Despite the rapid escalation of cyber threats, there has still been little research into the foundations of the subject or methodologies that could serve to guide information systems researchers and practitioners who deal with cybersecurity. In addition, little is known about crime-as-a-service (CaaS), a criminal business model that underpins the cybercrime underground. This research gap and the practical cybercrime problems we face have motivated us to investigate the cybercrime underground economy by taking a data analytics approach from a design science perspective. To achieve this goal, we: (1) propose a data analysis framework for analyzing the cybercrime underground; (2) propose CaaS and crimeware definitions; (3) propose an associated classification model, and (4) develop an example application to demonstrate how the proposed framework and classification model could be implemented in practice. We then use this application to investigate the cybercrime underground economy by analyzing a large data set obtained from the online hacking community. By taking a design science research approach, this paper contributes to the design artifacts, foundations, and methodologies in this area. Moreover, it provides useful practical insights to practitioners by suggesting guidelines as to how governments and organizations in all industries can prepare for attacks by the cybercrime underground.
All Science Journal Classification (ASJC) codes
- Computer Science(all)
- Materials Science(all)