Malware-as-a-service is cyber criminals' new lucrative business
Organized criminal gangs (OCGs) are increasingly using software services of the type more usually associated with legitimate corporations to grow their operations. By offering malware-as-a-service, OCGs are employing business models similar to those developed by legitimate companies in order to extend their global reach.
The companies providing the software used by OCGs to break into organizations’ IT systems, commonly called malware, now employ business models frequently comprising a revenue stream, a budget, market researchers, a global pool of developers, software quality assurance and testing, help desk support, and even money-back guarantees. This process is now being referred to as the industrialization of cyber crime.
Intelligence and security services now fear that cyber attacks on corporates may start to escalate severely as a result of the proliferation of off-the-shelf malware designed to break into corporate IT systems. Speaking at the recent InfoSec Security Conference in London, US Federal Bureau of Investigation (FBI) agent Michael Driscoll said that the potential effects of selling malware as a service in this way are potentially devastating.
According to the FBI, the malware-as-a-service industry is currently being controlled by a relatively small group of criminals. Driscoll believes that as few as 200 people may be enabling OCGs to mount sophisticated cyber attacks by selling over-the-counter malware, botnets, distributed denial of service (DDoS) software and other hacking services.
The full scale of the threat is, in any case, hard to quantify accurately. In an effort to disguise their identities, the OGCs offer their services on the Dark Web, where slick websites offer services ranging from illegal drug deliveries to assassinations.
By encrypting communications and using the virtual currency, Bitcoin, as an online currency, the OCGs hope to remain anonymous. The increasing globalization of the Internet also makes it all but impossible to track down the shadowy figures behind the industrialization of the criminal web. For example, while the malware development industry in Russia alone is estimated to be worth roughly $2 billion (£1.2 billion) a year, the Russian authorities are reluctant to pursue hackers whose victims are outside Russia.
But there is also evidence that the industrialization of cyber crime may be growing. One clear indication that the global malware market is being directed by the same market forces that govern any industry is the downward pressure on the pricing of some services. As a relatively old-fashioned form of cyber intrusion, a DDoS attack, can, for example, be contracted on the Dark Web at under $40 (£25) per hour.
While many organizations now have security systems in place in order to deal with DDoS attacks, many of these intrusions now mask a more sinister trend. But as the most common type of DDoS attack involves overloading the target organizations email service with communication requests, dealing with this form of intrusion is extremely time consuming for the target organizations IT team.
It is for this reason that OCGs now increasingly see a DDoS attack not as an end in itself but as a smokescreen for a subtler and more sophisticated malware attack. Falling prices in services such as DDoS attacks are evidence of a growing and increasingly competitive industry and should be seen as a warning of more smokescreen DDoS attacks.
Other types of hacking services are also freely available on the Dark Web. Phishing and spear phishing attacks are also being sold as a service. A standard phishing attack involves sending spoof emails in order to gather sensitive information such as passwords and financial data.
A spear phishing attack, on the other hand, is designed to send particularly convincing emails to selected individuals within a targeted organization. Often, a technique referred to as social engineering is used to discover personal details about an executive or selected staff member in order to make the fake email appear more convincing. In some cases, the spear phishing attack merely instructs the unsuspecting target to release a password or transfer funds to a bank account under the control of the OCG. In other cases, the spear phishing email comes with an attachment. Believing this to be from a bonafide source within his/her own organization, the victim of a spear phishing attack will innocently open what appear to be, for example, a straightforward Word document.
But the attachment also contains hidden malware which opens a back door into the target organization’s IT system, giving the OCG untrammeled access to the target organization’s entire database.
Another website active on the Dark Web gave details of an even more sophisticated form of malware, ransomware. This is the software widely used to hold corporations to ransom after encrypting their most sensitive data. Unless the target organization pays the ransom demand within a certain period of time, the files become permanently encrypted or destroyed.
All the malware needed to make these and other types of attack are now available on the Dark Web at a price. Given the growing industrialization and sophistication of malware-as-a-service, companies can expect an escalation in targeted attacks from OCGs.
In order to protect themselves against the newly industrialized cyber crime industry, companies must not continue to rely on traditional anti-virus software, which is virtually useless against modern malware. Instead, they must employ best-practice Twentieth Century software such as KCS Glasswall in order to halt spear phishing and other malware attacks.
This can identify incoming communications and stop anything that comes from an unknown or untrusted source.
Stuart Poole-Robb is the chief executive of the security, business intelligence and cyber security adviser, the KCS Group Europe.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.