Lucrative business: cybercrime-as-a-service
by Raj Samani - Vice President and CTO, EMEA, Intel Security - Monday, 19 August 2013.
With news of the struggling high street becoming a regular occurrence, it is not surprising that increasingly small businesses are seeking opportunities online.

However legitimate SMEs are not alone in realising the benefits of the internet for business success. Cybercriminals are business owners in their own right, operating on a highly professional level. What’s more, many are relying on the vulnerabilities of small business websites to run their illegal trade.

With the rise of cloud computing, small business owners are not just selling their goods and products online, but are increasingly selling their online services – giving rise to a number of ‘as-a-service’ businesses. While legitimate companies offer services such as ‘software-as-a-service’, ‘infrastructure-as-a-service’ and ‘platform-as-a-service’, this trend has fed down into illegal cyber trades. The accessibility of these illegal cyber trades however is of significant concern. With millions of email addresses available on commercial auction sites, to simple online searches providing access to DDOS services.


Many people wouldn’t know where to start when it comes to hacking a computer, but worryingly there are cybercriminals out there making a successful business out of selling the tools required to carry out an attack.

This ranges from selling developed code that enables amateur hackers to gain access to websites, to receiving payment for checking illegal files against a range of security software and revealing which security protection is vulnerable to an attack. These illicit business owners even offer translation services, so that criminals can scam victims in foreign countries.


For those who have the tools needed to launch an attack, but wish to know when is the right time to act, criminals offer services that alert hackers as soon as a computer application becomes vulnerable to an attack. This is called the zero-day vulnerability window.

Research-as-a-service also includes the sale of huge lists of email addresses that can be filtered based on geographic region, or even profession.


While the above three services make their money from selling their criminal skills, there is also a market for the rental of the equipment necessary for an attack. This can involve renting out a whole network of infected computers. Known as a botnet, these networks can be used for a number of services, such as sending spam, launching DoS attacks and distributing malware.

This also extends to the rental of platforms that enable attacks, such as mail relays that facilitate the sending of unsolicited email. What’s more, with some of these services there is even a helpful customer service chat window to help the would-be criminal with a technical questions they may have in carrying out their attack.


For criminals who wish to carry out a malicious attack on a website, or an identity theft, but lack the IT skills to do so, there are people out there who will simply hack a computer for them if the price is right. Offering hacking-as-a-service, these cyber criminals facilitate outsourced cyber attacks, stealing sensitive data such as bank credentials, credit card data, and login details in exchange for cash.

Cybercrime promoters

Any small business owner can testify to the difficulty of getting noticed on the internet, and even a business that deals in the criminal underworld needs to gain customer awareness. Yet despite the obvious barriers, these illegal traders have built an entire ecosystem that relies on cybercrime to make a living - so how do they advertise their services?


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th