Posted on: 28th July 2017
As cybercrime becomes further commercialised, we’re seeing more hackers writing ransomware, creating spear phishing campaigns and developing password harvesting websites for you- the customer, to buy and then distribute or execute them for your own financial gain.
That being said, it comes as no surprise that the cybercrime as a service marketplace is thriving and also a highly profitable business to be involved with.
This shows that to cause damage, you don’t necessarily have to be a criminal mastermind because you just download programs that have already been created that you want to use in your attack.
Additionally, hacking gadgets such as Rubber Duckys, LAN turtles and Wi-Fi pineapples are extremely easy to get your hands on, and it’s just as simple to find step by step guides on how to successfully exploit a network using them.
Ransomware as a Service (RaaS)
It is likely that the growth in RaaS platforms is one of the main reasons behind a great spike in ransomware attacks over the last year. Throughout 2016, it was estimated that a total of 638 ransomware attacks were carried out on home and business computers.
Again, this highlights that the ease of buying ransomware is cause for concern and it could explain why so many people are doing it, along with the financial incentive, where for the small price of the virus, they could potentially earn a huge profit in ransom payments.
But perhaps the most attractive thing of all about being involved with this kind of criminal activity is that you do not ‘physically’ steal money and data from people, you don’t have to look anyone in the eye and take from them, and this passive way of hacking and stealing can end up being an option for those in need of money, or those who would never steal in real everyday life.
An example of one of the ransomware ‘sellers’ on the dark web is FAKBEN.
Customers of the FAKBEN ransomware-as-a-service pay 50 dollars to download the CryptoLocker executable file, when one of the victims pay the ransom, the Virus creaters keep 10 percent of the sum, and the rest will be yours.
Researchers have recently found a service named Ovidiy Stealer which is a credential stealing malware and is being marketed and advertised on Russian speaking web forums, boasting the slogan ‘Stealing Malware for everyone’.
From as little as 7 dollars, even those with minimal technical knowledge are able to hack as many computers as they want.
The Malware is written using ‘.NET’ and so it has the capacity to target numerous browsers and applications, such as Google Chrome, Opera, Torch, Orbitum etc. However, buyers do have the option to buy a version that only works on a single browser if they wish.
Ovidiy is being distributed using multiple methods; including malicious email attachments, malicious links to a download, fake software or tools offered on various file-hosting websites, and even within software packages.
Ovidiy Stealer is just an example of the kind of market places that currently exist, which brings to light how cybercrime of this nature drives innovation forward, and further challenges organisations to keep on top of the latest threats to their business and data.
Phishing As a Service (PhaaS)
Additionally, Password stealing as a service is just as popular as the examples of other services above.
Phishing as a service is often done through a ‘phishing’ platform that offers an “automated solution for the beginner scammers”.
One of the websites that has caught the attention of researchers is ‘hackshit’, which lures wannabe hackers in with its free tutorials, trials and incentives to make money from hacking if you only subscribe.
Hackshit market their products as though stealing people’s passwords is a perfectly acceptable pass time or hobby and this can be seen across their social media platforms.
‘Take time, don’t rush. Learning is simple. Step by Step. Hacking is fun!’
The wannabes are able to create their own phishing pages that mimic familiar websites such as Facebook, Gmail, Yahoo and various online dating sites, which they can then send to anyone, and eventually steal the victim’s login details, as they try to login, thinking it is a genuine site.
Subscribers are also able purchase login details from other users that have been compromised in breaches using bitcoins from the market place, essentially sharing the stolen data.
Netskope Threat Research Labs discovers and analyses the latest cloud threats affecting enterprises. When researching Hackshit they discovered that;
“The phished bait pages are packaged with base64 encoding and served from secure (HTTPS) websites with “.moe” top level domain (TLD) to evade traditional scanners. This is intended for the purpose of ‘The marketing of products or services deemed’. The victim’s credentials are sent to the Hackshit PhaaS platform via websockets.“
Hackshit recently announced the launch of a mobile app version, meaning people can now be carrying out cyber attacks on-the-go, which highlights the triviality of cybercrime and the ease of access for wannabe hackers to get involved.