The business of cybercrime is not unlike a typical start-up business model. There’s a product with a clear value proposition, integrated marketing campaigns, customer support services, risk and rewards analysis, research and development and more. There are even Black Friday deals for criminals on the dark web.
Criminals have relied on the dark web to buy and sell all sorts of contraband — ranging from illegal drugs to stolen passwords and data. Now, with ransomware as a service (RaaS) and other hacker toolkits like malware-as-a-service and phishing-as-a-service, the world of cybercrime has evolved from a hacker hobby into a capitalist market. As long as there’s a market and money to be made, there will always be criminal innovators developing new attacks that are for sale on the dark web.
Here’s a look inside this profitable yet dangerous business world, where capitalist hackers use the kinds of product development and marketing techniques in the same way legitimate businesses do to be successful.
There are many different ways to profit.
Anyone can be a hacker these days, thanks to RaaS. All it takes is a little research and some bitcoin to purchase an email-flooding service on the dark web. In fact, even with the multimillion-dollar success of SamSam, a type of ransomware attack that is carried out by hand, we expect RaaS kits to continue to appeal to cybercriminals, even lower-skilled ones happy to rake in a few hundred or thousand dollars with minimal effort. We’ll talk more about the difference between RaaS kits in the second article of this two-part series.
The money-making criminal cycle is fairly straight forward. Every successful ransomware attack or phishing attack makes hackers money, providing them with more resources for their next set of attacks. For example, one hacker might purchase bitcoin, use that bitcoin to buy stolen credit cards, use those cards to buy more bitcoin, purchase RaaS kits, rake in more bitcoin and cycle on endlessly.
Attacks aren’t always aimed at endpoints. Hackers may also target an organization’s servers and sell stolen information, or even access to the server itself, for a premium price on the dark web. These attacks are devastating to businesses and gold mines for hackers because of the wealth of critical data they hold — which includes anything from personally-identifiable information (PII) and confidential intellectual property to financial records.
Marketing gimmicks mirror the real-world market.
Some cybercriminals differentiate their products through marketing gimmicks, like creating professional-looking logos or holiday-themed sales. It’s not uncommon for a cybercriminal to rebrand their product after some time to make more money — or to help them evade detection. At times, it boils down to ego and pride. A cybercriminal rebrand is no different from a legitimate business’ efforts to update marketing materials and packaging after they upgrade products or receive more funding.
And then there’s PR and customer support. Because, hey, even cybercriminals on the dark web need to maintain a positive image! Reputation management is important since there are vendor review systems for these products, much like Yelp for real businesses. Many cybercriminals actually provide customer support services — since they know that improving the customer experience helps them stay competitive and differentiate their product in a crowded marketplace.
They keep up with the competition.
Rapid innovation in any industry usually comes with side effects, and the world of the dark web is no exception. Anything driven by economics will be faced with supply-and-demand issues. As server attacks proliferate and the RaaS market becomes saturated with available toolkits, it’s going to be especially difficult for hackers to sustain profitability. No matter though – as cunning as they are, cybercriminals will find other ways to make money and sell hacker toolkits on the dark web.
As hackers with rapid success feel the brunt of supply and demand issues, the same goes for talent recruitment. The process hackers use to recruit new talent and network is actually quite similar to a normal software company, with job boards, postings and interviews. But, hackers aren’t just looking for pure talent. Reputation and references are key, since there’s always a danger that an eager candidate is just an undercover law enforcement agent.
The cybersecurity arms race continues.
In this kind of capitalist market, as long as there’s money to be made, crime will continue to attract a lot of unsavory people. As hacker toolkits proliferate, companies need to make sure they are able to protect against the next attack.
This means asking the right questions when selecting a security vendor – such as what “exploit protection” really means, just how many exploits it protects against and how that vendor is innovating. Understanding the depth of protection and future proof technology your business is signing up for is pivotal. Businesses need a security vendor that can keep up, continue to innovate with next-generation protection like deep learning and predictive security and help them make IT decisions now that their future self will thank them for. If your security vendor can’t tell you what they are doing next, you may have purchased obsolescence.
Regardless of what security strategy you choose, there are a number of security best practices to help protect against cyber-attacks. Here are a few to keep in mind:
• Back up all files regularly and keep a recent backup copy off-site.
• When you receive a document attachment via email, don’t enable macros. Microsoft, a partner of ours, deliberately turned this off as a security measure.
• Be cautious about unsolicited attachments, and when in doubt, don’t open them.
• Apply patches for applications as soon as they’re released to minimize the number of gaps criminals can exploit.
This article is part one of a two-part series on the big business of cybercrime. Part two will cover targeted ransomware, how it contrasts with RaaS and how to protect against such attacks.