News

Blog

Tuesday, July 22nd, 2014

Cyber Crime – Would You Like Fries With That?

Malware as a Service (MaaS)

malware as a serviceIn order to initiate a cyber-attack against someone you will need to be a trained hacker who uses a complex suite of products and operates in the seedy underbelly of cyberspace – right ?

Wrong… !

This is a common misconception held by many people. The reality is this could not be further from the truth. Anybody can now rent or buy all the tools needed to build malware. They can purchase this malware product with a (Ready to Extort) existing client base of infected customers or they can distribute this malware themselves. This will give them the ability to then siphon online banking details, credit card info and other personal information from the compromised PCs. The Malware as a Service business model operates similarly to the (SaaS) Software-as-a-Service offerings in that it allows criminals to gain access to build-it-yourself malware kits. The selection of malware will come in different flavours with different management tiers that can be hosted in the cloud or on premises. Once the customers have decided on the type of product they want to purchase they will be in a position to initiate their attack within minutes.

The service offering is now highly advanced, very professional and criminals will provide service level agreements, quality assurance, web chat & 24×7 support. Their operations are so professional it would give the customer service element of any good utility provider a run for their money.They will even go as far as to provide competitive displacement offers for their criminal cliental who might be using competing MaaS from other organisations.

As part of their business plan the criminal providers are launching aggressive cyber campaigns with specific intent to infect the largest number of machines. This will result in a large and dangerous botnet. These botnets are essentially a web of infected “zombie” computers that are invisibly infected with malware. When they have thousands of computers infected they will then use this valuable resource to differentiate their MaaS offering. These malware-infected-hosts, also known as “loads”, are then rented to their customers. Of course the services offered are totally customisable, clients can choose the type of malware that infects the victims and their geographic location, it is possible to rent European malware infected hosts or machines in the US or Asia.

But it’s not all rosy in the garden. Due to the success and lucrative nature of the MaaS offering the variety of malware being offered has increased. The result is that prices are being driven down as developers in the online underground compete fiercely for criminals looking to purchase botnets and other tools to mount cyber-attacks.

Because of competition among suppliers, prices have been falling rapidly. Already this year prices starting for a U.S. botnet of 1,000 computers fall from $200 to $120. Today, a person can buy a 10,000-computer botnet for $1,000.

In summary building malware has never been easier, and now attacks can be specifically tailored to suit specialised user needs. These do-it-yourself cyberattack kits can be acquired and unleashed with relatively little to no experience. As prices continue to fall in the MaaS market and the number of malware services increases the risk is growing increasingly more severe.

 

Published by Ronan Murphy (@Smarttech01)




Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021