4-7 November 2025 / San Diego, California USA
This Year's Published Papers
Morium Akter Munny, California State University San Marcos, munny001@csusm.edu, Mahbub Alam, Texas A&M University, mahbub.alam@tamu.edu, Sonjoy Kumar Paul, Texas A&M University, skpaul@tamu.edu, Daniel Timko, Emerging Threats Lab/ smishtank.com, daniel@smishtank.com, Muhammad Lutfor Rahman, California State University San Marcos, mlrahman@csusm.edu, Nitesh Saxena, Texas A&M University, nsaxena@tamu.edu
Quantum-Enabled Cybercrime: A Portfolio Analysis of Cryptocurrency Theft and Double-Spending
Zhen Li, Department of Economics and Management, Albion College, USA, zli@albion.edu, Qi Liao, Department of Computer Science, Central Michigan University, USA, liaolq@cmich.edu
Unicorns in the Wild West: Empirical Analysis of Cybercrime Facilitated by Cryptocurrencies
Arghya Mukherjee, Tandy School of Computer Science, College of Engineering and Computer Science, The University of Tulsa Tulsa, OK, USA, arghya-mukherjee@utulsa.edu, Tyler Moore School of Cyber Studies College of Engineering and Computer Science The University of Tulsa Tulsa, OK, USA tyler-moore@utulsa.edu
Short Path to Phishing: Identifying Misused URL Shortening Services in the Wild
Zul Odgerel∗§, Yevheniya Nosyk§ , Jan Bayer§ , Sourena Maroofi§ , Louis Bedeschi§ , Andrzej Duda∗§, Maciej Korczynski ´ ∗§ ∗Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG, France firstname.lastname@univ-grenoble-alpes.fr §KOR Labs Cybersecurity, France firstname.lastname@korlabs.io
Lost in Translation: Analyzing Non-English Cybercrime Forums
Mariella Mischinger1,2, Jack Hughes3, Fedor Vitiugin4, Sergio Pastrana2, Alice Hutchings3, Guillermo Suarez-Tangil1 1IMDEA Networks Institute, Spain 2Universidad Carlos III de Madrid, Spain 3University of Cambridge, United Kingdom 4University of Turku, Finland
Detecting Malicious Domain Registration Batches: Patterns, Prevalence, and Security Implications
Samuel Cheadle, Carlos H. Gan˜an, Si ´ on Lloyd, Samaneh Tajalizadehkhoob ˆ Security, Stability, and Resiliency Research, Office of the CTO ICANN Email: {sam.cheadle, carlos.ganan, sion.lloyd, samaneh.tajali}@icann.org
SHADOWBOX: A Low-Artifact Framework for Analyzing Evasive Malicious Code
Javad Zandi Florida International University, Lalchandra Rampersaud Florida International University, Amin Kharraz Florida International University
“Send to which account?” Evaluation of an LLM-based Scambaiting System
Hossein Siadati∗ , Haadi Jafarian† , Sima Jafarikhah‡ ∗AI Research, Cybera Global Inc./ UNCW, Wilmington, USA s.h.siadaty@gmail.com †Department of Computer Science and Engineering, UC Denver, USA haadi.jafarian@ucdenver.edu ‡Department of Computer Science, UNCW, Wilmington, USA jafarikhaht@uncw.edu
Defense of the Clones: Securing Web Applications with Automatic Honeypot Generation and Deployment
Billy Tsouvalas Stony Brook University Stony Brook, NY, USA vtsouvalas@cs.stonybrook.edu Nick Nikiforakis Stony Brook University Stony Brook, NY, USA nick@cs.stonybrook.edu
Raghavendra Cherupalli School of Cyber Studies The University of Tulsa Tulsa, USA rac8609@utulsa.edu Hawken Grubbs School of Cyber Studies The University of Tulsa Tulsa, USA hlg9644@utulsa.edu Yi Ting Chua School of Cyber Studies The University of Tulsa Tulsa, USA ytc2805@utulsa.edu Weiping Pei School of Cyber Studies The University of Tulsa Tulsa, USA weiping-pei@utulsa.edu Tyler Moore School of Cyber Studies The University of Tulsa Tulsa, USA tyler-moore@utulsa.edu Gary Warner Department of Criminal Justice Univ. of Alabama at Birmingham Birmingham, USA gar@uab.edu
Antonino Vitale∗ , Kevin van Liebergen† , Juan Caballero† , Savino Dambra‡ , Platon Kotzias§ , Simone Aonzo∗ , Davide Balzarotti∗ ∗EURECOM † IMDEA Software Institute ‡Gen Digital §BforeAI
ScanWars: (A Multi-network Approach to Detecting and Analyzing) The Rise of Scanning Activity
