As part of our Cyber Security Awareness Month series, we have so far explored data breaches and Business Email Compromise (BEC). These topics and tactics roll up into a more global discussion about the growing economy of cybercrime. We reported in 2015 that, as competition continues to rise in the underground marketplace, illicit operations are evolving and expanding services to offer “Cybercrime-as-a-Service” (CaaS). Let's take this opportunity to look into this business model, which continues to strengthen and grow in scope as threat vectors evolve.
Much like legitimate businesses, criminal enterprises invest aggressively in R&D and business development activities. What this means for consumers and organizations is that we must also invest time and resources in staying current on threat actor tactics and have a proactive approach to mitigating risks.
Leading CaaS supplier attributes closely resemble those of legitimate businesses, including:
- Emphasis on customer service
- Tutorials and training for users
- Value-added data (personally identifiable information documentation such as a driver’s license or a utility bill to enable authentication)
Vawtrak is one sophisticated cybercrime operation that has pioneered the way for CaaS in the underground. In a previous blog post, we reported shifts in Vawtrak’s tactics likely reflect a desire by the threat actors to remain relevant in the competitive cybercrime-as-a-service market by using DGA and code optimization to significantly lengthen the campaign’s persistence.
What Are They After?
Ever wonder what kind of data cybercriminals seek? Big data is the name of the game. They seek driver's license, social security, credit card, and insurance card data from consumers. Cybercriminals not only steal funds, personally identifiable information, credentials, bank account information, health records and more, but they also poach legitimate business tactics and strategies to bolster illicit operations. This information is then sold as value-added intelligence used to commit large-scale fraud or identity theft.
How Do They Get It?
Threat actors have many different tactics for stealing data. Phishing, spear phishing, BEC, and ransomware campaigns to name a few. Here's a report where we go more in depth on the latest updates to BEC attacks and it includes some examples of BEC targeted emails.
How to Fight Back
The techniques that cybercriminals use are constantly evolving, and they are going to greater lengths to commit fraud, compromise computers, and steal credentials. Phishing remains the top threat vector for cyberattacks. Exploiting the human vulnerability continues to be the most attractive and successful path for threat actors targeting the assets of organizations and individuals. For this reason, phishing is used prevalently across the adversary spectrum, from novice cybercriminals to advanced nation-state cyber operations.
For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy.
There's more to come next week on targeted attacks and the rising ransomware epidemic; sign up for our blog and receive alerts on our Security Awareness Month series. We will also enter you for a chance to win a #PhishRage t-shirt.