Cybercriminals compete through customer support and guarantees
Hacking was once the domain of extremely tech-savvy experts, but in recent years it has evolved into a diverse market complete with industry verticals, specialisations and intense competition that sees groups who aren’t willing to adapt fall by the wayside as more dynamic services take their place.
The rise of user-friendly viruses and exploit kits are so simple almost anyone could use them, and Business Insider reports that this has resulted in a kind of customer service war among cybercriminals. Malicious actors compete to offer better support, quicker response times and even money-back guarantees for illegal activities.
As noted by Business Insider, one of the first market segments to offer cybercrime support were the carders — criminals who steal and sell credit card information and the attached personal data. It started around 15 years ago with a major crackdown on carding services, which in turn opened the market for smaller, startup offerings.
To differentiate themselves, cybercriminals offered card testing through charity donations along with money-back guarantees if cards didn’t work as advertised. The idea quickly spread to other attack verticals such as ransomware and even marketplaces like AlphaBay.
For example, ransomware creator Jeiphoos, who developed the Encryptor ransomware-as-a-service (RaaS) — inserted a comment and feature request box in his malware package and has since implemented a number of customer suggestions to improve the offering.
AlphaBay, meanwhile, now includes the same kind of reviews and ratings system users would expect to see on Amazon or eBay. In what could be described as a bizarre parody, one AlphaBay patron filed a scam report when the two packages of flour he ordered didn’t contain a Beretta pistol.
Attackers are also offering ongoing support for their products, and some even provide setup services for a small fee, meaning that anyone who accesses the Dark Web and spends a little cash can call themselves a hacker or a cybercriminal.
There’s no ceiling predicted for this market any time soon. Time reported that Hyatt Hotels recently discovered a payment processing virus on its system that could result in millions of customer cards being compromised.
NBC News has a roundup of cyber predictions for 2016. From hacktivism to increased use of ransomware and the threat of a hackable Internet of Things (IoT), there are plenty of sales vectors left for malicious actors to fill and subsequently support. In short, we should expect an increase in criminal activities as the cybercriminal market works to enhance the customer experience.
All this shows that the criminal mastermind responsible for the next major breach or DDoS attack may not be a tech genius or high profile malware writer, but could in fact be a disgruntled employee with a little cash. Hacking has transformed itself from a niche market shrouded in secrecy and mystique to just another e-commerce venture, with its own supply of scams and bad sellers.
The good news is that more exploits, kits and other malware in the hands of novices will mean more data for security experts to analyse, while the focus on customer service over discreet code exchanges makes supportive cybercriminals easier to catch in the act.
Source: IBM Security blog