The Hidden Problem with Easy Cybercrime
Matthew Rosenquist
CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers
There was nothing shocking in a recent Computer Weekly article on the top UK cyber threats: Banking malware, DDoS, ransomware and CEO fraud. One quote did catch my eye. Mike Hulett, head of operations for the National Cyber Crime Unit was talking about how people get started in cybercrime.
“For just $10 of software, teens who would not otherwise commit a crime can set up a DDoS for hire business..."
Turn-Key Crime Online
Think about that for a moment.
Someone who would not otherwise be interested in committing a crime can easily start an online illegal enterprise that can target victims all over the globe. With next to nothing, they can begin down this path. The subsequent rewards are significant enough to keep them motivated to continue. Thieves don’t quit when they are making money. It all goes back to the Greed Principle.
In fact, we are seeing similarly low entry points for Ransomware-as-a-Service (RaaS), where culprits are basically using an established ransomware infrastructure and simply trying to get people to install a file or visit a malicious site. No technical or programming skills are needed. They just need to post or send emails with a malicious link or infected file. If they can lure unwary victims to click a URL or open a file, they have an opportunity to make money. The ransomware developer, which hosts all the back-end infrastructure, takes a percentage of the profits. The recently discovered Satan ransomware redirects 30% of the profits to the developer, while the criminal keeps the rest.
The Emerging Problem
This is a growing nuisance today, but you may not be seeing the long-term picture. Imagine 2 billion more people joining the Internet in the next few years. Many of the newcomers will be economically underprivileged. They will be hungry for ways to make a living, even if it is just a few dollars a day. With ransomware extortions in the hundreds of dollars, they don’t need to be successful very often.
Do you see an emerging threat now? Millions more people turning to crime when they are connected to the Internet. This will create a flood of attacks that target people all over the globe in creative ways. This problem is going to get worse for all of us. Much worse. The economics are just too compelling.
Interested in more? Follow me on Twitter (@Matt_Rosenquist), Steemit, and LinkedIn to hear insights and what is going on in cybersecurity. The Hidden Problem with Easy Cybercrime ...paradigm shift ahead.
CEO at Spying Solutions Inc
7yLet's start by the base. In any hacking forum you will always find "vps" for sale/rent cheap. Now those vps are mostly offshore,where they will build a botnet. The more victims infected with the botnet,the power of the DDOS will be. All their transactions are done via bitcoin to maintain anonymous. Whe you or your company fall victim of a ransomeware,it will give you intructions on where to aqucire bitcoins to make the payment to free your files. Sadly big percentage of victims will get the correct key after payment. Simple steps like baking up your data will save you trouble. Back up to a server/storage where malware don't have access.
English Language Teacher
7yI don't think young people will think it a crime if they ask someone for money for a service like unblocking a computer, they will consider this a crime. I think they would see it as a public service . And the blocking would of course be seen as a joke, a warning that their computer is not protected, they could be stealing everything but they don't. They give you the chance to learn from your mistake for a fee of course nobody should work for free.
DDoS for hire and Ransomware-as-a-Service are easily accessible and almost anyone can start down this path for next to nothing. This is a very real threat! Understanding that these criminals look for EASY targets is a very important realization that business owners need to make before it's too late.