Mayhem as a Service: The New Hacker Economy

The advent of role specialization was a turning point in the history of the modern economy. Previously, you were responsible for taking care of most of your own needs. Eventually, someone realized that they were terrible at growing plants but an excellent carpenter. As a result, they began building and selling their products to others in exchange for the food and goods that they didn’t produce themselves.

In recent years, cybercriminals have followed the example of legitimate industry. Instead of working only to further their own goals, hackers now offer different types of attacks “as a service”. For a little bit of money, anyone who knows where to look can rent everything that they need to launch a Distributed Denial of Service (DDoS) attack or infect their rivals with ransomware.

The Service-Based Hacker Economy

The industrialization and role specialization of the hacker economy manifests itself in a few different ways. Some “services” like DDoS attacks and ransomware toolkits are available to the end consumer. Others are mainly internal to the cybercrime industry, allowing hackers to more efficiently launch their own attacks and offer their own services.

DDoS As a Service

An increase in Distributed Denial of Service (DDoS) attacks is one of the biggest effects of the service-based hacker economy. In the past, skilled hackers might have built and used botnets to launch DDoS attacks to further their own agendas. In the modern cybercrime economy, DDoS botnets are available to anyone willing to pay the (very low) price.

If you want to use a botnet to perform a DDoS attack, hackers are happy to provide. A cloud-based botnet costs a hacker about $7 per hour to operate, and they fetch a nice profit by reselling these capabilities to their customers for around $25 an hour. Discounts are often available for extended rentals (a day or more) as well. As a result, the ability to perform a DDoS attack at an enterprise scale is well within the reach of the average consumer.

As the potential target of a DDoS attack, this innovation in cybercrime is hardly a good thing. Even the loss of a company website for an hour can mean lost customers and sales. With the lowered difficulty of launching an attack, even smaller organizations are at risk from disgruntled employees or customers.

Ransomware as a Service

Ransomware was the poster child of malware in 2017. The WannaCry and NotPetya epidemics demonstrated the threat that crypto malware can pose to individuals and organizations. While a large-scale ransomware epidemic has not happened since 2017, it definitely still poses a significant threat.

Like DDoS as a Service, Ransomware as a Service (RaaS) has lowered the bar for individuals wanting to launch a ransomware attack at scale against an organization. Many different ransomware variants are available for purchase on the black market, giving the discerning buyer many options and driving down the cost of launching an attack. As a result, a ransomware kit capable of crippling an unprepared organization can be acquired for as low as $38.

Preparing for a potential ransomware attack requires a two-pronged approach. Preventative measures like an antivirus or intrusion detection system can help block known attacks but may be defeated by new, unknown variants. True preparation for a ransomware attack requires accepting that it may occur and being prepared to restore normal operations afterwards. For this, a data backup system capable of frequently and automatically saving the state of all systems in your network and protecting these backups against infection (i.e. not an external hard drive of network file server) can be what saves your business from a ransomware attack.

Behind the scenes

Remember when phishing emails were badly spelled scams trying to get you to help a Nigerian prince move his money to the US? In the modern world, phishing scams have become much more sophisticated. Some of this change is because organized crime has seen the profit in the space and moved in, and some is due to role specialization in the hacker economy.

In the past, hackers needed to be a jack of all trades. To run a successful phishing scam, you needed to craft the email, collect a list of target email addresses, operate the mail servers, have a method to make and clean the money from gullible recipients, and provide customer service for recipients who want to help out but don’t have the technical know-how.

In the modern world, cybercriminals have become specialized. Some hackers collect and sell lists of verified email addresses while others are professionals at turning the dirty money or gift cards stolen through the hack into clean, untraceable profit for the attacker. While an outsider can rent these services to launch an attack (again lowering the bar), the main effect is making hacking at scale easier, more efficient, and more profitable for cybercriminals.

Protecting yourself in the new world of hacking

The increased industrialization and role specialization of the cybercrime economy has made large-scale attacks easier to launch and accessible to the average consumer. For less than $40, it’s possible to rent an hour of a large scale DDoS attack or a ransomware toolkit. Organizations need to identify the ways that they can be impacted by these attacks and develop and deploy the proper tools to prevent and mitigate these attacks.