APWG R&D Programs’ Timeline

Counter-Cybercrime Innovation in the Public Interest - Since 2003

APWG stepped up as a forge of innovation for non-profit counter-cybercrime resources R&D in 2003 when industry leaders, engaging the new phishing threats then emerging, turned to the organization to deploy the world’s first NGO-managed cybercrime machine event data clearinghouse, the storied URL Block List (UBL).

Since then, APWG has researched, developed – and, most importantly, deployed and subsequently maintained – a number of keystone resources on behalf of the world’s counter-cybercrime community. Each program has been selected by APWG directors for its breadth of coverage in suppressing the cybercrimes they target in a public-health model of intervention. Many of them are used today by the world’s largest commercial security firms, intellectual property managers, government ministries, law enforcement agencies, trade associations and inter-governmental treaty organizations worldwide.

An abridged compendium of selected programs, past, present and under development, follows below:

2021

PhishFarm

PHISHFARM

BROWSER

BLOCK LIST

MONITORING

PROGRAM

The APWG PhishFarm Block List Latency Monitoring Program would provide insights into the browser block lists that are one of the last lines of defense between users and phishing websites — essential to understanding the efficiency of the cybercrime response ecosystem. With common metrics, management of the shared cybercrime-response ecosystem can begin — and be maintained. PhishFarm’s objectives are to: inform and enable whole-of-ecosystem metrics to cultivate the most efficacious data logistics possible; drive out control failures; and measure subsequent ecosystem performance changes, the same way public health agencies employ manage disease propagation.

2020

APWG's Crypto Currency Working Group's Wallet Address Data Corpus Project

CCWG

WALLET

ADDRESS

DATA CORPUS

PROJECT

The APWG Crypto Currency Working Group (CCWG) was inaugurated to help cryptocurrency exchanges, wallet hosters, trading platforms and investment funds as well as security teams protect themselves and their customers against phishing and cybercrime – and established a data endpoint on the APWG’s eCrime eXchange (eCX) for wallet addresses associated with cybercrime events. Today, the CCWG’s /crypto API endpoint on the APWG’s eCrime eXchange is delivering hundreds of millions of data entities per month outbound to its members, providing event records in a complete and verbose schema that provides key primary wallet address data for those payment instruments suspected of providing cash out mechanisms for scams and racketeering operations.

2019

APWG

APPLIED

RESEARCH

SECRETARIAT

The APWG Applied Research Secretariat was established to formalize programs of R&D that historically arisen from the dialog emerging from APWG’s uniquely innovative community and completed in an ad hoc development modality. The secretariat’s role is to understand the interests of the larger counter-cybercrime community,  recognize opportunities to satisfy their needs for data resources, metrics, policies and conventions (distinguished by not being products or services) and organize the underwriting required for their research, development and ultimate deployment. The APWG prioritizes its selection of applied research programs by their utility in suppressing all of the cybercrimes they target in a public-health model of intervention.

2016

SYMPOSIUM

ON

GLOBAL

CYBERSECURITY

AWARENESS

The Symposium on Global Awareness was founded to establish strategies for cybersecurity awareness at global scale with the development and deployment of messaging assets and tools as a form of cybercrime prevention – and to present resources for deployment of national and globalized cybersecurity awareness campaigns. This annual research and advocacy symposium promotes exchange of best practices for cybersecurity awareness campaign deployment at the national and transnational levels – and introduces the latest research in the behavioral factors that contribute to cybercrime’s success – and that can inform cybercrime’s suppression through awareness campaigns and education. Over the years, Awareness has been hosted by the United Nations (Office of Drugs and Crime) and the European Commission and underwritten by many commercial sponsors as well as the Council of Europe.

2015

APWG Data Policy Symposium

APWG

DATA POLICY

SYMPOSIUM

The APWG Data Policy Symposium explores and delineates how all sectors can not only comply with the provisions of data protection and privacy legislation but to investigate how they can be leveraged to to codify exchange of all kinds of data necessary for cybercrime prevention, response and investigation. Typically, this symposium gives equal weight to law and regulations; implementation/interpretations thereof that impact operations and inter-enterprise data exchange; and the risk and liability management issues attedant these still nascent laws and regulations.

2014

APWG Malicious Domain Suspension Program

APWG

MALICIOUS

DOMAIN

SUPENSION

PROGRAM

The APWG Malicious Domain Suspen sion (AMDoS) system enables Accredited Interveners to submit suspected malicious domain names for investigation and suspension by Sponsoring Registrars. AMDoS orders and systematizes suspension requests through a formal process that ensures the credibility of malicious domain reporters and integrity of their suspension requests − and speeds them on their way to the Registrars of record. The program, launched initially with 12 Registrys of gTLD and ccTLDs, is now suspended and being reconsidered as a notification system that would deliver attestations exclusively to Sponsoring Registrars, explicitly reflecting the update in the ICANN RAA contracts of 2013.

