Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/9/2021
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Look to Banking as a Model for Stopping Crime-as-a-Service

The first step toward prevention is understanding the six most common CaaS services.

Cyber threats are growing in velocity and volume at an unprecedented pace. Cybercriminals have taken every advantage of new capabilities to grow and prosper, which, coupled with the pandemic and a sharp increase in remote work and cloud access, has opened the door to new vulnerabilities. If there's one thing that fuels the actions of bad actors, it's an opportunity to strike.

Less-experienced threat actors are entering the space in hopes of easy returns, but an even bigger challenge is how quickly these experienced professionals engage in crime-as-a-service (CaaS). These professional individuals and criminal organizations are developing advanced tools and packaged services and then selling them to other criminals who are usually less experienced. These hackers can then carry out complex attacks at desired scale and on selected victims. 

Related Content:

Banks and the New Abnormal

Special Report: 2020 State of Cybersecurity Operations and Incident Response

New From The Edge: Security + Fraud Protection: Your One-Two Punch Against Cyberattacks


Monitoring for these threats is the challenge that organizations, governments, and their security teams battle on a daily basis. The first step to addressing the issue is understanding the most common and trending CaaS services. The six most common CaaS services include:

Phishing 
Phishing continues to be one of the top attack vectors used to compromise organizations, so it is little wonder that the commoditization of these capabilities has dramatically increased. Phishing kits, as well as phishing platforms, are readily available on the Dark Web for as low as $2 to $10 to facilitate the attack on an organization. Furthermore, these kits and platforms are customizable with little knowledge or skill required and have various levels of automation making these very attractive to criminals.

Exploit Kits
These include the development of exploit code and tools to exploit known vulnerabilities. One of the most popular kits, RIG, is just $150 a week to use and can spread ransomware, Trojans, and other forms of malware. It has a large network of resellers with a complex business structure making it accessible and affordable for criminals. However, due to the increase of automatic updates in browsers and the reduction of Flash usage, since 2016 exploit kits have become less prevalent.

DDoS Services
No longer does a criminal group need to build up a botnet to launch an attack on a target. Today, they can rent these services on demand. The time it takes to launch an attack is minimal and the infrastructure can be spun up and spun down quickly and efficiently, making it harder to track and mitigate. Services that are built around distributed denial of service (DDoS) are also cheap and accessible with many providers offering subscription plans on the Dark Web. For example, plans on the cheaper side run for $5 a month with one concurrent attack at a 300-second attack time. More expensive plans are $60 a month with one concurrent attack at a 10,800-second attack time. All of this makes DDoS services especially dangerous due to the ease with which they can be carried out, and the profits they can create for criminals, with some estimates putting margins at 95% per attack.

Ransomware-as-a-Service (RaaS)
Similar to DDoS services, cybercriminals can leverage purpose-built ransomware services to target a victim, alleviating the need for a lot of technical knowledge. These services provide not only the technical depth and skills, but they provide all the information needed to carry out an attack. RaaS has a varying amount of prices and payment models, with some being subscription-based, flat fee, or profit-sharing. Amounts can be as low as $40 and range upward into the thousands for large targets.

Research-as-a-Service
This involves legal or illegal collection of information on targeted victims as well as the resale of stolen personal data, such as compromised credentials. It can also include the selling of information about potential exploits within software or systems.

Digital Currency
Cryptocurrencies are a widely used method by cybercriminals in order to transfer and collect funds due to their anonymity, ease of use, and lack of international borders and restrictions — things that make using a traditional bank difficult for criminals. Cryptocurrency accounts generally do not require the user to provide any personal information and their location, and also allow the usage of multiple accounts at once.

Lessons From Banking
The next step is insisting on something often talked about but far less easily enabled: collaboration. We have seen good examples of how cybersecurity teams are working more closely with other internal parties, especially in the banking sector. Some of the major UK and European banks have been operating with an organizational structure where financial crime and cybersecurity teams have been part of the same business unit for over 10 years, driven by the natural synergy between these functions. 

This has created significant progress. With the convergence of cyber and financial crime teams, the industry has seen the emergence of the fusion center which can be thought of as an advanced version of the security operations center (SOC) management model, unifying several different teams within an organization, such as fraud, financial crime, and cyber. By bringing together these units, organizations can increase situational awareness, share analytics and threat intelligence more easily, have increased attractiveness to talent, and have a standard framework for procedures. 

Combating cybercrime and disrupting the illegal economy can then be done to a more effective degree by having more transparent management, establishing an end-to-end operating model, and allowing easier collaboration and consolidation on relevant threats and actions. Another benefit of the fusion center is the removal of otherwise undetected duplicated resources and labor, improving efficiency and saving costs.

This is one tangible example of how a lot of good ideas and discussion become collaborative action that creates positive change. Just as cybercriminals continue to share information, coordinate, and evolve their capabilities, so must we.

David Fairman, CSO, APACDavid Fairman is the Chief Security Officer for the APAC region of Netskope - the leading security cloud. He is an experienced strategic advisor, investor and coach in the global financial services sector and has held CSO/CISO roles at the National ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "Elon, I think our cover's been blown."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31597
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
CVE-2021-2299
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...