Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/11/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How to Help Spoil the Cybercrime Economy

Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.

The key commodities prices of oil, grains, sugar, and cotton don't just affect business sectors as they rise and fall with supply and demand: They also drive global trading activity and form the foundation of the world economy. The same applies to cybercrime.  

The prices for key "goods" in the underground economy — pilfered credentials, hacked accounts, or payment card information — doesn't only mirror fluctuations in supply and usage. They also determine the kinds of attacks criminals will launch. This should come as no surprise. Criminals are businesspeople, after all, and they want to maximize their return on investment. 

The recently released Dark Web Price Index 2020 reveals current average prices for a selection of cybercrime commodities available "on demand." Stolen credit card details start at $12 each, and online banking details at $35. "Fullz" (full identity) prices are around $18, which is less than it was a couple of years ago because a series of large breaches created an oversupply of personally identifiable information. A basic malware attack on targets on Europe or the US costs $300, and a targeted distributed denial-of-service (DDoS) attack goes for $10 per hour.

Extortion Evolves
These rates shed light on a big shift in cybercrime since 2018: the move away from ransomware and toward DDoS attacks that attempt to extort money from their targets. Ransomware is old school and was deployed only on a fairly small scale because it couldn't be spread without help from unwitting users. As a result, most attacks tended to be limited to scrambling data on a few PCs or servers. 

Later, in 2017, the infamous EternalBlue exploit changed everything. Ransomware created to take advantage of it — such as WannaCry and NotPetya — could spread without assistance to any unprotected company computer. If even a single user opened a malicious attachment, the organization's network could be taken down in minutes, making it easy for bad actors to demand payoffs. 

This drove a spate of ransomware attacks that lasted for about a year and a half. It also compelled organizations to install EternalBlue patches and implement extra security measures so attacks became less successful. High-end malware like WannaCry and NotPetya require financial and human resources to develop, and blockbuster exploits like EternalBlue are rare. As a result, ransomware use has dropped. Today, it's once again being used as a tool for targeted attacks.

DDoS Deeds, Done Dirt Cheap
As ransomware use has waned (for now), DDoS attacks have become the go-to weapon for online extortion. As we've seen, thanks to the proliferation of Dark Web services, it doesn't cost much to unleash a damaging attack — some DDoS-for-hire services cost just $10 per hour or $60 for 24 hours. The "salespeople" even offer volume discounts. 

One reason why DDoS attacks are so inexpensive is that, more and more, the people offering DDoS-for-hire services are leveraging the scale and bandwidth of the various public clouds, providing more artillery firepower than ever. Research by Link11 reveals that the year-over-year share of attacks using public clouds ballooned by 64% — from 31% in the second half of 2018 to 51% in second half of 2019. (Full disclosure: I'm the COO of Link11.) It's easy to set up public cloud accounts using a cheap fake ID and an equally cheap stolen credit card — thanks again, Dark Web! — and simply rent the accounts to whoever has an attack target in mind. If the credit card stops working, no problem. They're (almost) a dime a dozen. Because they're so easy to procure, often DDoS attacks are used to produce a smoke screen to keep IT teams busy and cover up a targeted hacking campaign.

Making matters worse, it's not terribly risky to run or rent these services. According to the World Economic Forum's "Global Risks Report 2020" report, in the United States, the chances of a cybercrime actor being caught and prosecuted are almost nil (0.05%). At the same time, the business impact on targeted companies is massive. IBM's "Cost of a Data Breach Report" pegs the average total cost of a security breach at $3.92 million.

These days, because of the COVID-19 pandemic, organizations around the globe are embracing remote work at unprecedented levels. This has made the online services of all kinds — from governments to banks to e-commerce or e-gaming — more vulnerable to criminals, and DDoS attacks more alluring as a means of extortion. Like the best business propositions, such attacks don't cost much and can reap excellent returns. On the target's side, when online connections are halted or significantly slowed for even a few hours, employees' work is disrupted, customers can't buy anything, and the organization's revenues and public image are damaged. 

Make Sure Crime Doesn't Pay
With DDoS attacks growing heavily in size, multiple times larger than the available internet bandwidth, on premise solutions are turning into a toothless tiger. If a large attack hits an organization, the pipe is doomed to collapse before any local hardware can start interfering. As a result, the ISP is going to discard (black hole) all traffic for the duration of the attack, making the organization inaccessible to anyone. To ward off new flood of DDoS extortion attacks and prevent having to pay ransom money to cybercriminals, organizations need to protect their IT infrastructure using cloud-based services capable of fending off even large-scale attacks. These route all IP traffic to the organization's networks to an external cloud service that automatically and instantly filters out all malicious traffic using AI wizardry and ML to spot anomalies — before an attack can take down mission-critical services. Such an off-premise-service is usually underpinned by a multi-terabit MPLS network, capable of absorbing even large-scale attacks.

There's no doubt the cybercrime economy will continue to be a bonanza for the evildoers who know how it works. But organizations can still avoid feeding the beast.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...