Cybercrime-as-a-service on the rise: McAfee

Who’s going to be the next cyber attacker your organization will be guarding against?

It could be a state-backed hacking group, a cyber syndicate or a cyber activist. But there’s also a good chance that it could even be a non-tech-savvy individual whose hacking skills are limited to downloading apps from the Web, according to Raj Samani, chief technology officer of McAfee Inc. for Europe, Middle East and Africa.

“It’s gotten to the point where any person, without any IT skills whatsoever, could simply purchase a distributed denial-of-service (DDoS) from Google and launch it against any target,” said Samani, who co-authored the whitepaper report Cybercrime Exposed: Cybercrime-as-a-Service with McAfee Labs senior research engineer Francois Paget. “When we were writing this paper, we knew it wasn’t new, but once we got started, we couldn’t believe the breadth of service available on the Web.”

“All you have to do is type DDoS service in Google and the third or fourth item on the search list will lead you to a site selling denial-of-service attacks,” he said.


Canada not so innocent in cybercrime
Allstream to lure customers with DDoS promotion

Among the services they found were being hawked on the Internet were:

  • Cybercrime-as-a-service: Includes identification and development of exploits and materials needed to carry out an attack
  • Research-as-a-service: Lets customers acquire from targets items such as intellectual property, email address and personal data
  • Cybercrime infrastructure-as-a-service: Development of a service than can support cybercrime operations ranging from sending out email spam to DoS attacs
  • Hacking-as-a-service: A one-stop-shop solution. Allows customers to outsource an entire attack, from research to infrastructure building to staging the attack

“These services are available to anyone with a credit card,” said Samani. And with the growing popularity of virtual currencies, the possibilities for anonymity has grown larger.

McAfee also found the underground market for exploit brokers continues to grow. While software vulnerabilities have been available commercially for years, brokering services have been doing pretty well lately.

For instance, Samani said, a recent Forbe’s article identifies a person known only as Grugg who acts as a middleman selling exploits to government agencies. The broker was able to sell an Apple iOS exploit for $250,000 and pocketed 15 per cent of the price.

Read the whole report here


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now