As part of our Cyber Security Awareness Month series, we have so far explored data breaches and Business Email Compromise (BEC). These topics and tactics roll up into a more global discussion about the growing economy of cybercrime. We reported in 2015 that, as competition continues to rise in the underground marketplace, illicit operations are evolving and expanding services to offer “Cybercrime-as-a-Service” (CaaS). Let's take this opportunity to look into this business model, which continues to strengthen and grow in scope as threat vectors evolve.
True to form, cybercriminals not only stole funds, personally identifiable information, credentials, bank account information , health records and more in 2014 but they also poached legitimate business tactics and strategies to bolster illicit operations. In a recent interview with Dell SecureWorks’ David Shear, BankInfoSecurity’s, Tracy Kitten uncovers trends in the underground cybercrime market. Most notable is the growing trend of “Cybercrime-as-a-Service” or (CaaS).
In 2015, we can expect to see a continued increase in the number of underground operations offering full-service cybercrime. Just as in any marketplace, competition continues to rise in the underground resulting in the constant evolution of services and new features. Some key attributes of leading suppliers of CaaS closely resemble those of a valid business, including:
- Superior customer service
- Tutorials and training
- Satisfaction guaranteed
- Value-added data (personally identifiable information documentation such as a driver’s license or a utility bill to enable authentication)
- Reputation for delivering quality services