Beliz Kaleli Palo Alto Networks Santa Clara, CA, US bkaleli@paloaltonetworks.com Tony Li Palo Alto Networks Santa Clara, CA, US tuli@paloaltonetworks.com Fang Liu Palo Alto Networks Santa Clara, CA, US fliu@paloaltonetworks.com Oleksii Starov Palo Alto Networks Santa Clara, CA, US ostarov@paloaltonetworks.com Manuel Egele Boston University Boston, MA, US megele@bu.edu Gianluca Stringhini Boston University Boston, MA, US gian@bu.edu
Beaver: Estimating Future Risks at Scale in Real-World Deployments
Marco Balduzzi Trend Micro Research Roel Reyes Trend Micro Research Jessica Balaquit Trend Micro Research Ryan Flores Trend Micro Research
Catch Me If You Scan: A Longitudinal Analysis of Stalkerware Evasion Tactics
Anahitha Vijay Computer Laboratory University of Cambridge Cambridge, United Kingdom av697@cam.ac.uk Luis A. Saavedra Computer Laboratory University of Cambridge Cambridge, United Kingdom luis.saavedra@cl.cam.ac.uk Alice Hutchings Computer Laboratory University of Cambridge Cambridge, United Kingdom alice.hutchings@cl.cam.ac.uk
Department-Specific Security Awareness Campaigns: A Cross-Organizational Study of HR and Accounting
Matthias Pfister∗ , Giovanni Apruzzese∗†, Irdin Pekaric∗ ∗University of Liechtenstein, Vaduz, Liechtenstein; †Reykjavik University, Reykjavik, Iceland {matthias.pfister, giovanni.apruzzese, irdin.pekaric}@uni.li
Just in Plain Sight: Unveiling CSAM Distribution Campaigns on the Clear Web
Nikolaos Lykousas Data Centric Romania Constantinos Patsakis, Senior Member, IEEE Department of Informatics University of Piraeus, Piraeus, Greece Athena Research Center Artemidos 6, Marousi, Greece kpatsak@unipi.gr
Uncovering the Trust Signals Supporting Telegram’s Cybercrime Economy
Roy Ricaldi∗, Tina Marjanov†, Luca Allodi∗, Alice Hutchings† ∗Eindhoven University of Technology, Department of Mathematics and Computer Science {r.j.ricaldi.saavedra, l.allodi}@tue.nl †University of Cambridge, Department of Computer Science and Technology {tina.marjanov, alice.hutchings}@cl.cam.ac.uk
Is Ransomware an Economically Distinct Attack Type? An Event Study of Market Reactions
Ambarish Gurjar∗ , Dalyapraz Manatova† , Benjamin Staples† , Spencer Chambers† , L. Jean Camp∗ ∗ College of Computing and Informatics, UNC Charlotte, Charlotte, USA † Luddy School of Informatics, Computing, and Engineering, Indiana University, Bloomington, USA
From Lamborghinis to Ladas: Empirical Analysis of LockBit’s Business Operations
Ian Gray New York University New York, NY, USA iwg210@nyu.edu Dalyapraz Manatova Indiana University Bloomington Bloomington, IN, USA dmanato@iu.edu Kris Oosthoek Delft University of Technology Delft, The Netherlands k.oosthoek@tudelft.nl Damon McCoy New York University New York, NY, USA mccoy@nyu.edu
Inside LockBit: Technical, Behavioral, and Financial Anatomy of a Ransomware Empire
Felipe Castano˜ Digital Security Department Vicomtech (BRTA), Donostia/San Sebastian, Spain Dept. of Electrical Engineering, Systems and Automation Universidad de Leon, Le ´ on, Spain ´ fcastano@vicomtech.org Constantinos Patsakis, Senior Member, IEEE Department of Informatics University of Piraeus, Piraeus, Greece Athena Research Center Artemidos 6, Marousi, Greece kpatsak@unipi.gr Francesco Zola Member, IEEE Digital Security Department Vicomtech (BRTA), Donostia/San Sebastian, Spain fzola@vicomtech.org Fran Casino, Senior Member, IEEE Dept. of Computer Engineering and Mathematics. Universitat Rovira i Virgili. Catalonia, Spain Athena Research Centre Artemidos 6, Marousi, Greece franciscojose.casino@urv.cat
The Dark Art of Financial Disguise in Web3: Money Laundering Schemes and Countermeasures
Hesam Sarkhosh Cheriton School of Computer Science University of Waterloo Waterloo, Canada hsarkhos@uwaterloo.ca Uzma Maroof Cheriton School of Computer Science University of Waterloo Waterloo, Canada uzma.maroof@uwaterloo.ca Diogo Barradas Cheriton School of Computer Science University of Waterloo Waterloo, Canada diogo.barradas@uwaterloo.ca