Financial analysis of Russian cyber threat actors
286 total views
The Russian government engages in malicious cyber activities both passively and actively[1]M. J. Kari and K. Pynnöniemi, “Theory of strategic culture: An analytical framework for Russian cyber threat perception,” Journal of Strategic Studies, pp. 1–29, Sep. 2019, doi: … Continue reading. This approach allows independent and state-sponsored threat actors freely conduct cyberattacks, including cyber espionage, sabotage, and ransomware attacks against non-Russian geolocations and entities, comprising citizens, for-profit companies, public organisations, and governments, respectively conduct social and political activities. The following questions are raised by this strategic approach. 1) What is a for-profit organization’s likely income? 2) What are the operating costs of a government-related threat actor?
This blog introduces a thought-experiment-like analysis of TA542 and APT28 threat actors. APT28’s case, being a state-sponsored threat actor, encompasses cost-related cash flows for which we use NPV calculation with an available social discount rate series regarding Russia. On the other hand, TA552’s case needs a more comprehensive evaluation methodology due to the financial motives they operate. We use the Adjusted Present Value (APV)[2]S. C. Myers, “Interactions of Corporate Financing and Investment Decisions-Implications for Capital Budgeting,” J Finance, vol. 29, no. 1, pp. 1–25, Mar. 1974, doi: 10.2307/2978211.. APV’s approach is to analyse financial manoeuvres separately, then add their value to that of the business, it involves less input in the calculation of company assets, and it uses to discount cash flows assuming unleveraged operations.
This blog’s original version, with deliberate faults, was part of an experiment with a predatory journal. However, the topic is highly relevant, and the following content is the revised and improved version of the manuscript.
1. TA542 – a private-company project
1.1. Short introduction of TA542
Based on the threat intelligence report of the CERT-FR[3]CERT-FR, “The malware-as-a-service Emotet,” Feb. 2021. Accessed: Jan. 27, 2023. [Online]. Available: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf, the French governmental Computer emergency response team (CSIRT), the TA542 threat actor is seemingly a Russian cybercriminal group responsible for the Emotet botnet that was initially recognised in 2014 as a banking trojan. Its first three versions targeted banking clients to carry out automatic fraudulent transfers from compromised bank accounts. However, until 2015, others could initiate such transfers because TA542 sold Emotet on underground forums at that time. After that, Emotet became available to a possibly limited set of clients. In 2017, TA542 removed Emotet’s banking-trojan-horse capability and modified the botnet to be able to distribute other malware, becoming a MaaS, having self-operated modules (such as spamming, credential stealing, email harvesting, and spreading on local networks[4]Proofpoint, “Threat Actor Profile: TA542, From Banker to Malware Distribution Service,” May 15, 2019. … Continue reading). Bots were separated into three independent infrastructures: Epoch 1, Epoch 2, and Epoch 3. These botnets were inactive several times a year for maintenance and hiding.
Although law enforcement and judicial authorities disrupted Emotet worldwide in January 2021[5]EUROPOL, “World’s most dangerous malware EMOTET disrupted through global action,” Jan. 2021. … Continue reading, it resumed operations in November 2021, running on two separate infrastructures: Epoch 4 and Epoch 5[6]B. Duncan, “Emotet Summary: November 2021 Through January 2022,” Unit 42, May 17, 2022. https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/#Emotet-in-November-2021 (accessed … Continue reading. The fact of the return is not surprising, as TA542 is continually improving the applied tactics, techniques, and procedures[7]P. Paganini, “Experts analyzed the evolution of the Emotet supply chain,” Oct. 11, 2022. https://securityaffairs.co/136935/malware/emotet-evolution-ttps.html (accessed Jan. 27, 2023)..
1.2. Data and analysis
Although the TA542 group’s botnet has been active since 2014, there was a decision point in 2017 on whether it should remain as a banking trojan or be modified to be a MaaS, respectively denoted as Alternative A and Alternative B. We check the alternatives based on available data and rough estimates.
