Cybercrime services have become a worrying offshoot in the cybersecurity world. Investment in Cybercrime-as-a-Service (CaaS) is growing immensely as tech-savvy cybercriminals have built entire business models for a lucrative revenue stream.
Access to networks sold for up to five figures
- Researchers from Rapid7’s IntSights revealed that underground criminals are selling unauthorized access to compromised enterprise networks for up to $10,000.
- They analyzed around 46 samples for network access on underground forums between September 2019 and May 2021, and found that the average price for these samples was set at approximately $9,640 and the median price at $3,000.
- In September 2020, Russian-speaking threat actor ‘hardknocklife’ auctioned off RDP access to a U.S. hospital’s network between $500 and $5,000. The access eventually yielded patient records that contained birthdates, social security numbers, and other information.
- In another example, another Russian-speaking TrueFighter cybercriminal had sold the information of an American hospital with $60 in revenue.
Ransomware gangs making the most of it
- With ransomware-as-a-service gaining traction in underground markets, ransomware gangs are also looking for ways to divert their profits into CaaS business schemes.
- Lately, the BlackMatter ransomware gang had displayed its willingness to spend between $3,000 and $100,000 to buy access to networks in the U.S., Canada, Australia, and the U.K.
- The gang meant serious business and to highlight that, it deposited four bitcoins ($120,000) in Exile hacking forum’s cryptocurrency wallet.
The concerning factor
- In addition to the booming sale of network access, underground markets are also witnessing the emergence of new attack techniques and channels that can be used for various malicious purposes.
- Researchers from Group-IB discovered a new cybercrime service dubbed Prometheus Traffic Distribution System (TDS) that helped attackers distribute malware strains such as Campo Loader, QBot, IcedID, Buer Loader, and SocGholish.
- It was being promoted on cybercrime forums at the price tag of $30 for 2 days of access to the platform or $250 for month-long access.
- In a different incident, an anonymous hacker had offered a PoC for a new technique for sale that could allow cybercriminals to execute malware from GPUs.
With new exploits, cybercrime tools, and attack techniques readily available at attackers’ disposal, cybercrime campaigns have become easier to launch than ever for threat actors. Early identification of threats and rapidly sharing information to detect them are some of the defensive techniques to mitigate the risks associated with the CaaS model.