However legitimate SMEs are not alone in realising the benefits of the internet for business success. Cybercriminals are business owners in their own right, operating on a highly professional level. What’s more, many are relying on the vulnerabilities of small business websites to run their illegal trade.
With the rise of cloud computing, small business owners are not just selling their goods and products online, but are increasingly selling their online services – giving rise to a number of ‘as-a-service’ businesses. While legitimate companies offer services such as ‘software-as-a-service’, ‘infrastructure-as-a-service’ and ‘platform-as-a-service’, this trend has fed down into illegal cyber trades. The accessibility of these illegal cyber trades however is of significant concern. With millions of email addresses available on commercial auction sites, to simple online searches providing access to DDOS services.
Many people wouldn’t know where to start when it comes to hacking a computer, but worryingly there are cybercriminals out there making a successful business out of selling the tools required to carry out an attack.
This ranges from selling developed code that enables amateur hackers to gain access to websites, to receiving payment for checking illegal files against a range of security software and revealing which security protection is vulnerable to an attack. These illicit business owners even offer translation services, so that criminals can scam victims in foreign countries.
For those who have the tools needed to launch an attack, but wish to know when is the right time to act, criminals offer services that alert hackers as soon as a computer application becomes vulnerable to an attack. This is called the zero-day vulnerability window.
Research-as-a-service also includes the sale of huge lists of email addresses that can be filtered based on geographic region, or even profession.
While the above three services make their money from selling their criminal skills, there is also a market for the rental of the equipment necessary for an attack. This can involve renting out a whole network of infected computers. Known as a botnet, these networks can be used for a number of services, such as sending spam, launching DoS attacks and distributing malware.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.