These days it seems that every form of IT technology is being offered as a service, thus creating a burgeoning market where companies are providing organizations with an array of software- as -a- service solutions, infrastructure-as-a-service solutions, and platform-as-a-service solutions.
It is not only the entrepreneurs, business executives, and investors that have grabbed onto this “everything-as-a-service” trend. Cybercriminals, conducting business in the Underground Hacker Markets, have also been watching this wave take hold; many have adjusted their business models to make it easier and less expensive for criminal novices to get into the very lucrative business of cybercrime.
Armor is a global cloud security solutions provider and knows the Cybercrime-as-a-Service ecosystem well. One of the ways its Threat Resistance Unit (TRU) security research team tracks the current and emerging cyber threats is by closely monitoring the Hacker Markets and Forums where illicit goods and services are bought and sold.
In Armor’s annual 2019 Black Market Report, the TRU team compiled and studied data from twelve different dark markets and forums.
Interestingly, although the TRU researchers found the cybercriminals continuing to offer the standard goods and services such as online banking credentials, credit card data, Distributed of Denial of Service (DDoS) attacks, and personal identity packets (known as fullz), they found an array of interesting new cybercrime services for sale.
For example, if you want a negative item removed from your credit report, it will only cost you £117, should you desire to increase your credit card limit by £7,500, that runs £553, and if you are looking to expand your LinkedIn network by 1,000 contacts, that is a mere £12.
Indeed, these offerings are definitely novel, however, the TRU team uncovered several goods and services which are much more illicit in nature. Two of which are in support of ransomware, one of the most debilitating cyber threats plaguing organizations today.
If you are a fraudster and you want to get into the very lucrative ransomware game, but you have limited technical skills, the seasoned cybercriminals have created a service just for you. For only a £100 you can purchase a monthly subscription to a ransomware operation (known as ransomware-as-a-service), where you are provided with the ransomware, the decryption key, a log-in panel to input the Bitcoin wallet address where you want the ransom paid, etc. T
he only thing that you are responsible for is infecting your target victims with the ransomware.
And should you also need help with that, this is also available. One of the most popular infection vectors for ransomware attacks is vulnerable, open remote desktop protocol (RDP) servers. Armor found countless hackers selling log-in credentials for unhacked Windows servers for use with RDP. These credentials run between £17 and £20 a piece, and buyers can purchase access to RDP servers in different parts of the world, Paris, London, Tokyo, Sydney, you name it.
Why are credentials for unhacked RDP servers so sought after? Once threat actors have access to a vulnerable RDP system, they simply use it as a steppingstone to the main area of the network and proceed to install ransomware onto target machines. From there they can encrypt files, including backups, and disable network protections.
One of the most alarming trends the TRU team saw emerge this year was a service whereby a fraudster can purchase cash for only 10 cents to 12 cents on the dollar. Cybercriminals are giving buyers the opportunity to buy cash in various amounts—£10,000, £ 5,000, £2,500—and all the buyer has to do is prepay the criminal their 10% to 12% fee in Bitcoin and provide them with a bank or Paypal account they would like the money transferred into.
The buyer can also opt to have the money wired to them via Western Union. No longer do buyers have to purchase online bank account credentials, secure a money mule account to transfer the funds into, log into the stolen bank account and conduct the money transfer themselves; they simply have to collect the money. It is a turn-key service for fraudsters who are not technically savvy.
This arrangement also works well for the cybercriminal selling the stolen funds because, ultimately, he or she is not taking possession of the funds but merely transferring them, which puts the majority of risk on the scammer buying the money. With the glut of online bank credentials and credit cards (which can be used to wire money via Western Union) for sale on the underground markets, it came as no surprise to the TRU team that the cybercriminals would figure out additional ways to monetize these illicit goods.
These are just a few of the newer cybercrime-as-a-service offerings which have come onto the Black Markets. Of course, the TRU team continues to see hackers offering to lease their botnet, launch distributed denial of service attacks (DDoS) , hack a target’s corporate and/or personal email account, alter one’s academic record, you name it.
Unfortunately, Armor’s researchers are confident that the cybercriminals will continue to develop new products and services to capitalize on their illicit activities. To protect one’s organization from the current and emerging cyber threats, security teams must be diligent and employ effective security services and technology. Armor recommends organizations consider the following security protections:
- Train employees how to identify suspicious activity, phishing emails, etc.
- Find, classify, and protect your most sensitive data.
- Deploy patches as promptly as possible to shorten vulnerability windows.
- Employ data encryption to protect sensitive data in transit and at rest.
- Monitor cloud usage, manage access to cloud services, and secure any data or applications you migrate.
- Use firewalls, anti-malware software, and intrusion detection and prevention systems to build a shield around your environment.
- Implement multi-factor authentication when providing access to your most critical systems.
- Use OFFLINE Backup Storage which is air gapped from the internet.