PAAS - Platform as a Service, CAAS- Cybercrime as a service
"You've got mail," starring Tom Hanks and Meg Ryan, is a mushy rom-com about the blossoming of a relationship between two individuals hiding behind the anonymity of the internet using pseudonyms – "shopgirl" and NY152. While the movie had a happy ending leaving us a tad bit teary-eyed, in the internet of today, the actors have changed, and so has their innocence, leaving a lot of tears in the wake. Email today is the single biggest vector for cyber-attacks, and anonymity is the biggest enabler.
It's not personal, Sonny. It's strictly business
In the 1972 classic “The Godfather,” Mike (Al Pacino) eloquently makes the case to Sonny (Mike's brother) for taking out Sollozo (rival mafioso) along with McCluskey (Cop), who is guarding him. The modern-day mafiosos are today's cybercrime syndicate which, by some latest estimates, is costing the world $6 trillion (yes, you read it right, it's trillions and not billions) in costs and damages, up from $3 trillion in just six years.
Until recently, the cybercrime domain was an integrated domain of the developer, executor, and monetizer. You had a smart individual in some corner of the world who could:
- Identify a zero-day vulnerability in software.
- Write an exploit that could make use of the vulnerability.
- Create a mechanism to reach out to the assets which had these vulnerabilities.
- Monetize the outcome of the exploit.
While the model ensured that all the gains stayed with attackers, there are some obvious constraints that one can see in terms of the capabilities and the reach that one (or group) individual could have. Over the past few years, a strong law enforcement regime has come up to compound the matters, coordinating successful arrests across boundaries to bring these nefarious actors down.
The core competence of the corporation
When management gurus CK Prahalad and Gary Hamel co-authored their now-famous book in 1997, little would they have considered an adjunct use case in the cybercrime domain.
While the internet gave anonymity to individuals, the rise and acceptability of cryptocurrency enabled un-traceability, enabling the evolution of "Cybercrime as a service." The original role of developer, executor (affiliate), and monetizer (money launderer) was split into different components, each bringing their core competence to the table while sharing the spoils.
Honor among thieves
The phrase may have originated way back in 380 BC in Plato's seminal treatise The Republic; it seems to have been taken to a very different level by the cybercriminals. The services offered by the underground ecosystem are not only defined by the players' professionalism but also by the softer aspects around ease of use, customer orientation, post-sales service, and transparency in pricing. The constituents can access user dashboards detailing the program's success and the expected profits.
| Category | Service Type | Price |
|---|---|---|
| Malware Services | Infection/spreading services | ~$100 per 1K installs |
| Crimeware | e.g., Zeus modules, as an example, range anywhere from $500 to $10K | |
| Remote Access Trojans | Features include targeted attacks with screenshots and webcam feed capabilities. Examples include Gh0st Rat, Poison Ivy, and Turkojan ($250). | |
| Professional Services | Consulting for botnet setup | $350-400 |
| Quality assurance vs. detection | Crypters, scanners – $10 per month | |
| Blackhat search optimization | $80 for 20K spammed backlinks | |
| Inter-carrier money exchange and mule services | 25% commission | |
| Captcha Break | ($1/1000 CAPTCHAs)—Done through recruited humans | |
| Crime Infrastructure as a service | Botnets and Rentals | Direct denial of service (DDoS) $535 for 5 hours a day for one week], email spam ($40 / 20K emails), and web spam ($2/30 posts) |
| Onshore and Offshore hosting virtual private servers | $6 per month | |
| Bulletproof/fast-flux hosting | $3 per month | |
| Botnets include broadcast command and control, keylogging, download, and spam | Zeus/Zbot ($700 for the old version, $3,000 for the new) and Butterfly ($900) | |
| Simplified botnet, including download and executing malicious code | Example includes Bredolab (starts at $50) |
In summary
Today's world is grappling with an unprecedented surge of cyberattacks, leaving bruised and battered citizens, governments, and corporates in its wake. This newfound professionalism of the actors will likely worsen the situation. There is a need for the good actors across nation-states to stand up and collaborate in identifying, stopping, and prosecuting these cybercriminals if we are to have a semblance of a chance to gain the upper hand.
