Crime-as-a-service: The next big threat to your business
Digital transformation has become a major subject on the agendas of corporate executives. Whether it’s artificial intelligence, data analytics or cyber security, business owners and leaders seem to realize they cannot ignore the changes in the (corporate) world any longer and have decided to act on them. However, all these innovations and newly important subjects come with great costs. A relatively new attack vector has presented itself. In security lingo this attack vector is known as Crime-as-a-Service.
Hacking history in a nutshell
Nowadays the hacking scene is completely different than at its inception. In the past hackers were highly skilled individuals who were trying to push the abilities of computers beyond the known boundaries. These days, the term hacker is used mostly in a negative context. Only a small number of people seem to make a distinction between the several forms of hackers. To give a few examples of the various types of hackers: script kiddies, black hat, grey hat, white hat, green hat, blue hat, red hat, hacktivist and whistleblowers.
Transition from knowledge to finding the right place
In the previous century, hackers were were highly intelligent and skilled. Nowadays this knowledge is not needed anymore. Of course there are still a lot of skillful individuals and/or groups, but these skills are not a requirement to be able to perform cyber attacks.
A relatively new attack vector has presented itself, known as Crime-as-a-Service. As the name suggests this vector is a service. Anyone – even those lacking the computer knowledge previously needed – can make use of this so called service. The only requirement is to be able to find the right place on the internet. And in what place can these services be found? You guessed right; on the dark web.
You cannot reach the dark web with a standard browser such as Chrome, Firefox or Safari. To access the dark web you need a browser called TOR. The TOR browser can be downloaded from the ‘regular’ internet. There are also thousands of tutorials on the internet that provide you with step-by-step guidance on how to access the dark web. From there on it is only a matter of finding the right marketplace and the ‘fun’ can begin. Fun in quotation marks, because the majority of people buying Crime-as-a-Service packages don’t understand the consequences of cyber attacks for companies or individuals. Let alone the legal consequences that can follow.
Types of Crime-as-a-Service
Various services can be bought on the dark web to perform a cyber attack. These range from packages for inexperienced and unskilled individuals to high-end packages for experienced and highly skilled hackers. Highly skilled hackers already know how to perform attacks, so generally the services are bought by unskilled individuals.
A few types of Crime-as-a-Service that can be purchased:
- Phishing kits
- Exploit kits
- Malware and viruses
- Criminal Phone Banks
How to mitigate
The key of mitigating this threat is simply planning ahead. Crime-as-a-Service will increase risks throughout the organization, in particular the risks of financial fraud, cyber attacks and data theft. All companies can be targeted, but the SMEs in particular are facing an increased risk. Big corporations are of course very interesting for criminal hackers, but corporations have ‘money to spend’ on cyber security. SMEs have fewer means of defending themselves and invest a lot less in their cyber security. Therefore the chance of a successful attack of a hacker increases and so they pose a better target.
Don’t become a victim
Don’t postpone the responsibilities of protecting your company. Even if you think your company isn’t interesting to hackers, you can still become a victim. Think about the (cyber) risks and how to mitigate them.
Contact Crowe Peak for more information on cyber risks and how to mitigate these. We can perform several assessments to find technical vulnerabilities in your systems. Our assessments might prevent your company from becoming a victim. To prevent is better than to cure.