APWG R&D Programs’ Timeline

The APWG PhishFarm Block List Latency Monitoring Program would provide insights into the browser block lists that are one of the last lines of defense between users and phishing websites — essential to understanding the efficiency of the cybercrime response ecosystem. With common metrics, management of the shared cybercrime-response ecosystem can begin — and be maintained. PhishFarm’s objectives are to: inform and enable whole-of-ecosystem metrics to cultivate the most efficacious data logistics possible; drive out control failures; and measure subsequent ecosystem performance changes, the same way public health agencies employ manage disease propagation.

The APWG Crypto Currency Working Group (CCWG) was inaugurated to help cryptocurrency exchanges, wallet hosters, trading platforms and investment funds as well as security teams protect themselves and their customers against phishing and cybercrime – and established a data endpoint on the APWG’s eCrime eXchange (eCX) for wallet addresses associated with cybercrime events. Today, the CCWG’s /crypto API endpoint on the APWG’s eCrime eXchange is delivering hundreds of millions of data entities per month outbound to its members, providing event records in a complete and verbose schema that provides key primary wallet address data for those payment instruments suspected of providing cash out mechanisms for scams and racketeering operations.

The APWG Applied Research Secretariat was established to formalize programs of R&D that historically arisen from the dialog emerging from APWG’s uniquely innovative community and completed in an ad hoc development modality. The secretariat’s role is to understand the interests of the larger counter-cybercrime community,  recognize opportunities to satisfy their needs for data resources, metrics, policies and conventions (distinguished by not being products or services) and organize the underwriting required for their research, development and ultimate deployment. The APWG prioritizes its selection of applied research programs by their utility in suppressing all of the cybercrimes they target in a public-health model of intervention.

The Symposium on Global Awareness was founded to establish strategies for cybersecurity awareness at global scale with the development and deployment of messaging assets and tools as a form of cybercrime prevention – and to present resources for deployment of national and globalized cybersecurity awareness campaigns. This annual research and advocacy symposium promotes exchange of best practices for cybersecurity awareness campaign deployment at the national and transnational levels – and introduces the latest research in the behavioral factors that contribute to cybercrime’s success – and that can inform cybercrime’s suppression through awareness campaigns and education. Over the years, Awareness has been hosted by the United Nations (Office of Drugs and Crime) and the European Commission and underwritten by many commercial sponsors as well as the Council of Europe.

The APWG Data Policy Symposium explores and delineates how all sectors can not only comply with the provisions of data protection and privacy legislation but to investigate how they can be leveraged to to codify exchange of all kinds of data necessary for cybercrime prevention, response and investigation. Typically, this symposium gives equal weight to law and regulations; implementation/interpretations thereof that impact operations and inter-enterprise data exchange; and the risk and liability management issues attedant these still nascent laws and regulations.

The APWG Malicious Domain Suspen sion (AMDoS) system enables Accredited Interveners to submit suspected malicious domain names for investigation and suspension by Sponsoring Registrars. AMDoS orders and systematizes suspension requests through a formal process that ensures the credibility of malicious domain reporters and integrity of their suspension requests − and speeds them on their way to the Registrars of record. The program, launched initially with 12 Registrys of gTLD and ccTLDs, is now suspended and being reconsidered as a notification system that would deliver attestations exclusively to Sponsoring Registrars, explicitly reflecting the update in the ICANN RAA contracts of 2013.

The APWG.EU was established as Fundación APWG European Union, a scientific research foundation dedicated to the advancement of cybercrime research as a discrete discipline in the EU and beyond. The organization provides a forum for cybercrime researchers from academic, industry and law enforcement developing their research programs; to cultivate the university research community dedicated to cybercrime; and to advise government, industry, law enforcement and treaty organizations of the EU on the nature of cybercrime – and resources necessary for its programmatic suppression.

The eCrime Researchers Sync-Up was inaugurated in 2010 in collaboration with University College Dublin (UCD) as a chalk-talk session for academic researchers. Sync-Up quickly hybridized over the years into a multi-disciplinary multi-sector program for police and researchers of all stripes, covering cybercrime investigation and remediation from behavioral aspects to advanced technical exploits. Presentations were made by industrial interveners, operations personnel, and cybercrime law enforcement officers as well as academic and industrial researchers.

STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations.  APWG proposed a ‘messaging convention’ of unified awareness assets to its members in 2008 and 2009 and worked with co-founder National Cybersecurity Alliance (NCSA) to muster the initial coalition in June of 2009 and complete the R&D for such a campaign. The campaign was officially launched in October of 2010 when the United States Department of Homeland Security announced the adoption of the campaign for the United States of America. Today the STOP. THINK. CONNECT. campaign and has been deployed in 23 nations with scores more national campaigns in some phase of deployment and/or due diligence.

The APWG and United States Internal Revenue Service designed and established the Fax Back Phishing Education Program to instruct consumers about protecting themselves against offline phishing scams at the “most teachable moment”: when they have just responded to a phishing communication via fax. The Fax-Back warning and instruction page is offered to online faxing services, telcos and hosts of Fax-over-IP applications (FoIP) so that they can help advise consumers and enterprise IT users who have fallen prey to scams animated by these services’ compromised infrastructure.

APWG and Carnegie Mellon Cylab Usable Privacy and Security Laboratory (CUPS) established the APWG/CMU Phishing Education Landing Page program in 2008 to lead credulous users who’ve clicked on links to phishing websites to educational resources that shows them how to avoid such online hazards.  The initiative instructs consumers on online safety at the “most teachable moment”: when they have just clicked on a link in a phishing communication.

The Symposium on Electronic Crime Research (APWG eCrime), was founded in 2006 to provide a comprehensive venue to present and publish research into electronic crime, engaging every aspect of its evolution – as well as technologies and techniques for cybercrime detection, response, forensics and prevention. APWG eCrime’s proceedings are published by the IEEE and remains the only peer-reviewed research conference hosted exclusively for cybercrime studies.

The Phishing URL Block List (UBL) was inspired by industry’s need for clearance of phishing attack data between ISPs, defending brandholders and anti-virus companies in late 2003 when phishing first menaced anglophone democracies. UBL functionality was subsumed and expanded through the APWG eCrime eXchange and its RESTful API, to inform forensic routines and security applications.

The quarterly APWG Phishing Activity Trends Report has been providing metrics of phishing attacks against brands, TLDs, industrial categories and national economies since (northern hemisphere) Fall of 2003. As such, Trends is one of the most useful and quoted periodicals in the counter-cybercrime community, trusted with equal confidence by the private and public sectors and the larger NGO community.