For Alternative A, displayed in Table 2, we consider that the banking trojan was rented for $600 [[8]Deloitte, “Black-market ecosystem Estimating the cost of “Pwnership”,” Dec. 2018. Accessed: Jan. 31, 2023. [Online]. Available: … Continue reading p. 15] in 2017, increasing annually with the inflation rate, with 100 times usage per month from 2014. At the same time, the group uses Emotet to infect victims’ machines and account transfers 1 000 times yearly with $700 [[9]B. H. Custers, R. L. Pool, and R. Cornelisse, “Banking malware and the laundering of its profits,” Eur J Criminol, vol. 16, no. 6, pp. 728–745, Nov. 2019, doi: 10.1177/1477370818788007. p. 13] on average without inflation. Believing a smaller organisation, the labour count is 10. The CAPEX encompasses $500 thousand in investments annually, growing by the inflation rate.
On the other hand, in the case of Alternative B, depicted in Table 3, the income origins from MaaS renting services and profit shares on incomes of Emotet’s customers [[10]CERT-FR, “The malware-as-a-service Emotet,” Feb. 2021. Accessed: Jan. 27, 2023. [Online]. Available: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf, p. 7]. Using this information, we take that the MaaS renting is $2 000 with an amount of 500 for each “customer” and the MaaS profit share has the amount of $2 million annually beginning with 2018. As far as publicly known, TA542 collaborated with several known and believed threat actors [[11]CERT-FR, “The malware-as-a-service Emotet,” Feb. 2021. Accessed: Jan. 27, 2023. [Online]. Available: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf, pp. 7–9], such as Wizard Spider (Trickbot 2017-2020, Ryuk 2019-2020, Conti, 2020), Lunar Spider (IceId 2017-2018, AZORult 2018-2020), Doppel Spider (DoppelDridex 2019-2020), Evil Corp (Dridex 2017-2020, Dridex 2017-2020), and Black Basta (QakBot 2017-2020). Moreover, there are botnets with unknown threat actors with which T542 worked, like ZeusPanda (2018), UmbreCrypt (2017), SilentNight (2020), and Noselesn (2018-2019).
The nearest approximation regarding the extent of a threat actor’s membership that has been publicly found is Trickbot. In 2022, a current estimate said Trickbot had members between 100 and 400[12]M. Burgess, “Inside Trickbot, Russia’s Notorious Ransomware Gang,” Wired, Jan. 02, 2022. https://www.wired.co.uk/article/trickbot-malware-group-internal-messages (accessed Jan. 31, 2023)., from which we take a constant 100. Finally, we consider that CAPEX was initially $1 million, growing annually with the inflation rate, and use the unleveraged total beta for a Software (Internet) company as the cost of capital.
Although the two alternatives’ evaluation takes thought-based inputs, the ratio between them must mirror the reality except for tax paying, unless TA542 would not have chosen to turn toward MaaS.
Table 2. TA542-related cost estimation thought experiment in the year 2017 on whether Emotet should remain as a banking trojan
| 2017 | 2018 | 2019 | 2020 | |
| Revenue | $1 420.00 | $1 440.74 | $1 473.85 | $1 500.00 |
| Banking trojan | $720.00 | $740.74 | $773.85 | $800.00 |
| Account transfers | $700.00 | $700.00 | $700.00 | $700.00 |
| OPEX | ($415.79) | ($499.40) | ($527.09) | ($515.77) |
| Labour costs | ($315.79) | ($396.52) | ($419.62) | ($404.66) |
| Other costs | ($100.00) | ($102.88) | ($107.48) | ($111.11) |
| EBITDA | $1 004.21 | $941.34 | $946.75 | $984.23 |
| Depreciation | ($0.00) | ($0.00) | ($0.00) | ($0.00) |
| Amortisation | ($100.00) | ($202.88) | ($310.36) | ($321.47) |
| EBIT | $904.21 | $738.46 | $636.39 | $662.76 |
| Taxes | ($180.84) | ($147.69) | ($127.28) | ($132.55) |
| Net income | $723.37 | $590.77 | $509.11 | $530.21 |
| CAPEX | ($500.00) | ($514.40) | ($537.39) | ($555.56) |
| PV | $274.46 | $208.65 | $184.31 | $172.94 |
| NPVexplicit | $840.36 | |||
| PVimplicit | $2 142.10 | |||
| NPVexplicit+implicit | $2 982.45 |
Note Amounts display values in thousands
Table 3. TA542-related cost estimation thought experiment in the year 2017 on whether Emotet should be modified to be a MaaS
