Journals
Find>Journals
Journals
Title Economic Factors of Vulnerability Trade and Exploitation      
Author Luca Allodi
Date 2018-04-23 Hit 35

no img

 

Title: Economic Factors of Vulnerability Trade and Exploitation

 

Author: Luca Allodi, Eindhoven University of Technology

 

Date: 3 January 2018

 

Abstract: Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cyber-criminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.

 

Source: https://arxiv.org/pdf/1708.04866.pdf



Keywords:
Journals title
Next Are pilots prepared for a cyber-attack? A human factors approach to the experimental evaluation of pilots' behavior
Prev Investigation of Indecent Images of Children cases: Challenges and suggestions collected from the trenches