Underground economics for vulnerability risk

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

1 Downloads (Pure)


The estimation of vulnerability risk is at the core of any IT security management strategy. Among technical and infrastructural metrics of risk, attacker economics represent an emerging new aspect that several risk assessment methodologies propose to consider (e.g., based on game theory). Yet the factors over which attackers make their (economic) decisions remain unclear and, importantly, unquantified. To address this, I infiltrated a prominent Russian cybercrime market where the most prominent attack technology is traded. Supported by direct observations of market activity, I investigate in this work the economic factors that drive the adoption of new attacks at scale and their effect on risk of attack in the wild. As a market participant, I have access to the full spectrum of attack services offered to all members and, in particular, look at the market economics of vulnerability exploitation.
Originele taal-2Engels
Nummer van het tijdschrift1
StatusGepubliceerd - apr 2018

Vingerafdruk Duik in de onderzoeksthema's van 'Underground economics for vulnerability risk'. Samen vormen ze een unieke vingerafdruk.

Citeer dit