Industrialisation of cyber crime
Industrialization of Hacking has created a cottage industry of professional hackers with business models complete with revenue streams, budgets, market researchers and other trappings of legitimate enterprises.
Software-as-a-Service. Infrastructure-as-a-Service. Platform-as-a-Service. You name it and it seems like you can get it as a service. For hackers it’s Cybercrime-as-a-Service. The phrase might come across as the latest marketing buzzword, but it’s actually an evolution in the Industrialisation of Hacking and it’s compounding the challenges IT security professionals in the Middle East face in combatting attacks.
The Industrialisation of Hacking has created a faster, effective and more efficient sector profiting from attacks to networks. By monetizing malware with cryptocurrency, these professional, entrepreneurial, and resourceful hackers have created cybercriminal business models that share many similarities with legitimate businesses. They have revenue streams, budgets, market researchers, a global pool of talented developers, QA analysts and testing, help desk support, and even guarantees.
With these tried and true business practices they’re creating and selling effective cybercrime tools and, in the process, closing the gap between sophisticated and unsophisticated attackers. Now anyone is capable of buying and launching a damaging attack relatively easily. We’ve seen this most recently in a renewed rise in exploit kits and a proliferation of ransomware, the proceeds of which allow hackers to innovate faster and target victims with a never-ending stream of unknown attacks.
Today there are 10 billion connected devices but that number is expected to grow exponentially – exceeding 50 billion sensors, objects, and other connected “things” by the year 2020. The number of global threat alerts is increasing year-on-year and the number and type of attack vectors are only continuing to increase as we continue to connect the unconnected. This is creating a daunting challenge for those responsible to defend the infrastructure.
The Angler Exploit kit is a prime example of cybercrime-as-a-service. Since the takedown of the highly effective Blackhole Exploit Kit, ‘customers’ have been taking care to invest in exploit kits known to be technically sophisticated in terms of evading detection. And attackers are realizing it may be wiser to trade dominance for elusiveness, avoiding the spotlight and attraction of authorities as the number one kit and continuing to modify kits to maintain fourth or fifth position. The Angler Exploit Kit fits the bill. Angler improves upon previous exploit kits because it has the capability of integrating new exploits, including zero-days, quickly and effectively. It also uses a new technique called Domain Shadowing. After stealing users’ domain registration logins to create subdomains without tipping off the actual owner, Domain Shadowing rotates subdomains to hide the IP address of the server. Angler avoids standard detection by overloading traditional web security technologies with large numbers of these subdomains that are pointed at malicious servers.
Ransomware is another example of an extremely lucrative business. The malware alerts the victim that data files, such as photos, videos, and documents on their computer have been encrypted and that in order to decrypt the files the victim must pay a ransom. Amounts vary according to the target, maybe a couple of hundred dollars for an individual or thousands for a corporation or government entity. Targeting high-value files makes ransomware very effective in getting users to pay the ransom.
According to the Cisco 2015 Mid-year Security Report, operators of crimeware, like ransomware, are hiring and funding professional development teams to create new variants and tactics, which help them become more profitable while continuing to avoid detection. Ransomware operations have matured to the point that they are completely automated and carried out through the dark web. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as bitcoin. Criminals are turning to the anonymous web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection.