From Bounty to Exploit: Observations About Cybercriminal Contests

Cybercriminals have taken their own initiative to establish an informal way of conducting research and development by holding contests on forums. In this blog post, we go through the key takeaways we learned about these competitions.

These contests are diverse and range from public calls for articles that describe new technologies to hackathons that can improve cybercriminals’ defenses. We elaborate on the details of their operation here.

The following are our key takeaways:

Cybercriminals often use crowdsourcing as their research and development. These public contests on criminal forums work like “American Idol” or “America’s Got Talent” for malicious actors. Unlike a traditional X-Prize competition, criminal evolutions do not need to be groundbreaking to be successful. Instead, they only need to evolve slightly beyond today’s defenses to have a massive midterm effect. Over time, something groundbreaking could result from these contests. With more and more of this kind of activity happening, statistically it is only a matter of time until the increasing creativity of contest winners leads to something groundbreaking for the cybercrime industry. This is called the “black swan” effect.

Lacking formal research and development functions in most cases, cybercriminals often use the public for brainstorming purposes to discover new and creative attacks. These contests, which crowdsource the best ideas from the criminal community, also provide financial rewards for the most promising solutions. These contests have also been used in the criminal underground for some time now and involve everything from pure creative

Read more

Explore the site

More from the blog

Latest News