Lucrative business: cybercrime-as-a-service
by Raj Samani - Vice President and CTO, EMEA, Intel Security - Monday, 19 August 2013.
These cybercrime traders are brazenly promoting their illegal services on open platforms – in particular the legitimate websites of SMEs. Whether offering customers the opportunity to review products, comment on articles, or discuss and share their ideas, live forums are a common feature on many websites, but the problem is that they are largely unmonitored by small business owners.

As such, cybercriminals have sensed an opportunity and not only are they stealing sensitive data from SMEs that do not protect themselves effectively, they are also relying on unrestricted SME websites to advertise their illegal services.

And this goes beyond open forums, as many small business owners that operate market places or open ecommerce sites are unaware that these illegal services are being sold and traded directly from their legitimate website.

This solves the problem of customer awareness for cybercrime traders, as a quick Google search of the relevant illegal services will take them straight to a post on the small business website. However this is obviously bad news for small business owners. While they believe they are running an honest online business, unbeknownst to them, they are facilitating an underground side-operation from their own company.

Genuine potential customers will be unaware that these posts are not supported by the website owners themselves and, after stumbling across these illicit adverts, are likely to lose trust in the company and take their custom elsewhere.

Black market, big money

Not only can such schemes lose SMEs money, but while small business owners are struggling to deal with the costs of running a legitimate business, cybercriminals are making a lucrative trade off the back off them – and in many cases making more money than the SMEs themselves.

The whitepaper uncovered a number of well-paid deals, such as the sale of email addresses for whole regions for as much as £570, while crimeware-as-a-service tools can be rented out for $150 a day and credit card details with a good balance can be sold at £65 a card. But it is vulnerabilities that can rake in the real money for these underground tradesmen and an Apple iOS exploit was recently sold for over £160,000.

Gaining customer loyalty and competing with well-known trusted brands when running a business online is a challenge in itself for small business owners, so it is essential that they don’t get a reputation as a cybercrime facilitator. As such, it is important for small business owners to invest in the right level of protection so that it is not their own customers’ details that are traded online. Moreover SMEs need to make a habit of regularly checking their open forums and comment sections for these dodgy deals.

Cybercrime businesses feed off the vulnerability of others, so creating an atmosphere of alertness and security in the workplace will help to defeat them and their criminal-minded customers.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th