Mention hacking and it’s hard not to imagine some edgy looking folks furiously typing aimlessly on a keyboard as green text fills a screen.

But cybercrime has evolved and these days one needs just a basic understanding of computers to cause trouble. This is thanks – in part – to the dark web and easy availability of cybercrime tools.

Want to execute a distributed denial of service (DDoS) attack? That will be $10 an hour. Want to access compromised PCs remotely? You can do that for $13 a month.

Much like other areas of tech, cybercrime is being sold as a service and companies should be aware of this says managing director of Credence Security, Simon Campbell-Young.

“Today’s cyber criminal doesn’t need to be a technical wizard. All he needs is a few hundred dollars and a computer. A recent report by Armor revealed that the dark market is riddled with tools and services that can be used to commit various attacks. For example, it costs as little as $10 an hour for a DDoS attack, and around $200 for spam for hire,” says Campbell-Young.

Having tools such as that available to anybody is dangerous because hacking – much like piracy – doesn’t feel like stealing given the distance between the attacker and the victim.

So why are experts such as Campbell-Young worried when cybercrime has always been a threat? The answer is sheer volume.

Where state-sponsored hackers have a particular target in mind, having the tools they use available for folks to use could put any company in the cross-hairs of a cybercriminal. It doesn’t even need to be a criminal, if somebody has a grudge against your firm they could pay somebody else that desperately needs the money to attack the firm.

And that’s before we even talk about the other stuff you can find on the dark web.

“You name it, the dark market has it for sale. Stolen credit cards and personal data, hacked social media profiles, airline reward points, even passports from foreign countries are freely available. Illegal businesses on the dark Web sell every possible tool of the trade, enabling anyone to launch a cyber attack,” explains Campbell-Young.

What is the solution then? Communication and best practice.

The MD says companies must engage with their peers to anticipate new threats and attack vectors adding that protective measures must be created as quickly as the bad-guys are creating tools and services. “It’s no good just monitoring the threat landscape, the industry needs to work together to anticipate the next moves,” concludes the MD.

Perhaps most concerning of all is that cybercrime is now as easy as clicking a button and investing a small amount for big returns.

We admire the entrepreneurial spirit of cybercriminals in 2018 but we do wish they’d focused their efforts on something a bit more constructive.

 

[Image – CC BY 2.0 Ivan David Gomez Arce]