Cybercrime continues its development into a mature, professional industry.
This trend has been going on for years. As noted in a 2013 Reblaze white paper:
“Organized crime groups (especially in Eastern Europe) now treat computer crime as a profession, and a mature industry has arisen around criminal hacking. There are underground marketplaces where every possible resource or skill is available for hire. Botnets and other attack resources can be rented by the hour, day, week, or month. Hackers with specific attack skills offer their services as freelancers. Customized malware is available directly from its authors, and the malware itself is technologically advanced.”
Since then, this trend has developed further.
Professionalization has gone beyond organized crime groups in Eastern Europe and Russia. China also has a significant hacker underground, in addition to the formidable cyberwarfare capabilities of the Red Army. Even Brazil has become known as a substantial source of sophisticated malware (especially banking trojans), and is now one of the most active international sources for phishing attacks.
In many ways, the cybercrime world now parallels the legitimate commercial Internet. Numerous marketplaces have sprung up on the darknet, ranging from small IRC channels and closed forums all the way up to large, thriving sites.
The marketplaces (which for obvious reasons, we can’t link to here) are now found all over the world. They are fascinating to look through.
Vendors vary in size from individual hackers up to large ‘businesses’. A full spectrum of cybercrime products and services are available. Malware is available off-the-shelf, or custom-developed for your specific needs. You can purchase illicit ‘solutions’ for a wide variety of target types, from broadly-aimed PC viruses down to tightly-focused keyloggers which capture login information for specific banking websites.
As the malware industry has grown, typical free-market trends have emerged. Vendors strive to offer software that’s better-designed, or more feature-rich, or compatible with a longer list of resources (such as botnet networks, RATs, etc.), when compared to the products from their competitors.
Many vendors specialize in hacker support services, such as secure hosting for your malware. Meta-software is also increasingly available, such as admin tools that allow you to run multiple malware products from a single convenient dashboard.
And if you don’t have the technical abilities to wield any of the offered products yourself, there are many freelancers whom you can hire to do the heavy lifting for you.
Many of these marketplaces are quite mature. Some have review systems where customers (and sometimes, the vendors) can rate their satisfaction after a transaction. Some have an infrastructure where vendors can run banner ads for their products.
Obviously, this is all bad news. Mature markets are efficient markets. And as hacker markets get better, the overall cybercrime economy gets more effective.
This applies not merely to the overall economy, but also the organizations within it. Many cybercrime ‘businesses’ are thoughtful and deliberate in their efforts to improve their efficiency and effectiveness.
Earlier this year, there was this story from Help Net Security: ‘Cybercriminals are incorporating corporate best practices’. The entire article is worth a read, but here’s an interesting excerpt, quoting Kevin Haley, the director of Symantec Security Response:
“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off… We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”
Cybercrime is becoming a mature, efficient, well-managed, and technically sophisticated industry.
Have your web defenses kept up?
Photo credit: Luis Llerena