Conference proceeding
Access-as-a-Service (AaaS) has reduced barriers to cybercriminal activity, enabling less skilled offenders to execute sophisticated attacks relying on remote access to compromised systems. Despite the growing accessibility of these services, little is understood about the factors influencing criminal decisions in the selection of their targets and the ensuing attack process. This short paper outlines the design and implementation of a ‘criminal’ AaaS platform aimed at attracting cybercriminal users to study their behavior. The platform, modeled after illicit marketplaces in the dark web, includes various market signals to assess their influence on cybercriminal decision-making and a ‘honeypot’ setup to evaluate attacker actions. In this paper, we describe the methodology and infrastructure we are building to this purpose. Our intent is to present our experimental design to the WACCO community to collect feedback on the experiment setup and run, and to foster discussion on the technical and ethical challenges of active attacker measurement.
Text and figures are licensed under Creative Commons Attribution CC BY 4.0. The figures that have been reused from other sources don't fall under this license and can be recognized by a note in their caption: "Figure from ...".