In the field of cybersecurity, cybercrime services have become a concerning factor. As tech-savvy cybercriminals have established entire business models for a profitable revenue stream, investment in Cybercrime-as-a-Service (CaaS) is skyrocketing.
Researchers from Rapid7’s IntSights discovered that unauthorised access to compromised enterprise networks by cybercriminals is being sold for up to $10,000 on the black market.
Between September 2019 and May 2021, they analyzed 46 samples for network access on underground forums and discovered that the average price was around $9,640 and the median price was around $3,000.
Threat Actors
Hardknocklife, a Russian-speaking threat actor, auctioned off RDP access to a U.S. hospital’s network for $500 and $5,000 in September 2020. Patient records containing birthdates, social security numbers, and other information were eventually obtained as a result of the unauthorized access.
Another Russian-speaking TrueFighter cybercriminal, for example, made $60 after selling the information of an American hospital.
Ransomware gangs are seeking for ways to redirect their income into CaaS business models as ransomware-as-a-service gains traction in underground markets.
The BlackMatter ransomware gang has recently demonstrated its readiness to pay anywhere between $3,000 and $100,000 to gain access to networks in the United States, Canada, Australia, and the United Kingdom.
The group was serious about their mission, so they deposited four bitcoins ($120,000) in Exile hacking forum’s cryptocurrency wallet.
Concerns
Aside from the burgeoning selling of network access, underground marketplaces are seeing the introduction of new attack techniques and channels that can be utilised for various malicious purposes.
Researchers from Group-IB found the Prometheus Traffic Distribution System (TDS), a new cybercrime service that enabled attackers spread malware strains like Campo Loader, QBot, IcedID, Buer Loader, and SocGholish.
It was being advertised on cybercrime forums for $30 for two days of access or $250 for a month’s worth of access.
In a separate event, an anonymous hacker offered a proof-of-concept for a novel technology that might allow cybercriminals to run malware on GPUs for sale.
Conclusion
Cybercrime campaigns have grown easier to launch than ever before, due to new exploits, cybercrime tools, and attack techniques that are readily available to attackers. Some of the defensive strategies to minimize the risks associated with the CaaS paradigm include early detection of attacks and rapid sharing of information to detect them.