| 2017 | 2018 | 2019 | 2020 | |
| Revenue | $5 000.00 | $16 403.20 | $12 747.87 | $13 111.15 |
| MaaS renting | $5 000.00 | $9 201.60 | $7 373.94 | $7 555.58 |
| MaaS profit share | $5 000.00 | $7 201.60 | $5 373.94 | $5 555.58 |
| OPEX | ($3 257.92) | ($4 068.06) | ($4 303.64) | ($4 157.68) |
| Labour costs | ($3 157.92) | ($3 965.18) | ($4 196.16) | ($4 046.57) |
| Other costs | ($100.00) | ($102.88) | ($107.48) | ($111.11) |
| EBITDA | $1 742.08 | $12 335.14 | $8 444.23 | $8 953.47 |
| Depreciation | ($0.00) | ($0.00) | ($0.00) | ($0.00) |
| Amortisation | ($200.00) | ($405.76) | ($620.72) | ($642.94) |
| EBIT | $1 542.08 | $11 929.38 | $7 823.52 | $8 310.53 |
| Taxes | ($308.42) | ($2 385.88) | ($1 564.70) | ($1 662.11) |
| Net income | $1 233.66 | $9 543.50 | $6 258.81 | $6 648.43 |
| CAPEX | ($1 000.00) | ($1 028.80) | ($1 074.79) | ($1 111.12) |
| PV | $368.07 | $6 665.43 | $3 792.71 | $3 609.28 |
| NPVexplicit | $14 435.49 | |||
| PVimplicit | $56 888.76 | |||
| NPVexplicit+implicit | $71 324.25 |
Note Amounts display values in thousands
2. APT28 – a government project
2.1. Short introduction of APT28
Based on the review in[13]Z. Bederna and T. Szádeczky, “Cyber espionage through Botnets,” Security Journal, vol. 33, pp. 43–62, 2019, doi: 10.1057/s41284-019-00194-6., APT28 is believed to be active since 2004. However, their activities have been revealed in more details since 2014. From late 2014 through 2016, the group covertly spied on the Ukrainian military by compromising an official mobile application developed by the Ukrainian army, affecting more than 9 000 artillery personnel. In 2016, it targeted the United States (US) Democratic political party, the Organization for Security and Cooperation in Europe (OSCE), Germany’s Christian Democratic Union (CDU), and the World Anti-Doping Agency (WADA). At the beginning of 2017, group members attacked multiple International Olympic Winter Sports Federations due to the sanction affecting game participation. Later, they targeted the hospitality sector affecting individuals staying in hotels throughout Europe and the Middle East. Furthermore, APT28 compromised the German “Informationsverbund Berlin-Bonn” (IVBB) network, the German federal chancellery, the German parliament, federal ministries, the Federal Audit Office, and other security entities. In early February 2018, a new cyber espionage campaign of APT28 was recognised that targeted Ministries of Foreign Affairs.
2.2. Data and analysis
To examine APT28-related costs, we take the years from 2014 to 2018 as the explicit interval when the group was already recognised and known to be frequently active. We consider a labour count of 500 based on[14]C. Miller, “Kim Jong-il and me: How to build a cyber army to attack the U.S.,” in DEF CON 18, 2010. Accessed: Dec. 21, 2022. [Online]. Available: … Continue reading, an annual $1 million CAPEX growing by the inflation rate, and the SRTP as the cost of capital. As we evaluate only the cost-related cash flows, we use NPV. According to the rough estimate in Table 4, an APT28-like threat actor can keep up with millions of dollars annually.
Table 4. APT28-related cost estimation
| 2014 | 2015 | 2016 | 2017 | 2018 | |
| OPEX | ($17 661.72) | ($11 810.70) | ($11 167.20) | ($15 789.60) | ($19 825.92) |
| Labour costs | ($17 661.72) | ($11 810.70) | ($11 167.20) | ($15 789.60) | ($19 825.92) |
| CAPEX | ($1 000,00) | ($1 155,30) | ($1 236,63) | ($1 282,14) | ($1 319,07) |
| PV | ($18 083,06) | ($12 174,37) | ($11 285,40) | ($15 050,78) | ($18 063,79) |
| NPV | ($74 657,41) |
Note Amounts display values in thousands
3. Conclusion
Based on the available data and achieved estimates, Russia relinquishes tax incomes for prejudicing non-Russian entities by financially motivated threat actors. In addition, it maintains the state-sponsored threat actors with relatively low costs; on the other hand, the expenditure for its operations is probably much higher than the unpaid tax by the financially motivated threat actors.
