Cybercrime as a Service
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
My PhD project aims to investigate Cybercrime as a Service. Cybercrime as a Service (CaaS) refers to an economic model where a technically skilled actor offers a tool kit as a packaged service with easy access to tools and programming frameworks which provide all of the services a less experienced bad actor needs to carry out a successful cyberattack. CaaS is pushing cybercriminal organisations to be more agile and structured not unlike an IT company with multiple roles in order to maximise the profit and increase the reach of services. There are multiple cyberattack services offered within the model, which can span from very targeted attacks, such as Hacking as a Service and Distributed Denial of Service as a service to Ransomware and Data as a Service. However, there is no one list of services the literature uses and the services studied in the literature differ from author to author.
The main questions I would like to answer during my PhD are what are:
(i) What services are the most commonly offered and successful within the CaaS ecosystem?
(ii) How CaaS may develop in the future?
(iii) What are the key characteristics of individual marketing advertisements in marketplaces where CaaS is advertised?
All these three questions will help inform decision-makers on how best to detect and counter the growing threat of CaaS.
So far, I have conducted an extensive literature review on the topic as well as a Systematic literature review of CaaS. This review thematically analysed 135 articles from both academic and grey literature with a view of investigating the services articles studied, the methodological approach the how the CaaS model is predicted to develop in the future. The review indicates that further commercialisation of the model will further lower the barrier of entry to the cybercrime realm, increase the sophistication of the attacks and increase the resilience of the service providers and their ecosystem which will result in harder shutdowns of services by the authorities. Furthermore, as the model becomes more accessible, groups such as organised crime groups, state and non-state actors may use them as well, which may have implications for criminal activity in both cyber and physical domains.
My next steps within the PhD programme are to further investigate Cybercrime as a Service from the perspective of news reports. This will include an investigation of cybersecurity news to see what services are reported there and what trends can be noticed in these reports. This will present a different side and different stakeholders that are also concerned with the problem of Cybercrime as a Service. As the CaaS ecosystem affects many sectors and indeed many different stakeholders, the lack of a more holistic picture of the problem was one that became evident during my systematic literature review. After the comparative study of the two projects, I would like to further explore CaaS "in the wild" which will include dark web forum data analysis, later on during my PhD. By mixed method analysis techniques such as natural language processing of the market and communication amongst the service providers and customers, and thematic or even netnographic study, key characteristics of individual marketing advertisements in marketplaces where CaaS is advertised may be studied.
The main questions I would like to answer during my PhD are what are:
(i) What services are the most commonly offered and successful within the CaaS ecosystem?
(ii) How CaaS may develop in the future?
(iii) What are the key characteristics of individual marketing advertisements in marketplaces where CaaS is advertised?
All these three questions will help inform decision-makers on how best to detect and counter the growing threat of CaaS.
So far, I have conducted an extensive literature review on the topic as well as a Systematic literature review of CaaS. This review thematically analysed 135 articles from both academic and grey literature with a view of investigating the services articles studied, the methodological approach the how the CaaS model is predicted to develop in the future. The review indicates that further commercialisation of the model will further lower the barrier of entry to the cybercrime realm, increase the sophistication of the attacks and increase the resilience of the service providers and their ecosystem which will result in harder shutdowns of services by the authorities. Furthermore, as the model becomes more accessible, groups such as organised crime groups, state and non-state actors may use them as well, which may have implications for criminal activity in both cyber and physical domains.
My next steps within the PhD programme are to further investigate Cybercrime as a Service from the perspective of news reports. This will include an investigation of cybersecurity news to see what services are reported there and what trends can be noticed in these reports. This will present a different side and different stakeholders that are also concerned with the problem of Cybercrime as a Service. As the CaaS ecosystem affects many sectors and indeed many different stakeholders, the lack of a more holistic picture of the problem was one that became evident during my systematic literature review. After the comparative study of the two projects, I would like to further explore CaaS "in the wild" which will include dark web forum data analysis, later on during my PhD. By mixed method analysis techniques such as natural language processing of the market and communication amongst the service providers and customers, and thematic or even netnographic study, key characteristics of individual marketing advertisements in marketplaces where CaaS is advertised may be studied.
Planned Impact
The EPSRC Centre for Doctoral Training in Cybersecurity will train over 55 experts in multi-disciplinary aspects of cybersecurity, from engineering to crime science and public policy.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Organisations
People |
ORCID iD |
| Enrico Mariconti (Primary Supervisor) | |
| Emilija Mauko (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S022503/1 | 01/04/2019 | 23/11/2028 | |||
| 2726615 | Studentship | EP/S022503/1 | 26/09/2022 | 30/12/2026 | Emilija Mauko |