Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/17/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The IT Backbone of Cybercrime

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.

As organizations increasingly adopt digital platforms, criminals are snapping at their heels, slavering to breach those platforms and steal money. The "Global Risks Report 2020," published by the World Economic Forum (WEF), notes that cybercrime will be the second most-worrisome risk for global business until at least 2030. Every year, the world's cybercriminals harvest at least $1.5 trillion in ill-gotten gains — as much as Russia's gross domestic product (GDP). If cybercrime was a country, its GDP would be the 13th largest on Earth.  

As anyone who's been paying attention knows, in recent years the market for compromised assets — stolen credit card data and other personal information — has ballooned. To supply this market, cybercriminals use various underground hosting and associated services — including bulletproof hosting, virtual private networks (VPNs), anonymizers, and distributed denial-of-service (DDoS) protection — to run their operations and keep them safe. Among other things, these services protect availability, keep the bad guys anonymous, block forensics, make physical locations hard to find, and enable IP spoofing.

The fact is, cybercrime is a highly developed sophisticated industry that makes big sales and uses the same marketing techniques and platforms as legal businesses do. Trend Micro found an ad for dedicated, compromised US-based servers with prices ranging from $3 to $6 for guaranteed 12-hour availability. Many such services are flogged on the Dark Web and are invitation-only; others are advertised and sold on well-known (and legal) platforms including Twitter, VK and Telegram.

The Blurry Distinction Between Cybercrime and Legitimate Business
Today, it's becoming hard to discern the difference between online crime and legitimate business. Some hosting providers serve legitimate clientele and sell their services openly on the Internet, but there's no doubt that some of their customers are resellers that deal only with criminals. The hosting company may or may not know this.

The so-called "bulletproof hosters" are typically linked to cybercrime. These are often regular hosting providers that are attempting to broaden their business by homing in on specific customers. The hosts are ready and willing to push the legal envelope for the customers — for a price. However, the potential for prosecution has driven most of this activity onto the Dark Web, where crypto-payments such as Bitcoin make it hard to identify bad actors. Here, in this place where no one trusts anyone, some markets use escrow payments to facilitate risky transactions. Some vendors even offer customer support and money-back guarantees on their services.

Criminals Target Each Other
An October 2019 report by Europol, the European law-enforcement agency, notes that DDoS attacks are among the biggest threats to international commerce. However, law-abiding companies aren't the only ones that suffer. Anyone who spends time checking out Dark Web services knows that many of them typically indicate an "uptime" — that is, the time when they aren't out of action because of a DDoS attack. This just goes to show that dirty tricks happen in every kind of business, legitimate or not. When one Dark Web vendor is targeted and taken offline, its customers have to go someplace else — perhaps, even, to the service that launched the attack.

These clandestine markets are vulnerable to DDoS attacks due to characteristics inherent in the Tor browser, a favorite among Dark Web users. In 2019, the Dark Web's three largest markets — including Dream Market, which was extorted to the tune of $400,000 — were all hit by major and prolonged DDoS attacks.

Tilting at Windmills
Now for a bit of technical geekery. A DDoS botnet requires command-and-control servers, but anyone using domain generation algorithms and similar tools can move their infrastructure faster than legal authorities can pinpoint it and take it out.

According to Europol, DDoS-for-hire "is a pressing issue, mainly due to how easily accessible it has become." The organization figures that stressor and booter services have made it much easier to get into cybercrime: for a small fee, almost anyone can unleash a DDoS attack with a mouse click, take websites offline, and clog networks with a flood of bogus traffic. The targeted organizations can be brutalized financially and reputationally, and customers lose access to vital services offered by financial institutions, governments, and police forces. The US Department of Homeland Security warns on its website that "over the past five years the scale of attacks has increased tenfold", and that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale".

Law enforcement and other groups are trying to prevent DDoS attacks, but often doing it taking down booter sites (that is, sites that let criminals rent access to a network of hacked or infected computers to launch DDoS attacks). But it's easy for the bad guys to put up new websites and keep on doing bad stuff. Some observers, including those behind this study, say that DDoS takedowns are useless. Even after 15 major DDoS-for-hire outfits were snared in a coordinated action by US and European law enforcement, the volume of DDoS traffic hitting victims didn't budge. In fact — in what may have been a deliberate poke in the eyes of legal crusaders — the number of DDoS-for-hire websites actually increased, the same study mentioned above concluded.

Time to Boost Cyber Resilience
Cybercrime spreads like wildfire, makes a ton of money for its perpetrators, and is far less likely to land them in jail than, say, bank robbery. In the United States, according to the WEF report, the chances of catching and prosecuting cybercriminals actors are as low as 0.05%.

The bottom line is that companies need to protect themselves against DDoS attacks by being strategic and proactive. As DDoS attacks become easier and less expensive to launch, the number and types of organizations they target is likely to continue to expand. Making matters worse, the growth of the Internet of Things will open up a universe of new and unprotected smart devices, while widespread adoption of 5G will cause the size of attacks to skyrocket far beyond the available internet bandwidth.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27852
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2021-3137
PUBLISHED: 2021-01-20
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
CVE-2020-27850
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2020-27851
PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
CVE-2020-13134
PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...