An Experimental Design to Investigate Attacker Actions on an Access-as-a-Service ‘Criminal’ Platform

In Proceedings of the 2025 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW 2025) - 7th Workshop on Attackers and Cyber-Crime Operations (WACCO), 2025-06
Ricaldi, R.; Yalamov, Y.; Campobasso, M.; Allodi, L.; Kool H.; Moneva, A.; Leukfeldt, E. R.
PDF

Abstract

Access-as-a-Service (AaaS) has reduced barriers to cybercriminal activity, enabling less skilled offenders to execute sophisticated attacks relying on remote access to compromised systems. Despite the growing accessibility of these services, little is understood about the factors influencing criminal decisions in the selection of their targets and the ensuing attack process. This short paper outlines the design and implementation of a ‘criminal’ AaaS platform aimed at attracting cybercriminal users to study their behavior. The platform, modeled after illicit marketplaces in the dark web, includes various market signals to assess their influence on cybercriminal decision-making and a ‘honeypot’ setup to evaluate attacker actions. In this paper, we describe the methodology and infrastructure for this purpose.