This behaviour of Russia regarding cyberspace is unethical but successful, providing struggle and regular losses for entities in non-friendly territories and financial and non-financial gains for Russian entities. Strategies for pushing back the Russian malicious cyber threat activities can be realised on the threat-actor level or state level. At the threat-actor level, cybersecurity professionals are constantly involved in warding off cyberattacks.
Acknowledgements
The data presented in this study are openly available in Open Science Framework (OSF) at https://dx.doi.org/10.17605/OSF.IO/SHQ5G.
Methodology development
Analysing a bunch of cash flows (CF) arising at a different time in the examined interval needs a specific approach given by discounted cash-flow methodologies. These methodologies involve forecasting future cash flows and then discounting them to their present value at a rate that reflects their riskiness. So, the valuation of a project or a whole company based on projected future cash flows is adjusted for the time value of money to calculate the present value (PV) to determine the net present value (NPV). A project evaluation works with cash flows within the forecast period and the terminal value representing the cash flow stream after the forecast period[15]P. Fernández, “Valuing companies by cash flow discounting: ten methods and nine theories,” Managerial Finance, vol. 33, no. 11, pp. 853–876, 2007, doi: 10.1108/03074350710823827., for which we choose the perpetual growth to the terminal value. The perpetual growth (Gordon Growth Model)[16]M. J. Gordon and E. Shapiro, “Capital Equipment Analysis: The Required Rate of Profit,” Manage Sci, vol. 3, no. 1, pp. 102–110, Oct. 1956, doi: 10.1287/mnsc.3.1.102. assumes that the given activity will continue to generate cash flows at a constant rate. The exit multiple expects the company to sell for a multiple of some market metric.
To determine the value of the expected expenses and returns before starting the investment, one must apply the following formula:
Discount rates
Although NPV calculation is an essential tool in investment calculation, it has drawbacks[17]H. Gaspars-Wieloch, “Project Net Present Value estimation under uncertainty,” Cent Eur J Oper Res, vol. 27, pp. 179–197, 2019, doi: 10.1007/s10100-017-0500-0., one of which is the sensitivity, determining reasonable interest rates. Furthermore, evaluating a private company or a government project requires different treatment.
Discount rate of a private-company threat actor
From a financial perspective, most assets are exposed to risks, and riskier investments need higher compensation returns. A prominent solution is the Capital Asset Pricing Model (CAPM)[18]W. F. Sharpe, “Capital asset prices: A theory of market equilibrium under conditions of risk,” J Finance, vol. 19, no. 3, pp. 425–442, Sep. 1964, doi: 10.1111/j.1540-6261.1964.tb02865.x. for calculating the cost of capital, discussed in detail in[19]M. A. Elbannan, “The Capital Asset Pricing Model: An Overview of the Theory,” Int J Econ Finance, vol. 7, no. 1, pp. 216–228, Dec. 2014, doi: 10.5539/ijef.v7n1p216., giving the following formula:
In the above equation, the 
together is the risk premium an investor expects to receive from holding a particular stock or portfolio above the risk-free assets.
In that case, the given entity does not use any debt (D) for its operation (D = 0), i.e., it is considered unleveraged, and so, no tax shield would decrease the payable taxes. In this case, the corporate interest rate equals the shareholder interest rate. On the other hand, if a company is leveraged, the weighted-average cost of capital (WACC) must be considered, discussed in detail by Frank et al.[20]M. Z. Frank and T. Shen, “Investment and the weighted average cost of capital,” J financ econ, vol. 119, no. 2, pp. 300–315, Feb. 2016, doi: 10.1016/j.jfineco.2015.09.001.. The WACC encompassing the tax shield is calculated by the following formula:
Unless the threat actor has a legally registered entity, it is not entitled to borrow from legal entities, but at the same time, it is not required to pay taxes. However, because we are examining the specific scenario when a threat actor how much tax would pay if it were a legal entity, we consider the TA542 threat actor as an unleveraged company. At the same time, except the threat-actor private company is not only a legal entity but a publicly traded firm (which is obviously not), it operates the business with higher risks, represented by the total beta defined by Damodaran[21]A. Damodaran, Investment Valuation: Tools and Techniques for Determining the Value of Any Asset, 3rd edition. John Wiley & Sons, 2012.. The total beta is calculated by the following formula:
The total beta has a higher value than the market beta, depending on the correlation between the firm and the market, since a threat actor may tackle fluctuating income and higher personal risks of being a sitting duck and, in the case of a wrong step, its members being arrested.
