Cybercrooks turn to crimeware-as-a-service
Crooks have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing crimeware toolkits or compromising legitimate websites
According to Finjan's Malicious Code Research Centre, the 'crimeware-as-a-service' (CaaS) business model has arrived.
"We see the rise of the CaaS business model in the crimeware-toolkit market," said Yuval Ben-Itzhak, CTO of Finjan (pictured). "Cyber-criminals and criminal organisations are getting better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it."
As with mainstream software providers, the creators and owners of these crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques - as well as the ability to manage and monitor malicious code affiliation networks. "It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use crimeware toolkit," added Ben-Itzhak.
He foresees the next phase in the commercialisation process as creating a service for getting straight to stolen data "by providing the victim data tailored to the criminal intent". Having such a service eliminates the need for attackers to even have to log in to manage an attacker profile on a crimeware-toolkit platform.
Image: Finjan CTO Yuval Ben-Itzhak sees the rise of the 'commercialisation' of cybercrime
What do you think about the issues raised in this news story? Share your views at the Information Professional discussion forum.
More IT industry news from the IET