Response to cybercrime has been a folklorish enterprise to date, organized principally around deployment of products and services to prevent, detect, remediate and investigate cybercrimes against enterprises and their brands and counter-parties. Programmatic data exchange, the lifeblood of all public-health regimens, has only been formally organized in cyber to a limited degree, denying the domain the kinds of efficiencies that attend rigorously curated public-health modalities of intervention.
The APWG’s Crypto Currency Working Group’s Wallet Address Data Corpus Project hosts hundreds of thousands of addresses and adds thousands of new addresses each month to the database
The APWG PhishFarm Block List Latency Monitoring Program is designed to measure latency of updating of browser block lists. The principal objectives are to inform whole-of-ecosystem metrics to cultivate efficacious data logistics; to drive out control failures; and to measure subsequent ecosystem performance changes, the same way health agencies employ metrics to manage disease propagation.
The APWG eCrime eXchange is the world’s largest NGO-managed clearinghouse for cybercrime-related machine event data, delivering upwards of billions of data elements per month outbound to its member institutions from industry, national governments and multi-lateral treaty organizations
To advance programmatic data exchange as a conventionalized discipline, APWG has stepped forward to develop programs such as: PhishFarm, a browser block list latency monitoring program to measure efficiencies of block lists in updating the URLs they deflect users from visiting; and the Crypto Currency Working Group Data Corpus Project, a program to fuse data from sources of wallet addresses associated with common cybercrimes such as ransomware and bitcoin generator scams.
The development of mutualistic data provisioning schemes, conventionalized metrics for ecosystem performance measurement and management, as well as APWG’s curated data clearance and telemetry resources will promote the establishment of a common operational vocabulary for stakeholders to use to orchestrate and optimize a globalized cybercrime response ecosystem and mitigate control gaps discovered to be impairing response-infrastructure performance.