The rise and rise of Cybercrime as a Service

When cybercriminals wanted to launch cyberattacks, they once had to know how to code. No longer. Bad actors can now search among any number of underground online sites to buy or lease potent cyberweapons.

In the market for a Russian DDoS booter rental? That costs just $60 for the day or $400 for a week’s lease. Orders over $500 qualify for 10 percent discounts — 15 percent off if you place orders in excess of $1,000.

How about a nifty ransomware kit? One month rentals are available for $1,000. Maybe that’s a bit dear for some, but just think of the return on investment! Besides, prospective customers can test drive the product for 48 hours to see whether they like it.

This is just a brief snapshot. Fact is that illicit businesses on dark web services and other environments host a variety of hidden services and marketplaces that sell the tools of the trade for criminals to rent or buy to launch cyberattacks.

Cybercrime-as-a-service — along with attacks-as-a-service, malware-as-a-service and fraud-as-a-service — has opened a wide digital door to anyone looking to score a quick, illicit buck on the internet.

That’s a big deal. The customers for these wares don’t need to be technically sophisticated anymore. Novices not only can participate but also are being wooed: Many online marketplaces on the dark web actually tout the technical support they can supply to anyone who requires extra handholding. The cybercrime-for-hire business appears to be so robust that hacker gangs reportedly are hard-pressed to keep up with demand.

The presence of this flourishing “as-a-service” market has also attracted growing interest from traditional criminals. These individuals and groups are making use of the service-based nature of the cybercrime market. Researchers at Cambridge found that more than half of the convicted cybercriminals in the UK had records for traditional offences, such as burglary.

From an enterprise security standpoint, the technology threats remain the same. The difference is the number of people who are now able to get involved in cybercrime.

The battle is joined

Even though there’s no evidence that this new cohort of attackers is particularly tech-savvy or poses unique challenges, that’s no solace to organizations that will be in the crosshairs. 

The good news is that IT security experts, who have battled malicious hackers for decades, can apply the knowledge and lessons learned from past experience to meet this new challenge.

As always, it comes down to vigilance in following basic security principles around defense-in-depth along with the promulgation of best practices for employees.

It also speaks to the need to constantly review the existing network infrastructure to analyze potential attack openings, plugging up any gaps in the organization’s defense that may exist.

What’s changed is the need to adjust to the morphing nature of the threat landscape. Attacks are going to come faster and more frequently than ever, and security practitioners need to treat this as the new normal. Otherwise, it’s the same blocking-and tackling that’s helped enterprises deter attacks in the past.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.

Copyright © 2017 IDG Communications, Inc.