On Christmas Eve 2014, lots of people across the globe switched on their Xbox One and PlayStation 4 consoles, only to find that they could not connect to the Internet. Microsoft and Sony had been attacked. A hacker group named Lizard Squad boldly took responsibility for the breach. Worse, there was nothing extraordinary about this outage. Both the gaming giants have had such experiences in the past. But what was remarkable about this debacle was that Lizard Squad was offering its hacking service - in this case, a DDoS attack - commercially to anyone interested.
It wasn't the most popular trend then, but hacking groups had previously offered such services commercially. Still, until that point, this marketplace largely existed only on the Dark Web, a group of websites - many of which are illegal - that cannot be accessed easily by using popular Web browsers such as Google Chrome. Lizard Squad was, wittingly or not, about to change things.
"For quite a while, online criminals have been moving to service models," says Mikko Hypponen, Chief Research Officer at F-Secure. "We've seen it with DDoS attacks as a service, banking trojans as a service, and ransom trojans as a service among others."
What was once being operated behind the curtains - on Dark Web - is now being publicly marketed on popular platforms such Facebook, Twitter, and YouTube. One of the most popular available attacks is DDoS, in which a huge amount of 'fake' traffic is sent to a server, ultimately causing it to crash. A service, whose name has been withheld in the public interest, sells users toolkits that offer 125Gbps network capacity with 300 seconds boot time for as low as EUR 5 (roughly Rs. 380).
Earlier this month, an infamous spyware program called AlienSpy was found being openly sold to people as a malware-as-a-service platform. The malware in question, which affects Windows, OS X, Linux, and Android platforms, was first found in 2013, and has affected nearly 443,000 individuals and organisations around the world, a representative of security research firm Kaspersky told Gadgets 360 in an emailed response. Around 2,000 attackers are estimated to be using the tool. The people behind the program are making around $200,000 (approximately Rs. 1.3 crore) per year.
AlienSpy isn't the only malware that you can purchase and cause destruction with. A company called ReFud, for instance, offers malware attackers the ability to mutate their existing malware, so that anti-virus programs won't recognise - or detect - it. And these are broad examples, things that you might not have heard of.
Ransomware, a security attack in which a malicious program locks all your files, operates largely under the malware-as-a-service umbrella. For instance, a popular toolkit is cryptolocker/ cryptowall, and it is making victims cough up around $3,000 (approximately Rs. 2 lakh) to unlock their files.
In the past two years, we have seen a number of instances where cybercriminals have been found to be commercially offering such malicious services. There have also been cases of malicious services being offered under a subscription model - just as you pay for Netflix or Apple Music every month. The widespread use of such business models in the cybercrime world has opened doors to a range of new challenges for companies, security firms, and the users.
"Distributed Denial of Service (DDoS) attacks have been around for a while now, and each year they grow in size, number, and sophistication. We have also seen a rise in 'DDoS as a Service' groups," Vann Abernethy, a senior technical expert from enterprise security firm NSFOCUS IB told Gadgets 360.
With more people becoming aware of such malicious activities, we could soon have more than ever attackers trying their hands at this crime. "This further opens up the ability for criminals to execute these types of attacks," Abernethy added.
The ease with which these attacks are now available is making it simpler than ever for people to become aware of such services. And that's another issue. "The Adwind (or AlienSpy, or JSocket.org) and other similar platforms lowers significantly the minimum amount of professional knowledge required by a potential criminal looking to enter the area of cybercrime," Kaspersky representative said.
This growing trend among attackers is also creating new challenges for security firms. Many companies admit that it has now become more complex to catch the bad guys and take actions against them. "Tracking online criminals is getting harder and harder, partly due to technologies such as Tor and Bitcoin." said Hypponen.
"These are not evil by themselves, but criminals sure like to use them. Security companies are responding by creating new kind of protection technologies that are not relying on knowing what's 'bad'. They might just know what's 'normal' and work up from there," he added.
The other challenge is working across different jurisdictions. "Catching the average criminal is an extremely painful task as any legal action has to be cross-coordinated among jurisdictions and not all countries are eager to lend a helping hand combat cybercrime as long as its citizens are on the offending side rather than on the victim side," Bogdan Botezatu, Senior E-Threat Analyst, Bitdefender told Gadgets 360. "This is the case with Russia, where most of the financial cyber-crime gangs have operated during the past years without fear of prosecution."
Because of the nature of a DDoS attack, for instance, which distributes among hundreds, thousands, or tens of thousands of "bots," which could be spread across different geographies, it has become hard to find out the accurate point of origin of the attack. "The command and control (C&C) of these 'Botnets' is hard to track, based on this distributed nature," explains Abernethy.
"The good news is that the international community tends to cooperate well in running these folks to ground, and there have been some arrests made," he said. "But the fact that these attacks are not that difficult to execute and there is a wide proliferation of tools and services, means that they will continue to grow and we will see more and more of these services popping up."