Malware-as-a-Service: The 9-to-5 of Organized Cybercrime

Posted by Brian Laing MAR 8, 2018 ON

Imagine going to work, sitting at a desk, and pulling out your toolbox: a rootkit. Though it may seem dystopian, cybercrime has become a business enterprise. Cybercriminals are now modeling themselves based on big businesses, adopting their processes and project management techniques. Professional hacking organizations are training new waves of cybercriminals, investing in collaboration tools, and even creating their own customer service departments. And though advanced malware, exploit kits, and other tools of cybercrime have been available for some time, this new method of organizing cybercrime is even more threatening.

Built Like Any Other Business

Lastline’s specialists have observed something interesting: attacks will start up around 9:00 AM, slow down around lunchtime, and stop around 5:00 PM. This 9-to-5 operation is built just like any other business, complete with lunch breaks.

Modern organizations can conclude that there are now businesses in operation with the express purpose of attacking other companies on a network infrastructure level, whether it is to disrupt their operations or steal their data. The goals of those who use organized cybercrime services depends highly on those who are “hiring” them, from potentially taking out a competitor to committing credit card fraud.

Accessibility and Ease of Use Are Good For Business

Cybercriminals are taking more than a few pages out of the books of big tech companies, following in the footsteps of Apple, Microsoft, and Google. In terms of deployment, they are now focused on developing solutions that are extremely easy to use and that can be accessed from anywhere. In other words, malware has moved to the cloud.

Given these high-level tools and services, individuals don’t need to know programming to launch an attack. Once called “script kiddies” (users who used scripts written by other people), any wannabe criminal can use packaged exploits, malware, and services to launch even sophisticated attacks. 2017 saw a record for data breaches, not only because malicious attackers themselves are becoming more common, but because they also can leverage advanced technology to do so. Apart from widespread pre-packaged attacks, inexperienced cybercriminals also are able to leverage an unprecedented number of endpoints in our prevalent Internet-of-Things (IoT) and mobile device-friendly networks.

In July 2017, a software exploit known as GandCrab was provided as a service on hacking forums. Distributed through two different exploit kits, GandCrab offered a partnership program for its ransomware, with its developers keeping 60 percent of ransom fees collected. In exchange for these ransom fees, the developers of the malicious program offered support and updates for the ransomware itself, essentially adding incentives to the investment. GandCrab even included an incident tracking system, showing a willingness to provide customer support and ease-of-use to their customer base.

GandCrab’s software solution was designed specifically to be easy to use for both operators and victims, a part of a new trend in ransomware that makes the ransomware itself easy to use. By making it easier for victims to pay the ransom than remove the software, ransomware developers can encourage their “sales.” If victims can release their own data by paying a fast, nominal charge, they may be more likely to do so than pay a technician to remove the software, also recognizing the loss of productivity while doing so.

The Malware-as-a-Service Business Model

Wherever there is a demand for something, there will, in turn, be a supply. Modern malware is designed, built, and sold like any other piece of software. Malware may go through a beta, get updates and patches post-launch, and be available for purchase outright or through a subscription fee. Tools such as exploit kits are made available in the cloud. Anything that you can imagine is available somewhere — for a price.

As long as there are those who want to commit cybercrime, there will be those willing to facilitate it. But this also comes with some additional profit centers. After all, after the criminal purchases their software, they’ll still need to deploy it. And after they’ve invested in this malicious software, they may find that they need add-on features or other tools. In other words: upsells and customer support.

Malware-as-a-Service provides everything a cybercriminal needs to get started and threatens modern organizations in two ways. First, Malware-as-a-Service creates a demand for ever-better, easier-to-use malicious programs, as malware developers struggle to distinguish themselves from their competition. This leads to significant strides in the accessibility and sophistication of malware threats.

Second, Malware-as-a-Service vastly increases the number of individual threats, as it empowers users who would not otherwise have the technical skill to create their own malicious programs. This effectively allows just about anyone to launch cyberattacks.

Organized Cybercrime Can Be Good Business, For Some

For many developing countries or poverty-stricken communities, organized cybercrime is good business. With just a computer and an Internet connection, a business is able to bring money into the local economy. Often this money is worth far more to the cybercriminal, in terms of exchange rates, than it is to the victim.

Because of this “Robin Hood” aspect, it’s nearly impossible to get local law enforcement to cooperate with identifying or arresting criminals. And as locals learn of the very low risk associated with being caught, they become more likely to try. In some countries, cybercrime might as well be considered a legitimate industry. With tools and services available to help them get in on the game, it has naturally become an escalating cycle.

Cybercrime does not create any local victims. Thus, businesses within the cybercrime industry can setup local offices, purchase equipment, and even hire employees with minimal interference. Protection has to be done on the other side of the screen.

Defend Your Business

Businesses have to be just as proactive about protecting their technology as cybercriminals are about disrupting it. Cybercriminals have the edge here because the flow of money usually means more to them, they can put significant resources towards developing their threats, and they don’t have to follow the rules of civilized, law-abiding society. At the same time, they are also blunt instruments; most cybercriminals are looking for the easiest targets and will move on once you prove yourself to be a challenging foe.

Modern businesses need to take the initiative, creating comprehensive training programs with an emphasis on continual learning and updates. Further, organizations need to be willing to invest in new, advanced technology to protect their interests – just as the cybercriminals are doing. And in order to defeat an organization that is organized, businesses will also need to be organized in the same ways.

Cybercrime is a growth industry that is on track to surpass the illegal drug trade in the next few years. To protect your business, you’re going to have to invest in the latest, most advanced cybersecurity solutions. Contact Lastline to learn how we can help.