2019

Lawful evidence cOllecting and Continuity plAtfoRm Development (LOCARD) aims to develop a holistic platform aimed at ensuring the chain of custody throughout the flow of forensic analysis. It is a distributed and trusted platform that allows the storage of digital evidence metadata using blockchain. Each node of LOCARD will independently establish its own permission policies and will selectively share access to digital evidence with other nodes (if necessary), and with the required authorisation. In addition, the platform will provide a collection resource module aimed at collecting citizens’ information related to certain law violations, as well as a tracker to allow the detection and correlation of certain deviations based on behavioural patterns. SEE: https://apwg.eu/locard/

2016

Layer 210

TRUst-Enhancing certified Solutions for SEcurity and  protection of Citizens rights in digital Europe (TRUESSEC.EU) is a CSA on certification and labelling of trustworthiness properties from a multidisciplinary SSH-ICT perspective and with emphasis on human rights.TRUESSEC.EU aims at exploring the situation, the barriers, and the benefits of security and privacy labels; engaging stakeholders in the discussions, and issuing recommendations that may foster the adoption and acceptance of labels. SEE: https://truessec.eu/

2016

Videos in Vocational Education & Training (ViVET) is a European consortium with partners from Bulgaria, Spain, Italy and Germany created a cross-sectoral repository collecting and delivering vocational videos from all countries in Europe and beyond. To introduce the videos into vocational training, the consortium developed a collaborative learning platform allowing users to work directly online with videos and other learning resources. The consortium is creating online courses in four areas: Cyber Security, Environment Protection, Organic Agriculture and Health Care.

Download the PDF file of the project

SEE: https://vivet.education/

2013

FUNDACIÓN

APWG

EUROPEAN

UNION

The APWG.EU was established as Fundación APWG European Union, a scientific research foundation dedicated to the advancement of cybercrime research as a discrete discipline in the EU and beyond. The organization provides a forum for cybercrime researchers from academic, industry and law enforcement developing their research programs; to cultivate the university research community dedicated to cybercrime; and to advise government, industry, law enforcement and treaty organizations of the EU on the nature of cybercrime – and resources necessary for its programmatic suppression.

2012

The APWG eCrime eXchange

APWG

ECRIME

EXCHANGE

The APWG eCrime Exchange (eCX) launched in 2012 specifically to archive and exchange threat data about common cybercrime events such as phishing. The APWG’s member organizations contribute data to alert the larger stakeholding community and extract needed data to inform their security applications and forensic routines, though the eCX’s RESTful API and Web UIs.

2010

APWG / UCD

ECRIME

RESEARCHERS

SYNC-UP

The eCrime Researchers Sync-Up was inaugurated in 2010 in collaboration with University College Dublin (UCD) as a chalk-talk session for academic researchers. Sync-Up quickly hybridized over the years into a multi-disciplinary multi-sector program for police and researchers of all stripes, covering cybercrime investigation and remediation from behavioral aspects to advanced technical exploits. Presentations were made by industrial interveners, operations personnel, and cybercrime law enforcement officers as well as academic and industrial researchers.

2010

APWG STOP. THINK. CONNECT. Campaign

THE

MESSAGING

CONVENTION

STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations.  APWG proposed a ‘messaging convention’ of unified awareness assets to its members in 2008 and 2009 and worked with co-founder National Cybersecurity Alliance (NCSA) to muster the initial coalition in June of 2009 and complete the R&D for such a campaign. The campaign was officially launched in October of 2010 when the United States Department of Homeland Security announced the adoption of the campaign for the United States of America. Today the STOP. THINK. CONNECT. campaign and has been deployed in 23 nations with scores more national campaigns in some phase of deployment and/or due diligence.

2009

FAX BACK

PHISHING

EDUCATION

PROGRAM

 

The APWG and United States Internal Revenue Service designed and established the Fax Back Phishing Education Program to instruct consumers about protecting themselves against offline phishing scams at the “most teachable moment”: when they have just responded to a phishing communication via fax. The Fax-Back warning and instruction page is offered to online faxing services, telcos and hosts of Fax-over-IP applications (FoIP) so that they can help advise consumers and enterprise IT users who have fallen prey to scams animated by these services’ compromised infrastructure.

2008

Phishing Education Landing Page

APWG/CMU

PHISHING

EDUCATION

LANDING PAGE

 

APWG and Carnegie Mellon Cylab Usable Privacy and Security Laboratory (CUPS) established the APWG/CMU Phishing Education Landing Page program in 2008 to lead credulous users who’ve clicked on links to phishing websites to educational resources that shows them how to avoid such online hazards.  The initiative instructs consumers on online safety at the “most teachable moment”: when they have just clicked on a link in a phishing communication.

2006

APWG SYMPOSIUM

ON

ELECTRONIC CRIME

RESEARCH

The Symposium on Electronic Crime Research (APWG eCrime), was founded in 2006 to provide a comprehensive venue to present and publish research into electronic crime, engaging every aspect of its evolution – as well as technologies and techniques for cybercrime detection, response, forensics and prevention. APWG eCrime’s proceedings are published by the IEEE and remains the only peer-reviewed research conference hosted exclusively for cybercrime studies.

2004

PHISHING URL

BLOCK LIST

The Phishing URL Block List (UBL) was inspired by industry’s need for clearance of phishing attack data between ISPs, defending brandholders and anti-virus companies in late 2003 when phishing first menaced anglophone democracies. UBL functionality was subsumed and expanded through the APWG eCrime eXchange and its RESTful API, to inform forensic routines and security applications.

2003

PHISHING ACTIVITY

TRENDS REPORT

The quarterly APWG Phishing Activity Trends Report has been providing metrics of phishing attacks against brands, TLDs, industrial categories and national economies since (northern hemisphere) Fall of 2003. As such, Trends is one of the most useful and quoted periodicals in the counter-cybercrime community, trusted with equal confidence by the private and public sectors and the larger NGO community.