Discount rate of a government threat actor
Calculating the cost of capital for public projects needs special attention because of the limited quantifiability of the benefits. Two estimates are generally available for public projects, which are the social rate of time preference (SRTP) and the social opportunity cost of capital (SOC)[22]V. Kazlauskienė, “Application of Social Discount Rate for Assessment of Public Investment Projects,” Procedia Soc Behav Sci, vol. 213, pp. 461–467, Dec. 2015, doi: 10.1016/j.sbspro.2015.11.434.. The commonly accepted method of calculating SRTP is the Ramsey formula[23]F. P. Ramsey, “A Mathematical Theory of Saving,” The Economic Journal, vol. 38, no. 152, pp. 543–559, 1928, doi: 10.2307/2224098.:
The SOC approach is based on the race of private and public projects for funds. So that the returns of public projects cannot fall below the returns of the competing private projects; else, the community welfare would require the reallocation of funds[24]V. Kazlauskienė, “Application of Social Discount Rate for Assessment of Public Investment Projects,” Procedia Soc Behav Sci, vol. 213, pp. 461–467, Dec. 2015, doi: 10.1016/j.sbspro.2015.11.434.. There are more estimations of the SOC value, such as the high-grade corporate bonds[25]M. A. Moore, A. E. Boardman, A. R. Vining, D. L. Weimer, and D. H. Greenberg, “‘Just give me a number!’ Practical values for the social discount rate,” Journal of Policy Analysis and … Continue reading and the marginal pretax rate of return on riskless private investments[26]J. Zhuang, Z. Liang, T. Lin, and F. D. xDe Guzman, “Theory and practice in the choice of social discount rate for cost-benefit analysis: a survey,” May 2007. Accessed: Jan. 26, 2023. [Online]. … Continue reading.
Supplementary data
In analysing TA542 and APT28 data, we use the supplementary data displayed in Table 1. Furthermore, we take amortisation linearly in five years, commencing next month from the purchase date[27]Fenebris, “What useful life should be considered when estimating the TAB factor of an intangible asset?,” 2020. http://www.taxamortisation.com/tax-amortisation-benefit/russia.html (accessed Jan. … Continue reading, but assuming the purchases happen at the beginning of each year, we take the amount of the minimum wages with a multiplicity factor being 20.
Table 1. Supplementary data for case studies
| 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | |
| Yearly averaged RUB to USD[28]ExchangeRates, “Russian Rouble (RUB) to US Dollar (USD) exchange rate history,” 2023. https://www.exchangerates.org.uk/RUB-USD-exchange-rate-history.html (accessed Jan. 31, 2023). | 0.0265 | 0.0165 | 0.015 | 0.0172 | 0.016 | 0.0155 | 0.0139 |
| Minimum monthly Russian wages in RUB[29]WageIndicator Foundation, “Minimum Wage – Russia,” 2023. https://wageindicator.org/salary/minimum-wage/russia (accessed Jan. 31, 2023). | 5 554 | 5 965 | 6 204 | 7 650* | 10 326** | 11 280 | 12 130 |
| Russian inflation rate[30]Macrotrends, “Russia Inflation Rate 1993-2023,” 2023. https://www.macrotrends.net/countries/RUS/russia/inflation-rate-cpi (accessed Jan. 31, 2023). | 7.82% | 15.53% | 7.04% | 3.68% | 2.88% | 4.47% | 3.38% |
| Corporate tax rate in Russia[31]Expatica, “Corporate tax in Russia,” Sep. 12, 2022. https://www.expatica.com/ru/finance/taxes/corporate-tax-in-russia-1071356/ (accessed Jan. 31, 2023). | 20% | 20% | 20% | 20% | 20% | 20% | 20% |
| SRTP in Russia[32]T. Kossova and M. Sheluntcova, “‘Evaluating performance of public sector projects in Russia: The choice of a social discount rate,’” International Journal of Project Management, vol. 34, no. … Continue reading | 3.2% | 3.2% | 3.2% | 3.2% | 3.2% | 3.2% | 3.2% |
| Unleveraged total beta for Russian Software (Internet) companies[33]A. Damodaran, “Data:Archives, Discount Rate Estimation,” 2022. https://pages.stern.nyu.edu/~adamodar/New_Home_Page/dataarchived.html#discrate (accessed Jun. 12, 2022). | 12.92% | 14.99% | 17.03% | 17.82% | 13.59% | 14.36% | 11.88% |
*Calculated as the average of the two available data for the year
**Calculated as the average of the data available for January and December
Zsolt Bederna is a PhD candidate at Óbuda University Doctoral School on Safety and Security Sciences, Hungary, with the research topic of information and communication technology’s security in critical infrastructures. He conducted various research on different perspectives of cybersecurity, such as the Union-level governance as well as national-level and business effects of cyberattacks, including financial and non-financial impacts. He is a security expert in the business area, holding ISACA, ISC(2), and EC-Council certificates. He is the founder and CEO of a cybersecurity consulting firm and a CTO at a startup working with user awareness.
