Malware as a service, along with the affordability of spam botnets, is providing criminals with a low barrier of entry into the cybercrime space, a report from SecureWorks has said.
In 2017 State of Cybercrime: Exposing the threats techniques and markets that fuel the economy of cybercriminals, the SecureWorks Counter Threat Unit explained that less experienced hackers are able to purchase information-stealing malware for reasonably low prices, and, as a result, this has increased who can conduct malicious activity online.
"The internet underground is thriving with ready-to-purchase malware. In underground forums, inexperienced or less-skilled cybercriminals are able to purchase information-stealing malware for reasonably low prices, typically in the form of pre-compiled binaries or premium builder kits that enable attackers to custom configure their own binaries," the report explains.
Similarly, spam botnets, labelled the most frequently used method for the distribution of all "wares" by SecureWorks, are readily available for a low cost to budding cybercriminals.
"Today, cybercriminals can tap into large botnets to increase the spread of their spam exponentially, a product that can be thought of as 'spam as a service'," the report says.
As one example, the report says one large spam botnet known as Kelihos was charged at as little as $200 per million emails sent for pharmaceutical and counterfeit goods-type messages.
Personal information remains a popular commodity, SecureWorks said, with tested and verified credit card data available in some cases for as little as $10, and highly detailed personal information records also offered for as low as $10.
In total, the report details 11 key findings based on the company's research. However, in addition to the malware and ransomware explosion that was WannaCry and Petya, as well as the business email compromise (BEC) threat that accounted for $5 billion in losses globally between October 2013 and December 2016, SecureWorks highlighted that online crime is a market economy of its own.
The global financial toll of cybercrime is difficult to quantify, but pointing to a report from the US Federal Bureau of Investigation (FBI), SecureWorks said internet crime led to losses in excess of $1.3 billion [PDF] in 2016.
The report from SecureWorks labelled the online criminal landscape as one that is complex and composed of actors with a diverse range of capabilities.
As defined by SecureWorks, the underground internet is the collection of forums, digital shop fronts, and chat rooms that cybercriminals use to form alliances, trade tools, and techniques, and sell compromised data that can include banking details and personally identifiable information, as well as anything else.
However, SecureWorks concedes that the full extent of cybercrime is not visible solely through this window.
"Lucrative online criminality is run like a business, controlled by organised crime groups who are focused on minimising risk and maximising profit," the report says. "Such groups have considerable reach, will often be active in other areas of more traditional criminality, and, when necessary, will employ the services of other professional criminals who specialise in certain areas, such as moving money or goods around the world."
With money in tow, cybercrime organisations are often able to scoop up security talent before the good guys can employ them. This has created an underground job market that SecureWorks said mainly requires skills in malware writing, inject writing, data processing, network and sysadmin, and network exploitation, as well as vendors to perform exploit kit loading.
Money muling, where a "middleman" takes the data and passes it on -- knowingly or unknowingly -- to the cybercriminal, also continues to be a valuable component of the online criminal landscape, the report explained.
SecureWorks also said the perceived gap between criminality and nation states, in terms of both actors and capabilities, will continue to shrink, pointing to the $81 million Bangladesh heist -- and the criminals' links with North Korea -- as its example.