Measuring the Cost of Cybercrime

Anderson, Ross; Barton, Chris; Böhme, Rainer; Clayton, Richard; Eeten, Michel van; Levi, Michael; Moore, Tyler; Savage, Stefan

doi:10.1007/978-3-642-39498-0_12

Cited by 400 publications

(320 citation statements)

References 16 publications

Supporting

Mentioning

310

Contrasting

Unclassified

Order By: Relevance

“…Significant efforts have also been made in measuring the economic cost of cybercrime [18]. This is a difficult multi-disciplinary task, and there is still more work to be done.…”

Section: Existing Empirical Evidencementioning

confidence: 99%

See 1 more Smart Citation

Modeling malicious domain name take-down dynamics: Why eCrime pays

Spring

2013

2013 APWG eCrime Researchers Summit

View full text Add to dashboard Cite

Abstract-Domain names drive the ubiquitous use of the Internet. Criminals and adversaries also use domain names for their enterprise. Defenders compete to remove or block such malicious domains. This is a complicated space on the Internet to measure comprehensively, as the malicious actors attempt to hide, the defenders do not like to share data or methods, and what data is public is not consistently formatted. This paper derives an ad hoc model of this competition on large, decentralized networks using a modification of Lanchester's equations for combat. The model is applied to what is known of the current state of malicious domain activity on the Internet. The model aligns with currently published research, and provides a more comprehensive description of possible strategies and limitations based on the general dynamics of the model.When taken with the economic realities and physical laws to which the Internet is bound, the model demonstrates that the current approach to removing malicious domain names is unsustainable and destined for obsolescence. However, there are technical, policy, and legal modifications to the current approach that would be effective, such as preemptively populating watch lists, limits on a registrant's registrations, and international cooperation. The results indicate that the defenders should not expect to eliminate or significantly reduce malicious domain name usage without employing new digital tactics and deploying new rules in the physical world.

show abstract

“…Significant efforts have also been made in measuring the economic cost of cybercrime [18]. This is a difficult multi-disciplinary task, and there is still more work to be done.…”

Section: Existing Empirical Evidencementioning

confidence: 99%

“…This is a difficult multi-disciplinary task, and there is still more work to be done. [18] also importantly differentiates between direct and indirect losses to the defenders. The attackers can only monetize a percentage of the direct losses, even though indirect losses are often much larger.…”

Section: Existing Empirical Evidencementioning

confidence: 99%

Modeling malicious domain name take-down dynamics: Why eCrime pays

Spring

2013

2013 APWG eCrime Researchers Summit

View full text Add to dashboard Cite

show abstract

“…It has been recognized that the indirect costs of cybercrime, including a reduction in online participation, can be very high [8]. But what exactly leads people to limit their activities in favor of improved security?…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, it does not seem to be a winning strategy for banks to hush up cybercrime in order to move more retail business online. Nevertheless, it is interesting to note that banks' interest on the prominence of cybercrime in the media is exactly opposite to that of the security industry, who tries to play up the significance of the problem [8].…”

Section: B Impediments To Online Bankingmentioning

confidence: 99%

How do consumers react to cybercrime?

Böhme

Moore

2012

2012 eCrime Researchers Summit

Self Cite

View full text Add to dashboard Cite

Abstract-We conduct a secondary analysis of data collected to survey EU citizens' experiences and concerns with cybercrime. We devise a series of logistic regressions that measure how exposure to cybercrime can inhibit online banking, shopping and other activities. We consider three forms of exposure: directly falling victim, expressing concern about security, and reading news reports. We find that directly experiencing cybercrime decreases the likelihood of shopping and banking online by 4-5 percentage points. We find that expressing concern about cybercrime has nearly twice as much negative impact on online behavior than directly experiencing cybercrime. People who have not heard anything about cybercrime in news reports or from colleagues are more likely to bank online than those who have heard such reports. We conclude by reviewing limitations of existing survey approaches and make recommendations for improving questions in future cybercrime surveys.

show abstract

“…Next to phishing, malicious software, i.e. malware targeting financial service providers worldwide, is an ongoing and continuous threat to these financial service providers, causing millions in damages in both industrialised and non-industrialised countries (Anderson et al 2012).…”

mentioning

confidence: 99%

Discerning Novel Value Chains in Financial Malware

Wegberg

Klievink

Eeten

2017

Eur J Crim Policy Res

View full text Add to dashboard Cite

Fraud with online payment services is an ongoing problem, with significant financial-economic and societal impact. One of the main modus operandi is financial malware that compromises consumer and corporate devices, thereby potentially undermining the security of critical financial systems. Recent research into the underground economy has shown that cybercriminals are organised around highly specialised tasks, such as pay-perinstall markets for infected machines, malware-as-a-service and money mule recruitment. Setting up a successful financial malware scheme requires the aligning of many moving parts. Analysing how cybercrime groups acquire, combine and align these parts into value chains can greatly benefit from existing insights into the economics of online crime. Using transaction cost economics, this paper illustrates the business model behind financial malware and presents three novel value chains therein. For this purpose, we use a conceptual synthesis of the state-of-the-art of the literature on financial malware, underground markets and (cyber)crime economics, as well as today's banking practice.

show abstract

Measuring the Cost of Cybercrime

Cited by 400 publications

References 16 publications

Modeling malicious domain name take-down dynamics: Why eCrime pays

Modeling malicious domain name take-down dynamics: Why eCrime pays

How do consumers react to cybercrime?

Discerning Novel Value Chains in Financial Malware

Contact Info

Product

Resources

About