{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T12:41:34Z","timestamp":1761396094480,"version":"3.37.3"},"reference-count":80,"publisher":"IEEE","license":[{"start":{"date-parts":[[2020,11,16]],"date-time":"2020-11-16T00:00:00Z","timestamp":1605484800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,11,16]],"date-time":"2020-11-16T00:00:00Z","timestamp":1605484800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,11,16]],"date-time":"2020-11-16T00:00:00Z","timestamp":1605484800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100003343","name":"Cambridge Trust","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003343","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,11,16]]},"DOI":"10.1109\/ecrime51433.2020.9493257","type":"proceedings-article","created":{"date-parts":[[2021,7,27]],"date-time":"2021-07-27T21:07:41Z","timestamp":1627420061000},"page":"1-14","source":"Crossref","is-referenced-by-count":13,"title":["When will my PLC support Mirai? The security economics of large-scale attacks against Internet-connected ICS devices"],"prefix":"10.1109","author":[{"given":"Michael","family":"Dodson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alastair R.","family":"Beresford","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel R.","family":"Thomas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref73","article-title":"Internet-facing PLCs – a new back orifice","author":"klick","year":"2015","journal-title":"BlackHat USA"},{"key":"ref72","article-title":"PLC-Blaster: A worm living solely in the PLC","author":"spenneberg","year":"2016","journal-title":"Black Hat Asia"},{"journal-title":"Global connected IoT devices by type 2017 and 2018","year":"2019","key":"ref71"},{"article-title":"Apple Now Has 1.3 Billion Active Devices Worldwide","year":"2018","author":"clover","key":"ref70"},{"year":"2017","key":"ref76","article-title":"Former systems administrator sentenced to prison for hacking into industrial facility computer system"},{"journal-title":"Federal Bureau of Investigation (FBI)","article-title":"Attacks on Arkansas power grid","year":"2015","key":"ref77"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-75462-8_6"},{"article-title":"Mirai botnet authors avoid jail time","year":"2018","author":"krebs","key":"ref39"},{"article-title":"Malicious control system cyber security attack case study – Maroochy water services, Australia","year":"2008","author":"abrams","key":"ref75"},{"journal-title":"Security Engineering","year":"2008","author":"anderson","key":"ref38"},{"key":"ref78","article-title":"Renault-Nissan resumes nearly all production after cyber attack","author":"frost","year":"2017","journal-title":"Reuters"},{"key":"ref79","article-title":"Zmap: Fast Internet-wide scanning and its security applications","author":"durumeric","year":"2013","journal-title":"USENIX Security Symposium (USENIX Security)"},{"journal-title":"APWG Symposium on Electronic Crime Research (eCrime)","year":"2017","author":"thomas","key":"ref33"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355592"},{"journal-title":"Tech Rep","article-title":"Malware Initial Findings Report (MIFR) - 10130295","year":"2017","key":"ref31"},{"journal-title":"Kaspersky","article-title":"Schroedinger’s Pet(ya)","year":"2017","key":"ref30"},{"key":"ref37","article-title":"Out of control: Ransomware for industrial control systems","author":"formby","year":"2017","journal-title":"RSA Conference"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355576"},{"article-title":"DDoS-for-hire service webstresser dismantled","year":"2018","author":"krebs","key":"ref35"},{"journal-title":"Former operator of illegal booter services pleads guilty to conspiracy to commit computer damage and abuse","year":"2019","key":"ref34"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00024"},{"key":"ref62","article-title":"Security research: CODESYS runtime, a PLC control framework","author":"nochvay","year":"2019","journal-title":"Tech Rep"},{"journal-title":"Dragos Inc","article-title":"The ICS landscape and threat activity groups","year":"2019","key":"ref61"},{"journal-title":"3S Codesys Vulnerabilities","year":"2013","key":"ref63"},{"journal-title":"Symantec","article-title":"Petya ransomware outbreak: Here’s what you need to know","year":"2017","key":"ref28"},{"key":"ref64","article-title":"Digital manufacturing on a shoestring: Low cost digital solutions for SMEs","author":"mcfarlane","year":"2019","journal-title":"International Workshop on Service Orientation in Holonic and Multi-Agent Manufacturing"},{"journal-title":"Symantec","article-title":"What you need to know about the WannaCry ransomware","year":"2017","key":"ref27"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/MIE.2017.2649104"},{"journal-title":"Azure sphere","year":"2020","key":"ref66"},{"journal-title":"Kaspersky","article-title":"New Petya \/ NotPetya \/ ExPetr ransomware outbreak","year":"2017","key":"ref29"},{"journal-title":"IoT Driving Verticals to Digitization","year":"2019","key":"ref67"},{"article-title":"Android passes 2.5 billion monthly active devices","year":"2019","author":"protalinski","key":"ref68"},{"year":"2019","key":"ref69","article-title":"PCs installed base worldwide 2013–2019"},{"key":"ref2","article-title":"You snooze, you lose: Measuring PLC cycle times under attacks","author":"niedermaier","year":"2018","journal-title":"USENIX Workshop on Offensive Technologies (WOOT)"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2016.7906943"},{"key":"ref20","article-title":"Understanding the Mirai botnet","author":"antonakakis","year":"2017","journal-title":"USENIX Security Symposium (USENIX Security)"},{"journal-title":"BrickerBot permanent