A scientific approach to fighting web-based cybercrime

In this talk, I demonstrate how a scientific approach can be used to combat web-based cybercrime. First, I present an observational study of the prevalence of abuse at shared web hosting providers. I examine the the distribution of web security features and software patching practices in shared hosting providers, the influence of providers on these security practices, and their impact on web compromise rates.

Using a fixed-effect regression model, I demonstrate that providers exert significant influence over the security of web infrastructure and applications, whereas individual webmasters tend to control the security of website content and configurations. I also show that the identified security and software patching factors explain between 10-19% of the variance in phishing and malware abuse at providers, after controlling for size. Second, I present two experiments that evaluate the effectiveness of sending individual abuse reports to operators whose websites have been hacked. Sending abuse reports can expedite cleanup significantly, but only if the notifications include details of the compromise.  Finally, I describe an observational study of bulk reports of compromised websites sent to the responsible web hosting providers. By examining over 28,000 URLs shared with 41 organizations between 2010 and 2015, I find that sharing has an immediate effect of cleaning the reported URLs and reducing the likelihood that they will be recompromised. However, there is only limited evidence that one-time sharing of malware data improves the malware cleanup response over the long term.