The Rise of the Cybercrime Marketplace
In the everything-as-a-service era, cybercriminals have embraced the same business model, offering their illicit wares and capabilities in neatly packaged, pay-per-use services. The cybercrime marketplace has evolved into a managed services industry, where skilled hackers sell their tools and exploits to those with less technical expertise. This trend has dramatically lowered the barrier to entry for would-be cybercriminals, allowing even novices to successfully execute sophisticated cyberattacks.
The commoditization of cybercrime infrastructure, often referred to as “crimeware-as-a-service,” has fueled a surge in attack volumes. Malicious actors no longer need to possess advanced coding skills or invest in developing their own tools. Instead, they can simply rent botnets for distributed denial-of-service (DDoS) attacks, purchase malware to underpin ransomware efforts, or acquire phishing kits – all with the ease of an e-commerce transaction.
This trend has not gone unnoticed by global cybersecurity authorities and law enforcement agencies. A joint advisory issued in February 2022 by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the National Security Agency, the Australian Cyber Security Centre, and the UK’s National Cyber Security Centre (NCSC) highlighted the growing “professionalization” of the ransomware market and the rise in cybercriminal services-for-hire.
Ransomware-as-a-Service: The Gateway to Easier Extortion
At the forefront of the crimeware-as-a-service phenomenon is the proliferation of ransomware-as-a-service (RaaS) platforms. RaaS essentially provides “pay-per-use” malware that can be used to encrypt or steal data, with the goal of extracting a ransom payment from the victim organization.
Under the RaaS model, the malware developer offers their software to “affiliates,” who then deploy the exploit to encrypt or hold data hostage. Typically, the malware creator receives a percentage of the ransom paid by the victim. This arrangement benefits both parties – the malware developer can grow their revenue streams at lower risk, while the affiliate can pursue profitable exploits with little technical skill or long-term investment.
It’s estimated that as many as two-thirds of ransomware attacks are enabled by the RaaS model, and its use is on the rise. A recent report noted that the surge in RaaS offerings in 2021 “lowered the barriers to entry for threat actors, putting highly-effective malware in the hands of more operators.” This has resulted in record-high ransomware incidents, a trend that is expected to continue accelerating in 2022.
The Expanding Cybercrime Ecosystem
The commoditization of ransomware operations doesn’t stop at the malware itself. RaaS operators often provide comprehensive “full-service” offerings, including customer support for affiliates during ransomware campaigns, as well as handling ransom payments and decryption key access.
Additionally, the cybercrime ecosystem has expanded to include specialized roles, such as initial access brokers (IABs) – individuals who find vulnerabilities within organizations and sell that access to ransomware threat actors. The CISA advisory revealed that some cybercriminals also use independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes.
The Phishing-as-a-Service Phenomenon
Phishing remains the top infection vector for ransomware incidents, according to the latest CISA advisory. Here, too, the managed services approach has taken hold, with would-be bad actors able to license pre-made phishing attacks, known as phishing kits, available on the dark web and online marketplaces.
These phishing kits are essentially ready-to-go .zip files packed with the code and resources required to deploy a phishing attack on a web server. As the nefarious application of artificial intelligence (AI) for cybercrime grows, experts warn that AI-enabled phishing and crimeware-as-a-service are likely to emerge as well.
Combating the Commoditization of Cybercrime
The proliferation of crimeware-as-a-service has significantly complicated law enforcement efforts to curb the rise in cybercrime. While government agencies work to address these issues, organizations must ensure their systems are adequately protected and their users remain vigilant.
Implementing robust cybersecurity practices, such as regular backups, network segmentation, employee training, and effective threat detection and response solutions, can help organizations stay ahead of the curve. Managed Detection and Response (MDR) services and next-generation Security Incident and Event Management (SIEM) platforms with threat-hunting capabilities can also prove beneficial, especially for small and medium-sized businesses (SMBs) with limited resources.
Additionally, integrating threat intelligence and Security Orchestration Automation and Response (SOAR) capabilities can enable organizations to quickly identify and respond to ransomware attacks, isolating the exploit early on and guiding the team through the remediation process.
While prevention is always better than a cure, it’s crucial to remember that paying a ransom does not guarantee the problem will go away. Attackers may choose to publish the stolen data anyway, and the organization will still need to disclose the breach and comply with relevant regulations. By taking a comprehensive approach to ransomware detection and prevention, businesses can significantly reduce the risk of falling victim to these devastating attacks in the first place.
Staying Ahead of the Curve
As the cybercrime-as-a-service marketplace continues to evolve, organizations must remain vigilant and proactive in their approach to cybersecurity. By understanding the tactics and techniques employed by these malicious actors, and implementing robust security measures, businesses can better protect themselves and their valuable data.
To stay ahead of the curve, it’s essential for IT professionals and business leaders to regularly stay informed about the latest trends and developments in the world of cybercrime. Regularly visiting the IT Fix blog can provide valuable insights and practical tips to help organizations strengthen their defenses against the ever-evolving threat of malware-as-a-service.