References
| ↑1 | M. J. Kari and K. Pynnöniemi, “Theory of strategic culture: An analytical framework for Russian cyber threat perception,” Journal of Strategic Studies, pp. 1–29, Sep. 2019, doi: 10.1080/01402390.2019.1663411. |
|---|---|
| ↑2 | S. C. Myers, “Interactions of Corporate Financing and Investment Decisions-Implications for Capital Budgeting,” J Finance, vol. 29, no. 1, pp. 1–25, Mar. 1974, doi: 10.2307/2978211. |
| ↑3, ↑10, ↑11 | CERT-FR, “The malware-as-a-service Emotet,” Feb. 2021. Accessed: Jan. 27, 2023. [Online]. Available: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf |
| ↑4 | Proofpoint, “Threat Actor Profile: TA542, From Banker to Malware Distribution Service,” May 15, 2019. https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service (accessed Jan. 27, 2023). |
| ↑5 | EUROPOL, “World’s most dangerous malware EMOTET disrupted through global action,” Jan. 2021. https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action (accessed Jan. 27, 2023). |
| ↑6 | B. Duncan, “Emotet Summary: November 2021 Through January 2022,” Unit 42, May 17, 2022. https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/#Emotet-in-November-2021 (accessed Jan. 27, 2023). |
| ↑7 | P. Paganini, “Experts analyzed the evolution of the Emotet supply chain,” Oct. 11, 2022. https://securityaffairs.co/136935/malware/emotet-evolution-ttps.html (accessed Jan. 27, 2023). |
| ↑8 | Deloitte, “Black-market ecosystem Estimating the cost of “Pwnership”,” Dec. 2018. Accessed: Jan. 31, 2023. [Online]. Available: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-black-market-ecosystem.pdf |
| ↑9 | B. H. Custers, R. L. Pool, and R. Cornelisse, “Banking malware and the laundering of its profits,” Eur J Criminol, vol. 16, no. 6, pp. 728–745, Nov. 2019, doi: 10.1177/1477370818788007. |
| ↑12 | M. Burgess, “Inside Trickbot, Russia’s Notorious Ransomware Gang,” Wired, Jan. 02, 2022. https://www.wired.co.uk/article/trickbot-malware-group-internal-messages (accessed Jan. 31, 2023). |
| ↑13 | Z. Bederna and T. Szádeczky, “Cyber espionage through Botnets,” Security Journal, vol. 33, pp. 43–62, 2019, doi: 10.1057/s41284-019-00194-6. |
| ↑14 | C. Miller, “Kim Jong-il and me: How to build a cyber army to attack the U.S.,” in DEF CON 18, 2010. Accessed: Dec. 21, 2022. [Online]. Available: https://defcon.org/images/defcon-18/dc-18-presentations/Miller/DEFCON-18-Miller-Cyberwar.pdf |
| ↑15 | P. Fernández, “Valuing companies by cash flow discounting: ten methods and nine theories,” Managerial Finance, vol. 33, no. 11, pp. 853–876, 2007, doi: 10.1108/03074350710823827. |
| ↑16 | M. J. Gordon and E. Shapiro, “Capital Equipment Analysis: The Required Rate of Profit,” Manage Sci, vol. 3, no. 1, pp. 102–110, Oct. 1956, doi: 10.1287/mnsc.3.1.102. |
| ↑17 | H. Gaspars-Wieloch, “Project Net Present Value estimation under uncertainty,” Cent Eur J Oper Res, vol. 27, pp. 179–197, 2019, doi: 10.1007/s10100-017-0500-0. |
| ↑18 | W. F. Sharpe, “Capital asset prices: A theory of market equilibrium under conditions of risk,” J Finance, vol. 19, no. 3, pp. 425–442, Sep. 1964, doi: 10.1111/j.1540-6261.1964.tb02865.x. |
| ↑19 | M. A. Elbannan, “The Capital Asset Pricing Model: An Overview of the Theory,” Int J Econ Finance, vol. 7, no. 1, pp. 216–228, Dec. 2014, doi: 10.5539/ijef.v7n1p216. |
