Cybercrime-as-a-service takes off

Powered by SC Magazine
 

Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, a security expert has said.

Speaking at the Vasco Banking Summit in Sydney yesterday, the company's technical account manager, Vlado Vajdic, told delegates that cyber crime was becoming so business-like that online offerings of malicious code often included support and maintenance services.

Additionally, he said, cybercrime outsourcing would become a key trend in 2009.

"It was inevitable that services would be sold to people who bought the malware toolkits but didn‘t know how to configure them," Vajdic said.

"Not only can you buy configuration as a service now, you can have the malware operated for you, too. We saw evidence of that this year."

"Investors get malware developers to write code for them and then get the writers to host and distribute it, too."

Vajdic showed delegates an email purported to be from a malware 'provider' offering hosted services for an extra $50 for three months.

Vasco's regional director for Pacific, India and Japan, Dan Dica, said company researchers buy the kits online and disassemble them to try to learn the secrets of their programming.

"The kits come with maintenance, support and a user guide," Dica said.

"For $400 you can become a hacker."

Vajdic said that toolkit creators increasingly appeared to apply commercial development techniques in their creation.

"There's evidence of solid software engineering practices being built into them," he said.

"Today's bad guy is a business person that attracts investment, has malware writers working under them and probably even employs a project manager. These people are high-flyers."

Vajdic also said that the malware writers often viewed themselves as being involved in a legitimate business.

"They say it is spyware or that it's for research purposes only and they can't control what you do with it," Vajdic said.


Cybercrime-as-a-service takes off
 
 
 
Top Stories
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 312

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 118

Vote