The cybercrime industry in today’s landscape has evolved into a highly sophisticated and organized form with a legit business model. Just like the other as-a-service business models, Cybercrime-as-a-Service has become a booming business.
Cybercrime has evolved into a complex and highly organized business with an organized hierarchy, including business leaders, developers, and hired money launderers. Organized cybercrime has enabled malicious actors to strengthen their capabilities to execute full-blown cyber-attacks to accomplish their malicious intent. It has become crucial for CISOs to understand the dynamics of the current threat landscape to develop a cyber-security posture and tech stack to keep their IT infrastructure secure from various sophisticated threats and risks.
“The bad guys are getting in no matter what you do. It’s a matter of when; not if. Make sure you are following one of the security frameworks, such as NIST or CIS. All of the cybercrime-as-a-service can enable hackers’ lateral movement inside your network, so enterprises need to make it as difficult as possible for bad actors to get around your network,” says Todd Dekkinga, CISO at Zluri.
Ransomware, malware, phishing, DDoS extortion, and zero-day exploit kits are their best sellers
Exploit, phishing, ransomware, and DDoS extortion kits are one of the top sellers on most underground networks. These kits offer unskilled cybercriminals with restricted access to advanced technologies to infiltrate secured global business networks of large enterprises. Many cybercriminals prefer ransomware and distributed denial of service (DDoS) extortion approaches because they can be monetized easily.
Organizations have a perception that there are many highly skilled teams of developers behind programming sophisticated ransomware and malware codes. However, the reality is with easy access to cybercrime-as-a-service, many cybercriminals do not even have to write their codes as the market is flooded with many Ransomware-as-a-service (RaaS), Malware-as-a-service (MaaS), and Phishing-as-a-Service providers that have strengthened the capabilities of malicious actors to accomplish full-blown cyber-attacks that are profitable.
These providers even distribute the malware in the business network and help them move laterally in the organization. The top cybercrime-as-a-service providers have become a one-stop shop for cybercriminals to shop for all the required tools and infrastructure they need. Ransomware is one of the most profitable ways of the malware-as-a-service industry that rakes trillions of dollars for these cyber criminals.
A recent report by Zscaler titled “2022 ThreatLabz State of Ransomware Report” suggest that compared to the previous year, the ransomware attacks have nearly increased by 80% between February 2021 and March 2022. It has marked new records in terms of both the volume of attacks and the cost of damages it incurred on businesses. Another business model the cybercriminal are profiting from is the Cybercrime Infrastructure-as-a-Service. Cybercriminals can leverage bullet-proof hosting servers and botnet rentals to get temporary access to networks of compromised computers to distribute DDoS attacks or distribute spam on the entire business network. Here are a few ways that CISOs consider to combat the evolving threat of the cybercrime-as-a-service industry:
Security awareness training
As hybrid or remote work has become the new normal, it has exposed the business network to various vulnerabilities and threats. Phishing has become one of the most common strategies ransomware threat actors leverage to infiltrate the business network. Cybercrime-as-a-service providers make the phishing attack so convincing that make employees are likely to fall prey to their phishing tricks. Enterprises that do not have cyber security awareness programs implemented can have catastrophic outcomes. With the easy availability of phishing kits, these attacks have become more rampant than organizations have faced in the past. The theme for the cybersecurity awareness month is ‘see yourself in cyber,’ which demonstrates that people are key to securing the IT infrastructure; because they can act as an effective defense shield.
Enterprises can Minimize the Ransomware-as-a-Service and other Malware-as-a-Service risks by investing in strong, resilient defensive cybersecurity tech stack and efficient security measures to protect themselves from trouble. Enterprises that aim to combat ransomware-as-a-service need to combat phishing first. Organizations that have successful cybersecurity awareness programs with stringent governance policies, anti-phishing tools, and control are able to reduce the impact of ransomware and other threats. Enterprises can conduct quarterly security awareness training sessions to keep all users in the business network to be up to date with the latest threats and what to look out for. Phishing/smishing is almost indistinguishable now, so everyone has to be vigilant not only to protect the company but also to secure personal data and devices as well.
Limit cybercriminals from moving Laterally in the network
Bad actors have many routes to break into networks, including phishing and other methods. Once they get access to a compromised system in the business network, they move laterally into the organization to get access to privileged user accounts.
“Apply multi-factor authentication for every app and every point of access to your network. Moreover, it is also crucial to Turn off any unnecessary ports/protocols that organizations are not using to micro-segment the primary assets,” adds Todd.
CISOs should take steps to protect the entire internal network, just like securing their perimeter. SecOps teams can also apply zero trust principles internally, including MFA, to all applications, including Remote Desktop Protocol (RDP) and Secure Shell (SSH).
Enforce an effective Risk posture management approach
CISOs should consider developing effective risk posture management strategies as one of their top priorities to combat the threats raised by the sophisticated cybercrime-as-service industry. This involves covering the basics and beyond, including applying Multi-Factor Authentication (MFA) everywhere possible to limit the attack surface, reviewing app access on a regular basis, keeping an accurate inventory of assets, and constantly scanning the business network for vulnerabilities. CISOs should consider prioritizing risk based on its potential impact on the business flows. Implementing automated cybersecurity tools will enable enterprises to identify and mitigate threats faster.