Abstract
Prior research on network attacks is predominantly technical, yet little is known about behavioral patterns of attackers inside computer systems. This study adopts a criminological perspective to examine these patterns, with a particular focus on data thieves targeting organizational networks. By conducting interviews with cybersecurity experts and applying crime script analysis, we developed a comprehensive script that describes the typical progression of attackers through organizational systems and networks in order to eventually steal data. This script integrates phases identified in previous academic literature and expert-defined phases that resemble phases from industry threat models. However, in contrast to prior cybercrime scripts and industry threat models, we did not only identify sequential phases, but also illustrate the circular nature of network attacks. This finding challenges traditional perceptions of crime as a linear process. In addition, our findings underscore the importance of considering both successful and failed attacks in cybercrime research to develop more effective cybersecurity strategies.
| Original language | English |
|---|---|
| Article number | 100548 |
| Number of pages | 10 |
| Journal | Computers in Human Behavior Reports |
| Volume | 17 |
| DOIs | |
| Publication status | Published - Mar 2025 |
Funding
This project was funded by the Amsterdam University of Applied Sciences and the Police Academy of the Netherlands (project number P.0004540822).
| Funders | Funder number |
|---|---|
| Hogeschool van Amsterdam | |
| Politieacademie | P.0004540822 |