Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, August 20, 2013

Cybercrime-as-a-Service, the rise of hacking services

With the term attack-as-a-service model is indicated the practice to outsource all the phases of an attack to specialists instead to rent tools and architecture to conduct personally the illegal activities (Malware-as-a-Service). The model on sale for service is very attractive, hackers analyze in a first phase the target for a very cheap price (5$) and only in the presence of vulnerabilities they hack it for a price nearly 50$, of course for large architectures to attack the prices soar from $1000 to 50000. This type of hacking services is an example of unethically pen-testing activity, the criminals seem to not use any automated tool neither Google services to discover vulnerabilities, another singularity is that they do not operate against website and service of their country, a habit already seen in the sale of Kins and Zeus malware.


The service doesn’t utilize Google for finding vulnerable Web sites on a mass scale, instead it allows the cybercriminal to manually enter the Web site about to get unethically pen-tested. Even if the service cannot automatically hack into the Web site (based on what the service claims are private techniques for exploitation) the specially displayed output is supposed to increase the probability for a successful compromise

At the moment the impact of the specific service is limited due its actual inability cause widespread damage but the availability of a huge quantity of tools and hacking services represents an alarming reality that is causing a sensible increase in blended, automated attacks.

The same Danchev already profiled other DIY tools such as Google Dorks Web site exploitation tools, brute forcing applications and stealth Apache module for backdoor distribution, the greater the number of these tools on the market and the greater the number of cyber criminals who provide for the complete outsourcing of attacks.

According last McAfee report “Cybercrime-as-a-Service” security experts observed a sensible increase for attack-as-a-service proposal, the study profiled as example Password cracking services and Denial-of-services.

“If the budget allows, a budding cybercriminal can skip the process of conducting research, building appropriate tools, and developing an infrastructure to launch a cyberattack by choosing a service that will outsource the entire process.” the report states.


Posted on 08/20