Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/17/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The IT Backbone of Cybercrime

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.

As organizations increasingly adopt digital platforms, criminals are snapping at their heels, slavering to breach those platforms and steal money. The "Global Risks Report 2020," published by the World Economic Forum (WEF), notes that cybercrime will be the second most-worrisome risk for global business until at least 2030. Every year, the world's cybercriminals harvest at least $1.5 trillion in ill-gotten gains — as much as Russia's gross domestic product (GDP). If cybercrime was a country, its GDP would be the 13th largest on Earth.  

As anyone who's been paying attention knows, in recent years the market for compromised assets — stolen credit card data and other personal information — has ballooned. To supply this market, cybercriminals use various underground hosting and associated services — including bulletproof hosting, virtual private networks (VPNs), anonymizers, and distributed denial-of-service (DDoS) protection — to run their operations and keep them safe. Among other things, these services protect availability, keep the bad guys anonymous, block forensics, make physical locations hard to find, and enable IP spoofing.

The fact is, cybercrime is a highly developed sophisticated industry that makes big sales and uses the same marketing techniques and platforms as legal businesses do. Trend Micro found an ad for dedicated, compromised US-based servers with prices ranging from $3 to $6 for guaranteed 12-hour availability. Many such services are flogged on the Dark Web and are invitation-only; others are advertised and sold on well-known (and legal) platforms including Twitter, VK and Telegram.

The Blurry Distinction Between Cybercrime and Legitimate Business
Today, it's becoming hard to discern the difference between online crime and legitimate business. Some hosting providers serve legitimate clientele and sell their services openly on the Internet, but there's no doubt that some of their customers are resellers that deal only with criminals. The hosting company may or may not know this.

The so-called "bulletproof hosters" are typically linked to cybercrime. These are often regular hosting providers that are attempting to broaden their business by homing in on specific customers. The hosts are ready and willing to push the legal envelope for the customers — for a price. However, the potential for prosecution has driven most of this activity onto the Dark Web, where crypto-payments such as Bitcoin make it hard to identify bad actors. Here, in this place where no one trusts anyone, some markets use escrow payments to facilitate risky transactions. Some vendors even offer customer support and money-back guarantees on their services.

Criminals Target Each Other
An October 2019 report by Europol, the European law-enforcement agency, notes that DDoS attacks are among the biggest threats to international commerce. However, law-abiding companies aren't the only ones that suffer. Anyone who spends time checking out Dark Web services knows that many of them typically indicate an "uptime" — that is, the time when they aren't out of action because of a DDoS attack. This just goes to show that dirty tricks happen in every kind of business, legitimate or not. When one Dark Web vendor is targeted and taken offline, its customers have to go someplace else — perhaps, even, to the service that launched the attack.

These clandestine markets are vulnerable to DDoS attacks due to characteristics inherent in the Tor browser, a favorite among Dark Web users. In 2019, the Dark Web's three largest markets — including Dream Market, which was extorted to the tune of $400,000 — were all hit by major and prolonged DDoS attacks.

Tilting at Windmills
Now for a bit of technical geekery. A DDoS botnet requires command-and-control servers, but anyone using domain generation algorithms and similar tools can move their infrastructure faster than legal authorities can pinpoint it and take it out.

According to Europol, DDoS-for-hire "is a pressing issue, mainly due to how easily accessible it has become." The organization figures that stressor and booter services have made it much easier to get into cybercrime: for a small fee, almost anyone can unleash a DDoS attack with a mouse click, take websites offline, and clog networks with a flood of bogus traffic. The targeted organizations can be brutalized financially and reputationally, and customers lose access to vital services offered by financial institutions, governments, and police forces. The US Department of Homeland Security warns on its website that "over the past five years the scale of attacks has increased tenfold", and that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale".

Law enforcement and other groups are trying to prevent DDoS attacks, but often doing it taking down booter sites (that is, sites that let criminals rent access to a network of hacked or infected computers to launch DDoS attacks). But it's easy for the bad guys to put up new websites and keep on doing bad stuff. Some observers, including those behind this study, say that DDoS takedowns are useless. Even after 15 major DDoS-for-hire outfits were snared in a coordinated action by US and European law enforcement, the volume of DDoS traffic hitting victims didn't budge. In fact — in what may have been a deliberate poke in the eyes of legal crusaders — the number of DDoS-for-hire websites actually increased, the same study mentioned above concluded.

Time to Boost Cyber Resilience
Cybercrime spreads like wildfire, makes a ton of money for its perpetrators, and is far less likely to land them in jail than, say, bank robbery. In the United States, according to the WEF report, the chances of catching and prosecuting cybercriminals actors are as low as 0.05%.

The bottom line is that companies need to protect themselves against DDoS attacks by being strategic and proactive. As DDoS attacks become easier and less expensive to launch, the number and types of organizations they target is likely to continue to expand. Making matters worse, the growth of the Internet of Things will open up a universe of new and unprotected smart devices, while widespread adoption of 5G will cause the size of attacks to skyrocket far beyond the available internet bandwidth.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...