Look to Banking as a Model for Stopping Crime-as-a-Service

The first step toward prevention is understanding the six most common CaaS services.

David Fairman & Samantha Van Stokrom, CSO, APAC / Sales Engineer

March 9, 2021

5 Min Read

Cyber threats are growing in velocity and volume at an unprecedented pace. Cybercriminals have taken every advantage of new capabilities to grow and prosper, which, coupled with the pandemic and a sharp increase in remote work and cloud access, has opened the door to new vulnerabilities. If there's one thing that fuels the actions of bad actors, it's an opportunity to strike.

Less-experienced threat actors are entering the space in hopes of easy returns, but an even bigger challenge is how quickly these experienced professionals engage in crime-as-a-service (CaaS). These professional individuals and criminal organizations are developing advanced tools and packaged services and then selling them to other criminals who are usually less experienced. These hackers can then carry out complex attacks at desired scale and on selected victims. 

Monitoring for these threats is the challenge that organizations, governments, and their security teams battle on a daily basis. The first step to addressing the issue is understanding the most common and trending CaaS services. The six most common CaaS services include:

Phishing continues to be one of the top attack vectors used to compromise organizations, so it is little wonder that the commoditization of these capabilities has dramatically increased. Phishing kits, as well as phishing platforms, are readily available on the Dark Web for as low as $2 to $10 to facilitate the attack on an organization. Furthermore, these kits and platforms are customizable with little knowledge or skill required and have various levels of automation making these very attractive to criminals.

Exploit Kits
These include the development of exploit code and tools to exploit known vulnerabilities. One of the most popular kits, RIG, is just $150 a week to use and can spread ransomware, Trojans, and other forms of malware. It has a large network of resellers with a complex business structure making it accessible and affordable for criminals. However, due to the increase of automatic updates in browsers and the reduction of Flash usage, since 2016 exploit kits have become less prevalent.

DDoS Services
No longer does a criminal group need to build up a botnet to launch an attack on a target. Today, they can rent these services on demand. The time it takes to launch an attack is minimal and the infrastructure can be spun up and spun down quickly and efficiently, making it harder to track and mitigate. Services that are built around distributed denial of service (DDoS) are also cheap and accessible with many providers offering subscription plans on the Dark Web. For example, plans on the cheaper side run for $5 a month with one concurrent attack at a 300-second attack time. More expensive plans are $60 a month with one concurrent attack at a 10,800-second attack time. All of this makes DDoS services especially dangerous due to the ease with which they can be carried out, and the profits they can create for criminals, with some estimates putting margins at 95% per attack.

Ransomware-as-a-Service (RaaS)
Similar to DDoS services, cybercriminals can leverage purpose-built ransomware services to target a victim, alleviating the need for a lot of technical knowledge. These services provide not only the technical depth and skills, but they provide all the information needed to carry out an attack. RaaS has a varying amount of prices and payment models, with some being subscription-based, flat fee, or profit-sharing. Amounts can be as low as $40 and range upward into the thousands for large targets.

This involves legal or illegal collection of information on targeted victims as well as the resale of stolen personal data, such as compromised credentials. It can also include the selling of information about potential exploits within software or systems.

Digital Currency
Cryptocurrencies are a widely used method by cybercriminals in order to transfer and collect funds due to their anonymity, ease of use, and lack of international borders and restrictions — things that make using a traditional bank difficult for criminals. Cryptocurrency accounts generally do not require the user to provide any personal information and their location, and also allow the usage of multiple accounts at once.

Lessons From Banking
The next step is insisting on something often talked about but far less easily enabled: collaboration. We have seen good examples of how cybersecurity teams are working more closely with other internal parties, especially in the banking sector. Some of the major UK and European banks have been operating with an organizational structure where financial crime and cybersecurity teams have been part of the same business unit for over 10 years, driven by the natural synergy between these functions. 

This has created significant progress. With the convergence of cyber and financial crime teams, the industry has seen the emergence of the fusion center which can be thought of as an advanced version of the security operations center (SOC) management model, unifying several different teams within an organization, such as fraud, financial crime, and cyber. By bringing together these units, organizations can increase situational awareness, share analytics and threat intelligence more easily, have increased attractiveness to talent, and have a standard framework for procedures. 

Combating cybercrime and disrupting the illegal economy can then be done to a more effective degree by having more transparent management, establishing an end-to-end operating model, and allowing easier collaboration and consolidation on relevant threats and actions. Another benefit of the fusion center is the removal of otherwise undetected duplicated resources and labor, improving efficiency and saving costs.

This is one tangible example of how a lot of good ideas and discussion become collaborative action that creates positive change. Just as cybercriminals continue to share information, coordinate, and evolve their capabilities, so must we.

About the Author(s)

David Fairman & Samantha Van Stokrom

CSO, APAC / Sales Engineer

David Fairman, CSO, APAC
David Fairman is the Chief Security Officer for the APAC region of Netskope - the leading security cloud. He is an experienced strategic advisor, investor and coach in the global financial services sector and has held CSO/CISO roles at the National Australia Bank, the Royal Bank of Canada and the Royal Bank of Scotland. David began his career in Information Security while serving in the Royal Australian Air Force's Electronic Warfare and Communications group, where he focused on technology, policy and security & risk management, followed by a variety of senior roles in technology and cyber.

David holds a number of positions on boards of directors and advises VC funds and Cyber Security companies. He co-authored "Cyber Risk" (2016) and co-edited "Fintech: Growth and Deregulation," published by Risk Books, and has taught at the University of New York, the University of Toronto, and Deakin University in Australia.

Samantha Van Stokrom, Sales Engineer
Samantha Van Stokrom is a Sales Engineer at Netskope, a position she secured after a successful 6 month internship with Netskope in the same role. In her position, Samantha supports the sales process for Netskope's various product offerings. She will graduate from Deakin University with a Bachelor of Cyber Security and Law in 2022. LinkedIn.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights