H.L.J. Bijmans
Please Note
3 records found
1
The research is structured around five studies. The first two chapters focus on cryptojacking, a cybercrime involving the unauthorized use of computing resources for cryptocurrency mining. The first study assesses the prevalence of cryptojacking on websites, identifying attack vectors, targeted website categories, and large-scale campaigns. The second extends this inquiry to compromised infrastructure, particularly MikroTik routers, revealing a broader and more organized set of cryptojacking operations. Using Internet traffic analysis and campaign mapping, this chapter uncovers the operational lifecycles of infected infrastructure and the varying sophistication of attackers.
The third study addresses phishing, particularly targeting Dutch citizens. By examining the development and trade of phishing kits, the research uncovers the full life cycle of phishing campaigns against the Dutch financial sector. Insights into attackers’ techniques, including their use of TLS certificates and phishing kit usage, inform policy recommendations for anti-phishing initiatives.
The fourth study examines the anti-abuse ecosystem, focusing on how intermediaries such as hosting providers handle abuse reports. Through access to the internal data of a Dutch hosting provider, the study shows that responses depend largely on the source and type of abuse notification. Governance instruments like blocklisting or law enforcement pressure prove more effective in eliciting responses than individual reports, highlighting gaps in current mitigation practices.
The fifth study reviews 38 academic works on phishing, booter services, and remote access trojans, structuring them through the concept of value chains. By comparing methods and data sources, and incorporating reflections from law enforcement professionals, the study identifies which scientific measurements are considered most valuable. This highlights the need for measurement approaches that align more closely with law enforcement priorities, especially regarding the development and monetization components of cybercrime.
The dissertation concludes by emphasizing that Internet measurements of cybercrime must reflect the intent and decision-making processes of criminals, as well as incorporate geographical demarcation to match the jurisdictional constraints of law enforcement agencies. Value chain analysis, lifecycle mapping, and campaign analysis emerge as tools for structuring meaningful measurements. Ultimately, the research demonstrates that bridging technical and criminological approaches produces insights that better serve governance needs and provide actionable intelligence for law enforcement. ...
The research is structured around five studies. The first two chapters focus on cryptojacking, a cybercrime involving the unauthorized use of computing resources for cryptocurrency mining. The first study assesses the prevalence of cryptojacking on websites, identifying attack vectors, targeted website categories, and large-scale campaigns. The second extends this inquiry to compromised infrastructure, particularly MikroTik routers, revealing a broader and more organized set of cryptojacking operations. Using Internet traffic analysis and campaign mapping, this chapter uncovers the operational lifecycles of infected infrastructure and the varying sophistication of attackers.
The third study addresses phishing, particularly targeting Dutch citizens. By examining the development and trade of phishing kits, the research uncovers the full life cycle of phishing campaigns against the Dutch financial sector. Insights into attackers’ techniques, including their use of TLS certificates and phishing kit usage, inform policy recommendations for anti-phishing initiatives.
The fourth study examines the anti-abuse ecosystem, focusing on how intermediaries such as hosting providers handle abuse reports. Through access to the internal data of a Dutch hosting provider, the study shows that responses depend largely on the source and type of abuse notification. Governance instruments like blocklisting or law enforcement pressure prove more effective in eliciting responses than individual reports, highlighting gaps in current mitigation practices.
The fifth study reviews 38 academic works on phishing, booter services, and remote access trojans, structuring them through the concept of value chains. By comparing methods and data sources, and incorporating reflections from law enforcement professionals, the study identifies which scientific measurements are considered most valuable. This highlights the need for measurement approaches that align more closely with law enforcement priorities, especially regarding the development and monetization components of cybercrime.
The dissertation concludes by emphasizing that Internet measurements of cybercrime must reflect the intent and decision-making processes of criminals, as well as incorporate geographical demarcation to match the jurisdictional constraints of law enforcement agencies. Value chain analysis, lifecycle mapping, and campaign analysis emerge as tools for structuring meaningful measurements. Ultimately, the research demonstrates that bridging technical and criminological approaches produces insights that better serve governance needs and provide actionable intelligence for law enforcement.
...
Inadvertently making cyber criminals rich
A comprehensive study of cryptojacking campaigns at internet scale
Since the release of a browser-based cryptominer by Coinhive in 2017, the easy use of these miners has skyrocketed illicit cryptomining in 2017 and continued in 2018. This method of monetizing websites attracted website owners, as well as criminals seeking new ways to earn a profit. In this paper, we perform two large studies into the world of cryptojacking, focused on organized cryptomining and the spread of cryptojacking on the Internet. We have identified 204 cryptojacking campaigns, an order of magnitude more than previous work, which indicates that these campaigns are heavily underestimated by previous studies. We discovered that criminals have chosen third-party software - such as WordPress - as their new method for spreading cryptojacking infections efficiently. With a novel method of using NetFlow data we estimated the popularity of mining applications, which showed that while Coinhive has a larger installation base, CoinImp WebSocket proxies were digesting significantly more traffic in the second half of 2018. After crawling a random sample of 49M domains, ~20% of the Internet, we conclude that cryptojacking is present on 0.011% of all domains and that adult content is the most prevalent category of websites affected.