Here’s a late night infomercial for you: How’s that burger flipping going? That cubicle working out ok? Anyway, I’m sure your boss is such a nice guy. Guess what! If you’re interested in a career in criminal hacking, you don’t even need a computer! This special, one-time offer comes to you right now from the Internet! Get your credit card ready!
Yes people, it’s right here, right now and this is no joke. Everything you need to conduct cybercrime can now be outsourced—getting target emails, conducting research, creating malware, executing an attack—all of it! Today’s cybercriminals don’t need great technical expertise, or even to own a computer. Everything is available for a price.
I often hear people say, “If criminals just used their skills for good, think of how much money they could make and how much better the world would be.” The sad fact is the bad guys can make in one day what the good guys make in a year.
In the paper “Cybercrime Exposed: The cybercrime economy and its services-based nature” Raj Samani, vice president and CTO of McAfee exposes the shift that has placed cybercrime in the hands of everyday people. The growth of cybercrime “as-a-service” business model allows cybercriminals to execute attacks at considerably less expense than ever before. From renting services to buying emails lists for a small sum, the types of exploits that are now available with a click of the button are shocking.
The four categories of cybercrime as a service are:
- Research-as-a-Service—One of the primary items research is used is the discovery and identification of vulnerabilities in software or operating systems. The sale of this information can be used for bad or good, so this is why this is considered a gray market. Where is becomes cybercrime is when these knowledge of these vulnerabilities is sold on the black market so cybercriminals can use the “holes” to exploit users.
- Crimeware-as-a-Service—This is what you’d expect to find for sale in the black market. It involves the sale of tools, or development of tools that can be used by the bad guys to carry out a cybercrmine attack. It also includes the sale of hardware that may be used for financial fraud (for example, card skimming) or equipment used to hack into systems.
- Cybercrime Infrastructure-as-a-Service—Once the toolset has been developed, cybercriminals are faced with the challenge of delivering their exploits to their intended victims. An example of cybercrime infrastructure is the rental of a network of computers controlled by a hacker (known as a botnet) to carry out a denial-of-service (DoS) attack (where the criminal floods a target website with large amounts of traffic so users can’t access the site).
- Hacking-as-a-Service—Acquiring the individual components of an attack remains one option; but there are services that allow a criminal to outsource everything about the attack. This path requires minimal technical expertise, although it is likely to cost more than acquiring individual components and if often used by criminals wanting to obtain information such as bank credentials, credit card data, and login details to particular websites.
While the news is grim, the solutions are not. Here’s what you can do to protect yourself from the bad guys.
- For starters, use comprehensive security on all your devices, like McAfee All Access, that includes antivirus, anti-phishing, anti-spyware and anti-spam, and a firewall
- Keep your browser and your devices’ operating systems updated to make sure you receive critical security patches
- Beware of any emails that might contain infected links
- Secure your wireless connection by using encryption
And if you do decide to go into the business of being a criminal, make sure you have money in reserves for a lawyer because law enforcement and companies like McAfee are relentless in the pursuit of criminal groups or networks who steal your money, your information, or your identity and of those who engage in online abuse of children.