What Cybercrime Services are Available on the Underground Market?
Does your business outsource certain activities in order to get an expert in their field to carry out a task or project for you? The answer is probably yes, and this is the approach cyber-criminal gangs are taking too.
Cyber-criminal gangs are outsourcing many of their activities to those who can offer specific elements of the cyber-attack framework. Making the barrier to entry for cybercriminals lower than it has ever been before and a challenge for defenders to keep on top of.
In this article we explore some of these elements:
Ransomware-as-a-service (RaaS) is a business model in which ransomware developers sell their malware to other criminals, who then use it to attack victims. RaaS makes it easier for criminals to launch ransomware attacks, as they do not need to develop their own malware. RaaS groups typically provide a platform for criminals to rent and use ransomware, as well as support and updates.
Initial Access Brokers (IAB)
Initial access brokers (IAB) sell access to compromised networks to other criminals. This allows criminals to bypass security controls and gain access to systems without having to find and exploit vulnerabilities themselves. IABs typically sell access to networks that have been compromised by phishing attacks, malware, or other means.
Crypter-as-a-service (CaaS) is a service that allows criminals to encrypt their ransomware payloads, making it more difficult for security researchers to analyse and detect them. CaaS providers typically offer a variety of encryption algorithms and features, as well as support and updates.
Cryptojackers are pieces of malware that use a victim's computer to mine cryptocurrency. Cryptojackers can be installed on a victim's computer through a variety of methods, including phishing attacks, drive-by downloads, and exploit kits. Once installed, cryptojackers will use the victim's computing power (CPUs and GPUs) to mine cryptocurrency, which can slow down the computer and use up its resources.
Malware-as-a-service (MaaS) is a model in which malware developers sell their malware to other criminals, who then use it to attack victims. MaaS makes it easier for criminals to launch malware attacks, as they do not need to develop their own malware. MaaS groups typically provide a platform for criminals to rent and use malware, as well as support and updates.
Looking for more infosecurity & cybersecurity insights?
Keep up to date with the latest trends and expert insights from Infosecurity Europe.
An exploitation kit (EK) is a piece of malicious software used to exploit vulnerabilities in software applications. EKs are often used to deliver malware, such as ransomware, spyware, or botnets. EKs are typically delivered through phishing emails or drive-by downloads.
There is also a lucrative market for information products and account details, including:
Any information that is owned or used by an organisation, such as trade secrets, customer data or financial information is desirable for cyber-criminals. When organisational information is exfiltrated, it can be used to give a competitor an advantage, to commit fraud, or to blackmail the organisation.
Personally identifiable information (PII)
Any information that can be used to identify an individual, such as their name, address, date of birth and, in the US especially, social security numbers. Stolen PII can be used for a variety of malicious purposes, such as identity theft, fraud, and blackmail.
Usernames, passwords, or answers to security questions can all be used to authenticate a user and access a network by bypassing security controls with legitimate information. When authentication credentials are harvested and sold on the dark web, they can be used by IABs and other threat actors within the chain to gain unauthorized access to a system or network.
Financial and payment data
Financial and payment data is any information that can be used to make a financial transaction, such as credit card numbers, bank account numbers, or PayPal accounts. When stolen, financial/payment data can be used to commit fraud or to make unauthorized purchases.
Money laundering, or specifically cyber laundering, is also a large part of the cyber-criminal activity, with millions to be made the money has to be handled, transferred and stored carefully. Some of the most common money laundering methods include:
Cryptocurrency is a digital or virtual currency that uses cryptography for security. It is difficult to trace cryptocurrency transactions, which makes it an attractive option for money launderers. Their decentralized nature also makes the use of cryptocurrencies attractive for cyber-criminals. Bitcoin, Monero and Ethereum have been highlighted as cryptocurrencies used by cyber-criminals.
A money mule is a person who is used to transfer money between different accounts. Money mules are often recruited online or through social media. They are accomplices to the cyber-crime even though they may not have direct involvement in the cyber-attack itself. They help cyber-criminal groups remain anonymous while moving their money around.
Trade-based money laundering
Trade-based money laundering is a complex method of money laundering that involves using international trade transactions to conceal the origin of illegally obtained funds.
Shell companies are companies that are set up with the sole purpose of concealing the identity of the true owners. Shell companies are often used to launder money by moving funds between different accounts.
These are just a few of the many types of cybercrime services that are available on the underground market.
As the threat landscape continues to evolve, it is important to be aware of the different types of cybercrime services that criminals can use to attack organizations.
By understanding the different types of cybercrime services, organisations can take steps to protect themselves from these threats.
Enjoyed this article? Make sure to share it!
Keep up to date with the latest infosecurity news and trends in our latest articles.
Stay in the know
Receive updates about key events, news and recent insights from Infosecurity Europe.
Looking for something else?