Human and Technical Drivers of Cybercrime

The Cyber Forensics Behavioral Analysis (CFBA) model merges Cyber Behavioral Sciences and Digital Forensics to improve the prediction and effectiveness of cyber threats from Autonomous System Numbers (ASNs). Traditional cybersecurity strategies, focused mainly on technical aspects, must be revised for the complex cyber threat landscape. This research proposes an approach combining technical expertise with cybercriminal behavior insights. The study utilizes a mixed-methods approach and integrates various disciplines, including digital forensics, cybersecurity, computer science, and forensic psychology. Central to the model are four key concepts: forensic cyberpsychology, digital forensics, predictive modeling, and the Cyber Behavioral Analysis Metric (CBAM) and Score (CBS) for evaluating ASNs. The CFBA model addresses initial challenges in traditional cyber defense methods and emphasizes the need for an interdisciplinary, comprehensive approach. This research offers practical tools and frameworks for accurately predicting cyber threats, advocating for ongoing collaboration in the ever-evolving field of cybersecurity. Full article

Adolescents are currently the most digitally connected generation in history. There is an ever-growing need to understand how typical adolescent risk-taking intersects with the vastly criminogenic potential of digital technology. Criminal hacking in older adolescents (16–19-year-olds) was assessed using an adapted Theory of Planned Behaviour (TPB) model, a cohesive theoretical framework that incorporates cognitive processes and human drivers (informed by psychology, cyberpsychology, and criminology theory). In 2021, a large-scale anonymous online survey was conducted across nine European countries. Criminal hacking was assessed using data from 3985 participants (M = 1895, 47.55%; F = 1968, 49.39%). This study formulated a powerful predictive model of youth hacking intention (accounting for 38.8% of the variance) and behaviour (accounting for 33.6% of the variance). A significant minority, approximately one in six (16.34%), were found to have engaged in hacking, and approximately 2% reported engaging in hacking often or very often. Increased age, being male, and offline deviant behaviour were significant predictors of hacking behaviour. In line with the TPB, intention was the strongest individual predictor of hacking behaviour, which in turn was significantly predicted by cognitive processes accounted for by TPB constructs: subjective norms of family and peers, attitudes towards hacking, and perceived behavioural control. These TPB constructs were found to be significantly associated with human factors of risk-taking, toxic online disinhibition, offline deviant behaviour, and demographic variables of age and gender. Implications for future research, interventions, policy, and practice are discussed. Full article

This research article investigates the effectiveness of digital forensics analysis (DFA) techniques in identifying patterns and trends in malicious failed login attempts linked to public data breaches or compromised email addresses in Microsoft 365 (M365) environments. Pattern recognition techniques are employed to analyze security logs, revealing insights into negative behavior patterns. The findings contribute to the literature on digital forensics, opposing behavior patterns, and cloud-based cybersecurity. Practical implications include the development of targeted defense strategies and the prioritization of prevalent threats. Future research should expand the scope to other cloud services and platforms, capture evolving trends through more prolonged and extended analysis periods, and assess the effectiveness of specific mitigation strategies for identified tactics, techniques, and procedures (TTPs). Full article

In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information for guiding defenders’ security procedures and supporting incident response and remediation. However, the technical analysis involved in cyberattack attribution requires skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigator effort. Attribution results are not always reliable, and skillful attackers often work hard to hide or remove the traces of their operations and to mislead or confuse investigators. In this article, we translate the technical attack attribution problem to the supervised machine learning domain and present a tool designed to support technical attack attribution, implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of recent cyberattacks, which shows its potential in increasing the effectiveness and efficiency of attribution operations. Full article

Cybercrime presents a significant threat to global society. With the number of cybercrimes increasing year after year and the financial losses escalating, law enforcement must advance its capacity to identify cybercriminals, collect probative evidence, and bring cybercriminals before the courts. Arguably to date, the approach to combatting cybercrime has been technologically centric (e.g., anti-virus, anti-spyware). Cybercrimes, however, are the result of human activities based on human motives. It is, therefore, important that any comprehensive law enforcement strategy for combatting cybercrime includes a deeper understanding of the hackers that sit behind the keyboards. The purpose of this systematic review was to examine the state of the literature relating to the application of a human-centric investigative tool (i.e., profiling) to cybercrime by conducting a qualitative meta-synthesis. Adhering to the PRISMA 2020 guidelines, this systematic review focuses specifically on cybercrime where a computer is the target (e.g., hacking, DDoS, distribution of malware). Using a comprehensive search strategy, this review used the following search terms: “cybercrime”, “computer crime”, “internet crime”, “cybercriminal”, “hacker”, “black hat”, “profiling”, “criminal profiling”, “psychological profiling”, “offender profiling”, “criminal investigative analysis”, “behavioral profiling”, “behavioral analysis”, “personality profiling”, “investigative psychology”, and “behavioral evidence analysis” in all combinations to identify the relevant literature in the ACM Digital Library, EBSCOhost databases, IEEE Xplore, ProQuest, Scopus, PsychInfo, and Google Scholar. After applying the inclusion/exclusion criteria, a total of 72 articles were included in the review. This article utilizes a systematic review of the current literature on cyber profiling as a foundation for the development of a comprehensive framework for applying profiling techniques to cybercrime—described as cyber behavioral analysis (CBA). Despite decades of research, our understanding of cybercriminals remains limited. A lack of dedicated researchers, the paucity of research regarding human behavior mediated by technology, and limited access to datasets have hindered progress. The aim of this article was to advance the knowledge base in cyber behavioral sciences, and in doing so, inform future empirical research relating to the traits and characteristics of cybercriminals along with the application of profiling techniques and methodologies to cybercrime. Full article