Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/17/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The IT Backbone of Cybercrime

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.

As organizations increasingly adopt digital platforms, criminals are snapping at their heels, slavering to breach those platforms and steal money. The "Global Risks Report 2020," published by the World Economic Forum (WEF), notes that cybercrime will be the second most-worrisome risk for global business until at least 2030. Every year, the world's cybercriminals harvest at least $1.5 trillion in ill-gotten gains — as much as Russia's gross domestic product (GDP). If cybercrime was a country, its GDP would be the 13th largest on Earth.  

As anyone who's been paying attention knows, in recent years the market for compromised assets — stolen credit card data and other personal information — has ballooned. To supply this market, cybercriminals use various underground hosting and associated services — including bulletproof hosting, virtual private networks (VPNs), anonymizers, and distributed denial-of-service (DDoS) protection — to run their operations and keep them safe. Among other things, these services protect availability, keep the bad guys anonymous, block forensics, make physical locations hard to find, and enable IP spoofing.

The fact is, cybercrime is a highly developed sophisticated industry that makes big sales and uses the same marketing techniques and platforms as legal businesses do. Trend Micro found an ad for dedicated, compromised US-based servers with prices ranging from $3 to $6 for guaranteed 12-hour availability. Many such services are flogged on the Dark Web and are invitation-only; others are advertised and sold on well-known (and legal) platforms including Twitter, VK and Telegram.

The Blurry Distinction Between Cybercrime and Legitimate Business
Today, it's becoming hard to discern the difference between online crime and legitimate business. Some hosting providers serve legitimate clientele and sell their services openly on the Internet, but there's no doubt that some of their customers are resellers that deal only with criminals. The hosting company may or may not know this.

The so-called "bulletproof hosters" are typically linked to cybercrime. These are often regular hosting providers that are attempting to broaden their business by homing in on specific customers. The hosts are ready and willing to push the legal envelope for the customers — for a price. However, the potential for prosecution has driven most of this activity onto the Dark Web, where crypto-payments such as Bitcoin make it hard to identify bad actors. Here, in this place where no one trusts anyone, some markets use escrow payments to facilitate risky transactions. Some vendors even offer customer support and money-back guarantees on their services.

Criminals Target Each Other
An October 2019 report by Europol, the European law-enforcement agency, notes that DDoS attacks are among the biggest threats to international commerce. However, law-abiding companies aren't the only ones that suffer. Anyone who spends time checking out Dark Web services knows that many of them typically indicate an "uptime" — that is, the time when they aren't out of action because of a DDoS attack. This just goes to show that dirty tricks happen in every kind of business, legitimate or not. When one Dark Web vendor is targeted and taken offline, its customers have to go someplace else — perhaps, even, to the service that launched the attack.

These clandestine markets are vulnerable to DDoS attacks due to characteristics inherent in the Tor browser, a favorite among Dark Web users. In 2019, the Dark Web's three largest markets — including Dream Market, which was extorted to the tune of $400,000 — were all hit by major and prolonged DDoS attacks.

Tilting at Windmills
Now for a bit of technical geekery. A DDoS botnet requires command-and-control servers, but anyone using domain generation algorithms and similar tools can move their infrastructure faster than legal authorities can pinpoint it and take it out.

According to Europol, DDoS-for-hire "is a pressing issue, mainly due to how easily accessible it has become." The organization figures that stressor and booter services have made it much easier to get into cybercrime: for a small fee, almost anyone can unleash a DDoS attack with a mouse click, take websites offline, and clog networks with a flood of bogus traffic. The targeted organizations can be brutalized financially and reputationally, and customers lose access to vital services offered by financial institutions, governments, and police forces. The US Department of Homeland Security warns on its website that "over the past five years the scale of attacks has increased tenfold", and that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale".

Law enforcement and other groups are trying to prevent DDoS attacks, but often doing it taking down booter sites (that is, sites that let criminals rent access to a network of hacked or infected computers to launch DDoS attacks). But it's easy for the bad guys to put up new websites and keep on doing bad stuff. Some observers, including those behind this study, say that DDoS takedowns are useless. Even after 15 major DDoS-for-hire outfits were snared in a coordinated action by US and European law enforcement, the volume of DDoS traffic hitting victims didn't budge. In fact — in what may have been a deliberate poke in the eyes of legal crusaders — the number of DDoS-for-hire websites actually increased, the same study mentioned above concluded.

Time to Boost Cyber Resilience
Cybercrime spreads like wildfire, makes a ton of money for its perpetrators, and is far less likely to land them in jail than, say, bank robbery. In the United States, according to the WEF report, the chances of catching and prosecuting cybercriminals actors are as low as 0.05%.

The bottom line is that companies need to protect themselves against DDoS attacks by being strategic and proactive. As DDoS attacks become easier and less expensive to launch, the number and types of organizations they target is likely to continue to expand. Making matters worse, the growth of the Internet of Things will open up a universe of new and unprotected smart devices, while widespread adoption of 5G will cause the size of attacks to skyrocket far beyond the available internet bandwidth.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.