Crimeware-as-a-Service: Decoding the Underground Economy
In 2008, when the entire world was occupied with The Great Recession, the cyber security space was witnessing a new development. The initial reports on Crimeware-as-a-Service (CaaS) had started coming out. While on one hand the world economy was faltering and struggling to produce growth, quite opposite to that the underground economy had created a new business model. The criminals had started using online services instead of running their own servers and software. The business model is proving lucrative so far for those who offer cyber infrastructure to criminals and is living up to its name “The Next Big Thing”.
Crimeware is a type of computer programme or a set of programmes designed specifically to carry out online criminal activity. Usually Crimeware is distinguished from Spyware and Adware because of the difference in the intent of use. However, if these programmes are also used to carry out criminal activity, they can also be classified under Crimeware. Programmes mostly used include Malwares, Browser hijackers, Keyloggers, Ransomwares etc. Nowadays even Phishing Kits are available in the market which provide a broad set of tools to people who have little technical knowledge.
It is an underground business model in which cyber criminals use online services instead of running their own servers and software.The term was coined in 2008 by security firm Finjan. It was identified that criminals had started using online services instead of having to deal with the technical challenges of running their own servers, installing “crimeware” toolkits or compromising legitimate Web sites. Thus institutionalization of cyber crime had occured.
Crimeware-as-a-service (CaaS) has become a prominent component of the underground economy. It has provided a new dimension to cyber crime by making it more organized, automated, and accessible to criminals with limited technical skills. One of the most known CaaS model has been that of the Vawtrak; a banking malware botnet that is also known as NeverQuest and Snifula. According to a report released by security firm Sophos, Crimeware-as-a-Service has become extremely sophisticated over past few years. The report further says that the criminals who run Vawtrack have mastered and perfected their techniques, affording them the ability to adapt their attacks for specific targets. Additionally Cyber criminals and criminal organisations are getting better day by day at protecting themselves from law enforcement by using Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised, but only provides the infrastructure for it.
The websites which offer these services have perfected their business model to the extent that they offer wide range of services listed out on a “hacking menu”. The payment can be made either in dollars or bitcoins. An astonishing fact is that one can even hire a hacker for so called “small” and “medium-large” jobs. The emergence of CaaS has created an environment wherein it is not necessary for a person to know coding or hacking techniques to carry out any illegal activity. So anybody with limited knowledge but money can now carry out criminal activity. Thus, it has increased the user base of criminals by removing the knowledge barrier which previously used to exist and has emerged as “The Next Big Challenge” for the law enforcement agencies. Furthermore, the dark web where these services are offered is already a challenge for the security professionals. Taming this underground economy would require a massive effort on part of cyber security professionals and law enforcement agencies.