The next big thing? Crimeware-as-a-service

Summary:Finjan says Crimeware-as-a-Service (CaaS) is becoming an increasing problem and the ability of law enforcement to track malicious hackers will become increasingly hampered.On Monday, Finjan's Malicious Code Research Center (MCRC) released its first quarter Web security trends report (registration required) and highlighted CaaS.

Finjan says Crimeware-as-a-Service (CaaS) is becoming an increasing problem and the ability of law enforcement to track malicious hackers will become increasingly hampered.

On Monday, Finjan's Malicious Code Research Center (MCRC) released its first quarter Web security trends report (registration required) and highlighted CaaS. finjan's release is timed for the RSA security conference in San Francisco.

The gist: "Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites," says Finjan. In other words, it's point, click and hack.

What makes CaaS a big problem is that the service operators don't necessarily attack anything. These CaaS operators are basically arms dealers that provide customers with anti-forensic attack techniques and the ability to manage cod networks. Finjan has highlighted this trend before, but its report puts a little more meat on its research.

Finjan argues that CaaS is the latest phase in the commercialization of malicious hacking. Next up: A service for getting stolen data that tailors victims to criminal intent. Here's how Finjan sees the commericalization of information security crime developing.

crimeware1.png

Finjan in its report notes:

(Cybercrime commercialization) is no longer just the trading of data as we have seen in the past,where criminals would offer sensitive business data to the highest bidder, but providing a service that encapsulates the entire attack and infection process, and provides a distilled feed of data that is being harvested as part of the attack. It not only detaches the criminals from the actual work of exploiting and controlling the attacks, but also allows a bigger “market share” in the business of criminal activities on the web.

And here's a possible crimeware data trading scheme:

crimeware2.png

Finjan paints a glum law enforcement picture.

A service like this will also be the next logical step in terms of the technical development of Crimeware toolkits. Initially we have seen a simple aggregation of exploits, followed by some reporting capabilities. Next came automatic updates, support, and enhancements (such as integration of code-obfuscation and evasive anti-forensics techniques). Currently, we see the rise of the Crimeware-as-a-Service (CaaS) model in the Crimeware-toolkit market. It enables such a toolkit to gather the data from the victims and sort it according to some rough criteria for the users, since all the data and networking is already built-in and available for the criminals and attackers.

This development will further distant the criminals from the techies – a trend that we have seen evolving over the past couple of years. This trend will get a further boost with the catching on of the CaaS model. Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised. Although in theory such an operator could be prosecuted for hosting and operating malicious code (depending on the penal code in the respective country in which it is being prosecuted) the impact that the data itself could have on such a prosecution makes it quite academic.

Comforting eh?

Topics: Security, CXO

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.