Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/11/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How to Help Spoil the Cybercrime Economy

Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.

The key commodities prices of oil, grains, sugar, and cotton don't just affect business sectors as they rise and fall with supply and demand: They also drive global trading activity and form the foundation of the world economy. The same applies to cybercrime.  

The prices for key "goods" in the underground economy — pilfered credentials, hacked accounts, or payment card information — doesn't only mirror fluctuations in supply and usage. They also determine the kinds of attacks criminals will launch. This should come as no surprise. Criminals are businesspeople, after all, and they want to maximize their return on investment. 

The recently released Dark Web Price Index 2020 reveals current average prices for a selection of cybercrime commodities available "on demand." Stolen credit card details start at $12 each, and online banking details at $35. "Fullz" (full identity) prices are around $18, which is less than it was a couple of years ago because a series of large breaches created an oversupply of personally identifiable information. A basic malware attack on targets on Europe or the US costs $300, and a targeted distributed denial-of-service (DDoS) attack goes for $10 per hour.

Extortion Evolves
These rates shed light on a big shift in cybercrime since 2018: the move away from ransomware and toward DDoS attacks that attempt to extort money from their targets. Ransomware is old school and was deployed only on a fairly small scale because it couldn't be spread without help from unwitting users. As a result, most attacks tended to be limited to scrambling data on a few PCs or servers. 

Later, in 2017, the infamous EternalBlue exploit changed everything. Ransomware created to take advantage of it — such as WannaCry and NotPetya — could spread without assistance to any unprotected company computer. If even a single user opened a malicious attachment, the organization's network could be taken down in minutes, making it easy for bad actors to demand payoffs. 

This drove a spate of ransomware attacks that lasted for about a year and a half. It also compelled organizations to install EternalBlue patches and implement extra security measures so attacks became less successful. High-end malware like WannaCry and NotPetya require financial and human resources to develop, and blockbuster exploits like EternalBlue are rare. As a result, ransomware use has dropped. Today, it's once again being used as a tool for targeted attacks.

DDoS Deeds, Done Dirt Cheap
As ransomware use has waned (for now), DDoS attacks have become the go-to weapon for online extortion. As we've seen, thanks to the proliferation of Dark Web services, it doesn't cost much to unleash a damaging attack — some DDoS-for-hire services cost just $10 per hour or $60 for 24 hours. The "salespeople" even offer volume discounts. 

One reason why DDoS attacks are so inexpensive is that, more and more, the people offering DDoS-for-hire services are leveraging the scale and bandwidth of the various public clouds, providing more artillery firepower than ever. Research by Link11 reveals that the year-over-year share of attacks using public clouds ballooned by 64% — from 31% in the second half of 2018 to 51% in second half of 2019. (Full disclosure: I'm the COO of Link11.) It's easy to set up public cloud accounts using a cheap fake ID and an equally cheap stolen credit card — thanks again, Dark Web! — and simply rent the accounts to whoever has an attack target in mind. If the credit card stops working, no problem. They're (almost) a dime a dozen. Because they're so easy to procure, often DDoS attacks are used to produce a smoke screen to keep IT teams busy and cover up a targeted hacking campaign.

Making matters worse, it's not terribly risky to run or rent these services. According to the World Economic Forum's "Global Risks Report 2020" report, in the United States, the chances of a cybercrime actor being caught and prosecuted are almost nil (0.05%). At the same time, the business impact on targeted companies is massive. IBM's "Cost of a Data Breach Report" pegs the average total cost of a security breach at $3.92 million.

These days, because of the COVID-19 pandemic, organizations around the globe are embracing remote work at unprecedented levels. This has made the online services of all kinds — from governments to banks to e-commerce or e-gaming — more vulnerable to criminals, and DDoS attacks more alluring as a means of extortion. Like the best business propositions, such attacks don't cost much and can reap excellent returns. On the target's side, when online connections are halted or significantly slowed for even a few hours, employees' work is disrupted, customers can't buy anything, and the organization's revenues and public image are damaged. 

Make Sure Crime Doesn't Pay
With DDoS attacks growing heavily in size, multiple times larger than the available internet bandwidth, on premise solutions are turning into a toothless tiger. If a large attack hits an organization, the pipe is doomed to collapse before any local hardware can start interfering. As a result, the ISP is going to discard (black hole) all traffic for the duration of the attack, making the organization inaccessible to anyone. To ward off new flood of DDoS extortion attacks and prevent having to pay ransom money to cybercriminals, organizations need to protect their IT infrastructure using cloud-based services capable of fending off even large-scale attacks. These route all IP traffic to the organization's networks to an external cloud service that automatically and instantly filters out all malicious traffic using AI wizardry and ML to spot anomalies — before an attack can take down mission-critical services. Such an off-premise-service is usually underpinned by a multi-terabit MPLS network, capable of absorbing even large-scale attacks.

There's no doubt the cybercrime economy will continue to be a bonanza for the evildoers who know how it works. But organizations can still avoid feeding the beast.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.