtual landscape. The group benefits from an extremely elaborate media and public relations strategy. Indeed, Al Hayat Media Center, their own media hub, produces, distributes and manages all their virtual content. With a designated press officer and their own designed mobile application, ISIS takes advantage of a true branding and marketing strategy, as if it were a regular business.
ISIS’s cyber-strategy will be studied first, looking how it uses the Internet for their personal agenda, such as recruitment, propaganda, internal communication, fundraising, and cyber-attacks. Then, focus will be on the possibility to block the Internet, and how diverse stakeholders like the US or private companies plan on controlling the terrorist organization and thwart their online presence.
Read the full strategic report here: ISIS Cyberstrategy
Cybersecurity and the Internet of Things
Sarah Baker, Grégoire Frison-Roche, Barbora Kuncikova
The Internet of Things (IoT) is a topic that gets a lot of attention and has become somewhat of buzzword in business and technology today. In many ways, this hype and excitement is not misplaced, as IoT has fascinating implications and opportunities for both consumers and businesses. However, the cybersecurity threats that this explosive growth represents are sometimes overlooked or not clearly understood. This paper will introduce the concept of IoT, including the definition, trends and applications. The next section will discuss the potential cybersecurity risks for IoT, for both industries and consumers. Finally, the last section will discuss recommended preventative measures and defense mechanisms available, while considering the fast changing nature of IoT technology.
Introduction: What is the Internet of Things?
The past decades have seen huge advances in electronic communications, from the rise of the Internet to the ubiquity of mobile devices. However, this communication is now shifting from devices that simply connect users to the Internet, to communication linking the physical world to the cyber world (Borgia, 2014). Generally speaking, this notion is called Cyber Physical Systems (CPS) and includes technologies such as (i) automation of knowledge work, (ii) Internet of Things, (iii) advanced robotics, and (iv) autonomous/ near autonomous vehicles (Borgia, 2014). However, IoT is considered to be the CPS technology with the largest expected economic impact (Manyika et al., 2013).
Given IoT is one of the most talked about trends in IT, there are as many definitions of the phenomena as there are angles to study. The origins of the concept IoT can be traced back to a group at MIT, who defined it as “an intelligent infrastructure linking objects, information and people through the computer networks, and where the RFID technology found the basis for its realization’’ (Brock, 2001). Today, IoT extends far beyond RFID technology. A more recent definition describes IoT as “a highly interconnected network of heterogeneous entities such as tags, sensors, embedded devices, handheld devices and backend servers” (Malina et al., 2016). The International Telecommunication Union (ITU) describes IoT as “anytime, any place connectivity for anyone… connectivity for anything. Connections will multiply and create an entirely new dynamic network of networks – an Internet of Things’’ (ITU, 2005).
Therefore, the defining attribute of IoT is that it involves things, moving beyond networked computers, tablets or smartphones to include just about any physical object that can be connected and communicate. The value offered by IoT comes from the fact that these objects which are not machines, and do not function like machines are able to gather and communicate data, which means information can be translated into action at astounding rates (Burrus, 2014). The concept behind IoT was aptly captured back in 1999:
“If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. The Internet of Things has the potential to change the world, just as the Internet did. Maybe even more so” (Ashton, 2009)
This strategic report focuses on securing the Internet of Things. Read the full report here: Cybersecurity and the Internet of Things
Cybersecurity & Cyber Threats in Healthcare Organizations
Aurore Le Bris, Walid El Asri
Cybersecurity has become a strategic issue for healthcare facilities. This current risky situation comes from an internal double threat: the misuse of IT systems by employees due to their low risk awareness and the lack of proper funding dedicating to Information Security. Simultaneously, the democratization of hacking techniques has also increased the number of potential perpetrators and the variety of their profile. The multiplication of healthcare facilities hit by such attacks reveals how absolutely necessary the question of cybersecurity is. Thanks to the mediatization of these incidents, concerns now grow among general public and authorities, which trigger more and more initiatives to turn things around: FDA, AHA, HITRUST in the USA. A move towards more coordination in necessary. Furthermore, facilities’ staff is essential in solving the hacking issues. Indeed, cybersecurity cannot be improved without training employees to use devices properly, raising their awareness on cyber threats and ensuring their compliance with security policies.
Cybersecurity has become a crucial issue for many organizations but also for private individuals. As well as for “regular” crime, anyone may become a target of ill-intentioned people, exploiting the vulnerabilities of information systems (IS) in any possible way. Healthcare organizations are some of the entities we trust the most and that hold the most sensitive information about us: name, date and place of birth, medical records, social security details, etc. Suffering from many flaws (low budget, lack of IT organization, excessive use of legacy systems…), healthcare actors have become easy targets for hackers, facing more and more pressure and threats from them (Fu and Blum, 2013).
This article aims at depicting the current state of cybersecurity in healthcare organizations as well as at understanding the main cyber threats they face and how these last ones could be addressed.
First of all, the stakes and risks associated to the healthcare environment will be presented. The different types of assets likely to be targeted will be reviewed as well as the profile of the potential attackers/threats and their objectives. Then, examples of attack scenarios – that occurred in real life or pentests – will be studied in order to highlight the consequences they may have on healthcare IS. Finally, the current state of cybersecurity in healthcare facilities will be portrayed and possible measures to enhance it will be discussed.
The following strategic report assess new risks and threats towards healthcare facilities and organizations. Read the full report here:
Cybersecurity & Cyber Threats in Healthcare Organizations