For criminals who wish to carry out a malicious attack on a website, or an identity theft, but lack the IT skills to do so, there are people out there who will simply hack a computer for them if the price is right. Offering hacking-as-a-service, these cyber criminals facilitate outsourced cyber attacks, stealing sensitive data such as bank credentials, credit card data, and login details in exchange for cash.
Any small business owner can testify to the difficulty of getting noticed on the internet, and even a business that deals in the criminal underworld needs to gain customer awareness. Yet despite the obvious barriers, these illegal traders have built an entire ecosystem that relies on cybercrime to make a living - so how do they advertise their services?
These cybercrime traders are brazenly promoting their illegal services on open platforms – in particular the legitimate websites of SMEs. Whether offering customers the opportunity to review products, comment on articles, or discuss and share their ideas, live forums are a common feature on many websites, but the problem is that they are largely unmonitored by small business owners.
As such, cybercriminals have sensed an opportunity and not only are they stealing sensitive data from SMEs that do not protect themselves effectively, they are also relying on unrestricted SME websites to advertise their illegal services.
And this goes beyond open forums, as many small business owners that operate market places or open ecommerce sites are unaware that these illegal services are being sold and traded directly from their legitimate website.
This solves the problem of customer awareness for cybercrime traders, as a quick Google search of the relevant illegal services will take them straight to a post on the small business website. However this is obviously bad news for small business owners. While they believe they are running an honest online business, unbeknownst to them, they are facilitating an underground side-operation from their own company.
Genuine potential customers will be unaware that these posts are not supported by the website owners themselves and, after stumbling across these illicit adverts, are likely to lose trust in the company and take their custom elsewhere.
Black market, big money
Not only can such schemes lose SMEs money, but while small business owners are struggling to deal with the costs of running a legitimate business, cybercriminals are making a lucrative trade off the back off them – and in many cases making more money than the SMEs themselves.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.