Black Market SaaS – The world of cybercrime changed
Historically, cybercriminals committed crimes in small groups or organized through larger groups like the mob. To use botnet, It took some skilled people writing malware, infecting a ton of computers, and then using it to steal information or throw a server offline through a DDoS (distributed denial of service) attack.
Today, this is changing.
Today, someone wanting to steal information or execute a DDoS attack need only some bitcoin and an internet connection. Over the last ten years we have seen an insane increase in the number of criminal groups that have learned the idea of supply and demand. Instead of creating a botnet and using it themselves, now they create a massive botnet and rent it out to other criminals.
The idea of taking something that would be out of the reach of petty criminals and packaging it into a SaaS (Software as a service) platform is reshaping how cybercrime works on the global level. It is creating an entire new market for criminals; a market that can pay quite well.
Most of the previous instances of SaaS black-market goods are packaged tools for attacking software and middleware, spear fishing tools, and botnets. We are going to see this change a lot over the next couple of years. With things like private vulnerabilities being sold on the open market, we are going to see entire companies built up around the idea of SaaS intrusions.
One of the first few we are going to see are Common Channel Signaling System No. 7, satellite feeds, and SWIFT.
For those that are not aware, CCSS7 is a system used for managing most of the world’s telephone systems. There are private vulnerabilities out there already that allow people access to calls, text messages, etc.
SWIFT is the global provider for secure bank messaging. This system allows banks to send and receive transfer requests. We have seen many intrusions recently on this network by individuals who compromise banks and credit unions that have insufficient security mechanisms in place. Most of the time, these intrusions end up resulting in the loss of millions of dollars in a matter of hours.
By finding vulnerabilities in these systems, and then selling access to these networks, the criminal has the ability to make a lot of money… especially from foreign governments. Governments and criminal organizations like the Yakuza, Triads, and American Mafia are already picking up cybercrime at an insane pace. Once they get the option to exploit networks like these without having to do any of the leg work, it will be a no-brainer for them. It will take sending a few bitcoin to an address and all of a sudden they can spy on politicians, police officers, or their own members.
What can we do?
We have to find a way to counter this… but it’s probably going to have to be a change in policy. We are going to have to move away from taking the easiest route all the time, and moving towards taking the secure route. Companies are going to have to invest in security more than ever and force users to use authentication mechanisms that are more cumbersome.
The thing about the pain-in-the-ass authentication mechanisms (if they are coded correctly) are that they are a pain in the ass to break into as well (most of the time).
We need to move towards an old tried and true method of authentication… “something you know and something you have.” This means you need to know the answers to security questions AND you need to have a hardware based key that allows access.
We will see what happens though. Human laziness knows no bounds.