All you have to do is type DDoS service in Google and the third or fourth item on the search list will lead you to a site selling denial of service attacks, says Raj Samani of McAfee

Who’s going to be the next cyber attacker your organization will be guarding against?

It could be a state-backed hacking group, a cyber syndicate or a cyber activist. But there’s also a good chance that it could even be a non-tech-savvy individual whose hacking skills are limited to downloading apps from the Web, according to Raj Samani, chief technology officer of McAfee Inc. for Europe, Middle East and Africa.

“It’s gotten to the point where any person, without any IT skills whatsoever, could simply purchase a distributed denial-of-service (DDoS) from Google and launch it against any target,” said Samani, who co-authored the whitepaper report Cybercrime Exposed: Cybercrime-as-a-Service with McAfee Labs senior research engineer Francois Paget. “When we were writing this paper, we knew it wasn’t new, but once we got started, we couldn’t believe the breadth of service available on the Web.”

“All you have to do is type DDoS service in Google and the third or fourth item on the search list will lead you to a site selling denial-of-service attacks,” he said.

RELATED CONTENT

Canada not so innocent in cybercrime
Allstream to lure customers with DDoS promotion

Among the services they found were being hawked on the Internet were:

  • Cybercrime-as-a-service: Includes identification and development of exploits and materials needed to carry out an attack
  • Research-as-a-service: Lets customers acquire from targets items such as intellectual property, email address and personal data
  • Cybercrime infrastructure-as-a-service: Development of a service than can support cybercrime operations ranging from sending out email spam to DoS attacs
  • Hacking-as-a-service: A one-stop-shop solution. Allows customers to outsource an entire attack, from research to infrastructure building to staging the attack

“These services are available to anyone with a credit card,” said Samani. And with the growing popularity of virtual currencies, the possibilities for anonymity has grown larger.

McAfee also found the underground market for exploit brokers continues to grow. While software vulnerabilities have been available commercially for years, brokering services have been doing pretty well lately.

For instance, Samani said, a recent Forbe’s article identifies a person known only as Grugg who acts as a middleman selling exploits to government agencies. The broker was able to sell an Apple iOS exploit for $250,000 and pocketed 15 per cent of the price.

Read the whole report here

 

Related Download
Cisco Secure Mobility Knowledge Hub Sponsor: Cisco
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.
Learn More
Share on LinkedIn Share with Google+ Comment on this article