Cybercrime as a Service

Hijacking WhatsApp, encrypting hospital data and stealing corporate secrets. The world of cybercrime is varied and mysterious. But lately, cybercrime is getting more and more accessible for non-technical people. It is called Cybercrime as a Service and as you might have guessed, it is hacking on demand. But is it just as popular as the Netflix-subscription you probably have? Let’s find out!

Software as a Service is very common nowadays, this is a business model that suits the continuous development of a platform and by splitting the payments into small chunks, customers are prepared to pay more over a longer period of time compared to a bigger initial investment. One of the best examples for this must be Adobe, they first launched their Creative Cloud for Software as a Service in 2011. Starting to change the definition of ownership in terms of software. Today, people are used to paying small monthly amounts for services, you likely have a few yourself.

So the payment-model makes sense but if you pay for software, you will still need to know how to use it right? Sadly, no. It has been possible to hire servers with malicious software in them to launch attacks from for as long as the internet is around. But lately, there has been a change in this line of business. Hackers are developing dangerous software in a user-friendly way, enabling non-techies to use the software as well. And the weirdest thing is; some even have customer-support!

Since many people are working from home lately, there are increased security risks. Where a company only had to secure their systems for use within a secure and manageable network, now their devices can get exposed to many treats they did not have to deal with before. This means the attack-surface of companies is increasing when people are working from home. It comes to no surprise that cybercrime is increasing in the last few months because of this.

Common services these groups provide are DDoS-attacks and ransomware-attacks. DDoS-attacks or Distributed Denial of Service attacks are a popular way to disrupt the accessibility of a website or service. By using many different computers (commonly from a botnet) and making them request the same page on a website, the server will get overloaded and stops responding. Once this attack is stopped the server will mostly come back online. Ransomware-attacks are frequently in the news lately. By infecting machines without the user knowing it, it will spread within a network and once the command is given, it will start encrypting all the data on the network. This will make the data inaccessible without the encryption key. This key is mostly given after a payment is made. Additionally, some hackers are using this software in another way. Once they get the access they will try and extract sensitive data from the network before encrypting it. This data can be used as leverage to pay the ransom. Since a huge spike of network-traffic will most likely raise some concerns, this data is mostly extracted over a few months. This way the hacker does not rais any suspicion of his presence.

The danger of Cybercrime as a Service is not only the new people who would be able to use it but it also creates a passive income for the hackers that created it, enabling them to invest more time and money into the development of it. And don’t be mistaken, these hackers are not just bored 16-year olds. These are big organized criminal organizations. It might sound interesting to block access to the site of your competitor on an important day to increase your sales but when this kind of software is as accessible like this, the fallout can be enormous.

Since this kind of attacks are becoming more common, companies have to invest time and money into decent online security. By training employees, setting up secure environments, and gathering security-audits from external parties, you can greatly reduce the risk of falling victim to these attacks. If you are interested in a security-audit, please feel free to contact us, we are happy to help!