Volume 12 - Issue 4
COORDINATE: A model to analyse the benefits and costs of coordinating cybercrime
- Tom Meurs
University Twente, Enschede, The Netherlands
t.w.a.meurs@utwente.nl
- Marianne Junger
University Twente, Enschede, The Netherlands
m.junger@utwente.nl
- Abhishta Abhishta
University Twente, Enschede, The Netherlands
s.abhishta@utwente.nl
- Erik Tews
University Twente, Enschede, The Netherlands
e.tewsg@utwente.nl
- Emma Ratia
Dutch National Police, Driebergen, The Netherlands
emma.ratia@politie.nl
Keywords: Coordination, DDoS, Phishing, Ransomware
Abstract
Recent leaks (such as Conti) have provided greater insights on the working of cybercriminal organisations.
Just like any other business, these malicious actors strategically manage their processes in
order to maximise their revenues. Coordinating different types of cybercrimes as part of a single
attack campaign provides another opportunity to these criminal groups to improve the efficiency of
their attacks. To investigate the promise of this “coordination” between cybercrimes in improving
the financial gains realised by cybercriminals, we take a two-step approach. First, we perform a
bibliometric analysis of past scientific literature discussing the concept of “coordination” w.r.t to cybercrime.
Second, as a case study, analysing the attack chains of DDoS, phishing and ransomware
attacks, we identify vantage points for potential coordination from an attacker’s perspective. Based
on our findings, we propose a model (COORDINATE) to identify the types of potential cybercrime
“coordinations”. COORDINATE considers three relevant types of coordination: direct collaborated
coordination, indirect collaborated coordination, and opportunistic coordination. Given the advantages
of coordinated attacks, our results suggest that one crime may provide opportunities for the next
one. Coordinated attacks will become more prevalent, and that we may witness the development of
a dynamic that leads to more online crime.