| ↑20 | M. Z. Frank and T. Shen, “Investment and the weighted average cost of capital,” J financ econ, vol. 119, no. 2, pp. 300–315, Feb. 2016, doi: 10.1016/j.jfineco.2015.09.001. |
| ↑21 | A. Damodaran, Investment Valuation: Tools and Techniques for Determining the Value of Any Asset, 3rd edition. John Wiley & Sons, 2012. |
| ↑22, ↑24 | V. Kazlauskienė, “Application of Social Discount Rate for Assessment of Public Investment Projects,” Procedia Soc Behav Sci, vol. 213, pp. 461–467, Dec. 2015, doi: 10.1016/j.sbspro.2015.11.434. |
| ↑23 | F. P. Ramsey, “A Mathematical Theory of Saving,” The Economic Journal, vol. 38, no. 152, pp. 543–559, 1928, doi: 10.2307/2224098. |
| ↑25 | M. A. Moore, A. E. Boardman, A. R. Vining, D. L. Weimer, and D. H. Greenberg, “‘Just give me a number!’ Practical values for the social discount rate,” Journal of Policy Analysis and Management, vol. 23, no. 4, pp. 789–812, Aug. 2004, doi: 10.1002/pam.20047. |
| ↑26 | J. Zhuang, Z. Liang, T. Lin, and F. D. xDe Guzman, “Theory and practice in the choice of social discount rate for cost-benefit analysis: a survey,” May 2007. Accessed: Jan. 26, 2023. [Online]. Available: http://hdl.handle.net/11540/1853 |
| ↑27 | Fenebris, “What useful life should be considered when estimating the TAB factor of an intangible asset?,” 2020. http://www.taxamortisation.com/tax-amortisation-benefit/russia.html (accessed Jan. 31, 2023). |
| ↑28 | ExchangeRates, “Russian Rouble (RUB) to US Dollar (USD) exchange rate history,” 2023. https://www.exchangerates.org.uk/RUB-USD-exchange-rate-history.html (accessed Jan. 31, 2023). |
| ↑29 | WageIndicator Foundation, “Minimum Wage – Russia,” 2023. https://wageindicator.org/salary/minimum-wage/russia (accessed Jan. 31, 2023). |
| ↑30 | Macrotrends, “Russia Inflation Rate 1993-2023,” 2023. https://www.macrotrends.net/countries/RUS/russia/inflation-rate-cpi (accessed Jan. 31, 2023). |
| ↑31 | Expatica, “Corporate tax in Russia,” Sep. 12, 2022. https://www.expatica.com/ru/finance/taxes/corporate-tax-in-russia-1071356/ (accessed Jan. 31, 2023). |
| ↑32 | T. Kossova and M. Sheluntcova, “‘Evaluating performance of public sector projects in Russia: The choice of a social discount rate,’” International Journal of Project Management, vol. 34, no. 3, pp. 403–411, Apr. 2016, doi: 10.1016/j.ijproman.2015.11.005. |
| ↑33 | A. Damodaran, “Data:Archives, Discount Rate Estimation,” 2022. https://pages.stern.nyu.edu/~adamodar/New_Home_Page/dataarchived.html#discrate (accessed Jun. 12, 2022). |
Recent posts
Is Georgia Going Back to the Bandwagoning Strategy towards Russia?Following the collapse of the Soviet Union in 1991, Georgia attained autonomy but was soon embroiled in civil war. Additionally, two territories that are currently seized by Russian military forces, Abkhazia and so-called South Ossetia, were lost. The independence obtained by means of struggle was seriously threatened by the nation’s challenging socio economic situation, elite corruption, and high crime rate in the country. […]
Predatory journals and publishers jeopardising (security) science – With the hope this blog can prevent several articles published in such a wayThis blog details the author’s personal experiences with two predatory journals that he obtained by knowingly playing their game in order to write this report. […]
