A Look Inside the Cybercrime-as-a-Service Industry

There’s a skills-gap and specialist shortage in the cybercrime industry. You read that correctly. Cybercriminals are looking for new recruits to fill positions in the rapidly growing cybercrime as a service (CaaS) industry. Although it sounds like something out of a low-budget science fiction flick, CaaS is very real and thriving.

What Is Cybercrime as a Service?

Coding and technical skills used to be a requirement for those who wanted to hack, attack, or simply snoop around locked down systems. Nowadays, a buffet of cybercrime services is available for anyone and any organization with the budget to buy them. And business is hopping. A quick search brings up headline after headline relating to global cybercrime rings and their associated FBI and Europol arrests. What’s available on today’s cybercrime menu?

Commonly Purchased Cybercrime Services

It doesn’t take much searching to find a cybercrime service provider. Common services cover a wide range of cybercriminal activity:

  • Malware and ransomware toolkits that automate attacks
  • Fake debit cards that enable unlimited ATM withdrawals
  • Rental of servers to be used for malware attacks
  • Bitcoin cleaning so that authorities can’t trace them
  • Booster/stresser services that sell Distributed Denial of Service (DDoS) attacks on-demand

And that’s just the tip of the dark iceberg. “Some ransomware gangs have even set up ‘customer care centers’ to field ransomware victims’ inquires,” according to Data Breach Today. These helpful folks guide victims through the process of bitcoin procurement to pay the ransom necessary to unlock a compromised computer or network. In this ominous threatscape of paid attackers, what can your company do to protect your systems and data?

Staying Ahead of the CaaS Game

In the face of the growing cybercrime service industry, vigilance remains the key to maintaining a strong security posture. Companies need to maintain a defense-in-depth approach that takes into account the speed and relentless nature of today’s attacks, constantly assessing for security gaps and points of weakness. Through investments like ongoing security training for all employees and third-party penetration testing, companies are better capable of fighting off the hired guns.