Cyber-crooks turn to managed services

As with mainstream software providers, the creators and owners of crime-ware toolkits provide 'customers' with update mechanisms, along with sophisticated anti-forensic attack techniques.

They also offer the ability to manage and monitor malicious code affiliation networks.

Researchers at Finjan's Malicious Code Research Center warned that this model creates a new level of crime-ware by supplying an easy-to-use toolkit.

"We are seeing the rise of a new business model in the crime-ware toolkit market," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"Cyber-criminals and organisations are getting better at protecting themselves from law enforcement by using crime-ware services, especially since the operator does not necessarily conduct the criminal activities related to the data being compromised but only provides the infrastructure for it."

Cyber-criminals can now generate more targeted infections and deliver specialised crime-ware for specific geographical regions, according to Ben-Itzhak.

"Criminals are employing marketing and sales techniques to address the cyber-crime economy and ensure that the market they are after gets the proper localised 'product'," he said.

Finjan foresees the next phase in the commercialisation process as creating a service to get straight to the stolen data by providing the victim's data tailored to the criminal intention.

Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a crime-ware toolkit platform.

Copyright ©v3.co.uk

cybercrooksmanagedsecurityservicestoturn