denial-of-service attack","year":"2017","key":"ref22"},{"journal-title":"Description of available datasets","year":"2020","key":"ref21"},{"journal-title":"BrickerBot author retires claiming to have bricked over 10 million IoT devices","year":"2017","author":"cimpanu","key":"ref24"},{"journal-title":"BrickerBot results in PDoS (Permanent Denial of Service) Attacks","year":"2017","key":"ref23"},{"article-title":"NSA officials worried about the day its potent hacking tool would get loose. Then it did","year":"2017","author":"nakashima","key":"ref26"},{"journal-title":"Symantec","article-title":"Equation: Advanced cyberespionage group has all the tricks in the book, and more","year":"2015","key":"ref25"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"ref51","volume":"tr 3 11","author":"moore","year":"2011","journal-title":"Economics and internet security A survey of recent analytical empirical and behavioral research"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186178"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.23919\/CyCon49761.2020.9131734"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3338499.3357361"},{"key":"ref56","article-title":"Project RUGGEDTRAX SCADA\/ICS analysis","author":"radvanovsky","year":"2015","journal-title":"Infracritical Technical Report"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3320326.3320328"},{"key":"ref54","article-title":"ICS threat analysis using a large-scale honeynet","author":"vlad","year":"2015","journal-title":"International Symposium for ICS & Scada Cyber Security Research"},{"journal-title":"Cyber-attack on Hydro","year":"2019","key":"ref53"},{"journal-title":"Dragos Inc","article-title":"TRISIS malware: Analysis of safety system targeted malware","year":"2017","key":"ref52"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"article-title":"Sorry, Shodan is not enough! Assessing ICS security via IXP network traffic analysis","year":"2020","author":"barbieri","key":"ref11"},{"article-title":"FREE] World’s largest net: Mirai botnet, client, echo loader, CNC source code release","year":"2016","author":"senpai","key":"ref40"},{"key":"ref12","article-title":"Measuring the changing cost of cybercrime","author":"anderson","year":"2019","journal-title":"Workshop on the Economics of Information Security (WEIS)"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/IECON.2011.6120048"},{"journal-title":"Electricity Information Sharing and Analysis Center (E-ISAC)","article-title":"Analysis of the cyber attack on the Ukrainian power grid","year":"2016","key":"ref14"},{"journal-title":"Dragos Inc","article-title":"CRASHOVERRIDE: Analysis of the threat to electric grid operations","year":"2017","key":"ref15"},{"journal-title":"F-secure","article-title":"News from the lab archive","year":"2009","key":"ref16"},{"key":"ref17","article-title":"The worm that nearly ate the Internet","author":"bowden","year":"2019","journal-title":"The New York Times"},{"key":"ref18","article-title":"The Downadup codex: A comprehensive guide to the threat’s mechanics","author":"nahorney","year":"2009","journal-title":"Symantec"},{"article-title":"Conficker cashes in, installs spam bots and scareware","year":"2009","author":"keizer","key":"ref19"},{"year":"2020","key":"ref80","article-title":"OARC’s DNS don’t-probe list"},{"key":"ref4","article-title":"Project SHINE (SHodan INtelligence Extraction)","author":"radvanovsky","year":"2014","journal-title":"Infracritical Technical Report"},{"key":"ref3","article-title":"Quantitatively assessing and visualising industrial system attack surfaces","author":"leverett","year":"2011","journal-title":"Mphil thesis"},{"key":"ref6","article-title":"Distinguishing Internet-facing ICS devices using PLC programming information","author":"williams","year":"2014","journal-title":"Master’s thesis"},{"key":"ref5","article-title":"Programmable logic controller modification attacks for use in detection analysis","author":"schuett","year":"2014","journal-title":"Master’s thesis"},{"journal-title":"SHODAN","year":"2020","key":"ref8"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423666"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.134"},{"journal-title":"Censys","year":"2020","key":"ref9"},{"journal-title":"Tech Rep","article-title":"Niagara 4 hardening guide","year":"2019","key":"ref46"},{"journal-title":"Tech Rep","article-title":"Network Security","year":"2019","key":"ref45"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"ref47","article-title":"Industrial Security: Protecting networks and facilities against a fast-changing threat landscape","author":"automation","year":"2016","journal-title":"Tech Rep"},{"article-title":"CONPOT ICS\/SCADA honeypot","year":"2019","author":"rist","key":"ref42"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.13052\/jcsm2245-1439.614"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/IINTEC.2018.8695276"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00072"}],"event":{"name":"2020 APWG Symposium on Electronic Crime Research (eCrime)","start":{"date-parts":[[2020,11,16]]},"location":"Boston, MA, USA","end":{"date-parts":[[2020,11,19]]}},"container-title":["2020 APWG Symposium on Electronic Crime Research (eCrime)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9493214\/9493247\/09493257.pdf?arnumber=9493257","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,27]],"date-time":"2022-06-27T15:55:45Z","timestamp":1656345345000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9493257\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,16]]},"references-count":80,"URL":"https:\/\/doi.org\/10.1109\/ecrime51433.2020.9493257","relation":{},"subject":[],"published":{"date-parts":[[2020,11,16]]}}}