HOME
NEWS

Distributed Cybercrime-Attack the World


By VARINDIA - 2017-03-31
Distributed Cybercrime-Attack the World

How business model innovation has changed the game of cybercrime and turned it into a multi-million-dollar dark industry

 

Ransomware and banking Trojans dominate the cybercrime mainstream today, and their technical operations are heavily analyzed. But little attention has been given the business model which plays a large role in dictating their behavior, targets and tactics.

 

A revolutionary concept in cybercrime is what I call "distributed cybercrime," a business model in which cybercriminals attack many victims in the same campaign. Like many other inventions now common in modern life, distributed cybercrime may seem trivial today. But this concept emerged little more than a decade ago and has already dominated the threat landscape.

 

Improved ROI and the support of a newly erected “dark industry” has made distributed cybercrime the hottest trend in cybercrime. Most of the professional cybercriminal groups today develop malware with a distributed business model, then use professional platforms, distribution services and infection experts to attack the world. They don’t know who their victims are nor do they care. They’re not looking to get points on style. They’re just businessmen who built the perfect, automated money-making machine.

 

6 Reasons Why Cybercriminals Love the New Business Model

 

Beginning in 2006, innovations in malware, banking Trojans and ransomware created a new type of business model for cybercriminals: rather than concentrating all their efforts on penetrating high-quality targets, they can steal small amounts of money from numerous victims.

The business model of distributed cybercrime has made some attackers multi-millionaires in a short amount of time due to its many business benefits:

 

** Attacks require less effort as they target “low-hanging fruit” (i.e., individuals or organizations with sub-par security)

 

** Attack skill level is low compared to techniques such as spear-phishing – regular ol’ phishing is good enough for weak targets

 

** Highly coveted zero-day vulnerabilities are no longer required for profitable attacks – mainstream CVE vulnerabilities with known exploits and existing patches will do, as many victims don't patch regularly

 

** Any standard endpoint is a potential source of revenue, making lateral movement toward the crown jewels irrelevant

 

** When you attack the world, the sky is the limit – the amount of potential revenues is endless

 

** Less effort and more profit means better ROI

 

Mass Distribution, Victim Profiling and Outsourcing

The new business model presented new challenges for cybercriminals. If you want to become filthy rich through distributed cybercrime, you can’t just attack 100 victims – you need to attack hundreds of thousands of victims. This drove professional cybercriminals to build mass-distribution platforms to spread their malware and automated-infection systems to exploit victims’ machines and run the malware.

 

But quantity of traffic is not enough. Victims must fit a desirable profile. Cybercriminals want to avoid targeting low-income victims with ransomware as they’re probably less able to pay the ransom, and the ransomware’s language should match the victims’ language to ensure instructions on purchasing bitcoin and paying the ransom are understood. Mass distribution experts and traffic dealers offer their shady customers this very type of targeted services.

 

In addition to victim-specific traffic, infection services are also up for sale (or more commonly, for rent). Rather than coming up with new or unique exploits, pre-packaged exploit kits are readily available to launch the attack of your choosing. These kits supply the distribution and traffic services mentioned above, use the best exploit available to infect victims’ machines and, if successful, run the customer’s malware. The exploit kit method essentially outsources distribution and infection to reliable, high-quality service providers at an affordable price.

 

Where Have All the Targeted Attackers Gone?

 

You may ask yourself: what happened to targeted attacks? The answer: absolutely nothing (and thank you for asking). In fact, targeted attacks today are easier than ever, as demonstrated by cyber attackers who do care about the identity of their victims (like nation-states). Targeted attacks did not disappear - they’ve only been eclipsed by the attractiveness of the ROI of distributed attacks. Only when the profitability of targeted attacks can compete with the distributed cybercrime business model will we see their rise to prevalence again.

 

There are initial signs that cybercriminals are testing targeted attacks with malware more commonly used for distributed attacks, as evidenced by recent ransomware attacks on high-quality targets such as hospitals and hotels. The problem comes back to ROI: while cybercriminals demanded up to $5M ransom from one victim, the highest ransom paid by a single victim (as far as we know) was a meager $28K.

 

The Next Big Thing

 

What’s next for the innovative cybercriminal? My prediction: a hybrid business model with tailored ransom pricing. Imagine a mass-distribution platform doling out ransomware on a global scale that, when executed, will assess the victim’s environment. If that environment is a consumer’s machine, the calculated ransom will be relatively low; if it’s an enterprise network, considerably higher; if it’s critical infrastructure, astronomical.

 

Whatever the next big thing is in cybercrime, you can be sure it will be driven by ROI – nothing dictates the dark industry more than these three simple letters.

 

Tal Sheffer
CTO, Skybox Security

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA