By now, we all have a fair idea on IT abbreviations such as SaaS (Software-as-a-Service) and PaaS (Platform-as-a-Service). Here’s a relatively new service Cybercrime-as-a-Service or Crimeware-as-a-Service that is removing the entry level barriers to launch cyber attacks. It’s a service that’s fast catching up in Internet’s underground. The kits are available for as low as $2-10.
There are a few premium services that are available at $100-700 a week that comes with value-added services like 24/7 support. Why, even hourly packages too are being offered.
Like in SaaS and PaaS, cyber criminals are offering infrastructure amateur hackers and resource-poor hackers who want to make a quick buck by doing online scams and botnet attacks. They rent the infrastructure that they ‘acquired’ by infecting them malicious software, facilitating the small players to launch their own online scams.
Matured hackers are not interested in attacking a single individual for attacks. They steal sensitive user credentials in large numbers and sell the info underground for individual hackers and groups. Stealing users’ information in large numbers is an old practice in the underground.
They build botnets (the network of computers that are compromised) and rent the networks and other IT infrastructure that has been taken under their control.
“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have expensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off. We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams,” Tarun kaura, Director (Solution Product management for Asia-Pacific and Japan) of Symantec, points out.
“There is a strong competition in the marketplace for this service and this could lead to innovation to provide more advanced, differentiated and stealthier services,” a senior executive of RSA said, pointing out that there was a fierce competition in this space.
The differentiators could include enabling interactions with the victims or providing control panel options for extending the lock period (of PCs that are under their control).
Other offersIn order to attract new users, the cybercrime-as-a-service players are coming out with offers such as Try-before-you-buy and money back guarantees for fraud services.
Security experts have also noticed growing collaboration between different CaaS players. They are joining hands to build phishing kits and put them on sale to other scammers who want to quickly launch information-stealing campaigns.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.