Cybercrime Has Gone Commercial (And It’s Easier Than Ever)

/in


CEO and Co-Founder of Egress.

What level of IT skills would you need to infiltrate an enterprise organization? Some might assume you’d require at least intermediate (or even expert) skills to hack a major business. But in reality, all someone needs is an internet-connected device, a few hundred dollars and to know the right place to look.

Recent threat intelligence research published by Egress shows that cybercrime has truly gone commercial — and it’s simpler than ever for a wannabe cybercriminal to get started.

Phishing-As-A-Service (PhaaS)

A modern business doesn’t specialize in everything. It borrows (and pays for) the expertise of others to handle a multitude of operations. For example, you might have software bought or leased from a third party to handle accounting, cybersecurity or digital communication. Modern cybercrime gangs specialize to sell their knowledge and skills in a similar way.

Within the phishing-as-a-service (PhaaS) industry, different vendors offer services to other cybercriminals who don’t share the same skills or experience. Some might specialize in open-source intelligence (OSINT) or creating initial breaches into organizations. Others might develop ransomware or create phishing email templates.

Buyers can browse online marketplaces, make requests for specific products and leave their Telegram handles for more information. Sellers offer their products complete with customer feedback and reviews, plus we’ve even seen Black Friday sales tactics aiming to sweeten deals. Many of these marketplaces are hosted on the dark web — but not all of them. If someone wants to, they can pretty easily find one.

Lowering The Cybercrime Skills Barrier

It’s possible to infiltrate a major organization with few (or no) hacking skills. Phishing is the perfect crime for inexperienced cybercriminals, as all the scammer needs to do is wait for an insider to click on a link in a phishing email and download malware or enter credentials into a spoofed website. And they don’t even need to create the email template or back-end code — everything they need for a hack can be purchased in a “phishing kit.”

Phishing kits are popular…

Source…