Cybercrime as a Service

by Pierluigi Paganini
Oct. 7, 2017 0 comments INFOSEC Institute Pen Testing & Audits

Reading about cybercrime, it is very easy to find terms such as attacks-as-a-service, malware-as-a-service and fraud-as-s-Service, that are commonly used to describe the practice of facilitating illegal activities for cybercriminals through the provisioning of services. Security experts working for principal security firms have observed a radical change in the way cybercriminals monetize their activities; instead of earning directly from the sale of illegal products such as malware and exploit kits, the cybercriminals are evolving to respond to a demand in rapid and constant growth. Cybercriminals in fact offer everything necessary to arrange a cyber fraud or to conduct a cyber attack; the offer is very articulated and includes malicious code and also the infrastructure to control the spreading and operation of the malware (e.g., bullet-proof hosting or rental of compromised machines belonging to huge botnets).