Close this search box.

Ransomware is now cybercrime-as-a-service


The cybercrime-as-a-service economy is accelerating the volume and effectiveness of cyber attacks, according to new research.

“Ransomware moved from being a service to an economy,” said Mick Baccio, Global Security Strategist at Splunk. “When you look at the technical end of ransomware, it’s really kinda boring. But since it’s so easy to spin up, and with the addition of other services, it’s grown into a whole ecosystem. It’s getting faster, it’s getting more efficient. Ransomware operators are learning IT operations at the enterprise scale.”

And the enterprise isn’t just ransomware. It’s any kind of malware, any kind of attack. Need some personal information on high value targets? A botnet for a DDoS attack? Ever wish someone else would install malware on a bunch of machines and just turn over the keys so you could handle the extorting? There’s a dark web for all that, and the customer service just keeps getting better.

“These groups will sell you tools with outstanding ROI,” says Robert Pizzari, Splunk’s VP of security in the APAC region. “And if you have problems deploying the malware — maybe errors pop up because you’re dealing with a different type of operating system — their service levels are outstanding, according to dark forums I’ve been researching.”

“They have bug bounty programs,” Baccio says. “And they often pay better than the ones a lot of legitimate companies have worked hard to establish.” The result is a sad watering down of the formerly elite ranks of computer hackers, as pretty much any morally deficient amateur can buy the tools to, say, lock a hospital out of its network or blackmail a Fortune 1000 company with lax security controls. It used to take skill to be that supervillain.

And because cybercrime is becoming the fast food of the dark web, a lot more malefactors are going to be able to target a lot more organisations.

“And as much as automation is improving security, it’s also helping the bad guys,” notes Lily Lee. As senior manager of security solutions strategy, she helps customers with the complexities of securing hybrid, multicloud environments.

“Not only can a low-skilled adversary buy these tools, they can launch a bigger, broader attack with them.” It’s another reason to have automation in your SOC, she adds. “It’s the only way we can raise our game against the automation on their end.”

Splunk Distinguished Security Strategist Ryan Kovar says that two things are true in the face of this explosion of corporatised cybercrime. First, the old defences are still the best defences. “A lot of techniques that used to be very distinct are converging and overlapping now,” he says, “so if you’re doing your job well, you’re going to be defending against 85% of anything the bad guys would throw at you. You still need to defend against intrusion, against lateral movement, against execution and malicious code on your systems, and against exfiltration of information.”

Research from Splunk’s 2022 State of Security report found that, globally, 79 per cent of organisations have experienced ransomware attacks; and 35 per cent — or nearly half of the victim cohort — said an attack led them to lose access to data and systems.

Among victims, only 33 per cent restored from backup and refused to pay the attackers. The other 66 per cent said that either the organisation (in 39 per cent of cases) or their insurance company (27 per cent paid the crooks. On average, respondents said that the largest ransom their organisation paid was about $347,000.

“A lot of our research shows that attackers are in the network for days, doing things using traditional tools like trojans, PowerShell, CobaltStrike, move, del, all the sort of tools normally used by any cyber criminal or APT actor, but, at the very end, ransomware operators downloaded a ransomware binary and locked everything up,” said Global Security Strategist Mick Baccio.

“And it’s not just ransomware anymore. Hack-for-hire groups like we’re seeing around the world are brazen in their offerings it’s not just encrypting the target’s files for money. It’s whatever flavour of cybercrime you want to hire. Cybercrime as a service.”

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

UK businesses see boosting connectivity as integral to growth

Study reveals a great opportunity for alternative network providers (AltNets) to meet growing demand for ...

Germany Energy Efficiency Act demonstrates importance of data centre supply chain collaboration

Following the signing into law of Germany’s Energy Efficiency Act (EnEfG), energy solutions specialist Aggreko ...

Systemair look to Infor’s cloud solution to deliver more sustainable products

Systemair is moving its core business system to Infor CloudSuite Manufacturing, aiming at smoother integration ...
Data Centre

Vertiv collaborates with Intel on liquid cooled solution

Vertiv is collaborating with Intel to provide a liquid cooling solution that will support the ...