Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Rise of as-a-service lowers bar for cybercriminals

Kacy Zurkus | Feb. 15, 2017
Criminal market changes with as-a-service offerings via exploit kits

"Exploit kits and automated attacks, offering fully functioning RaaS, pay someone to conduct a ransomware campaign and they do profit sharing. If you can outsource this fast paced concept as an attacker, that’s pretty innovative,"  Simkin said.

Since they can access lots of resources in an easier way, there is a higher volume of attacks. Simkin said, "From the defender perspective, they are looking at more data and more alerts and more things that they have to parse through and decide what to take action on."

That's why prevention is making a comeback. Returning to the days of focusing on prevention rather than detection and response, said Simkin, should be the first approach.

"It’s all about prevention, having the right systems and policies in place so that they are getting leverage from the things they deploy, not the people they throw at it. They have to be thinking about the prevention-first approach, from end to end," Simkin said.

Given that attackers are lowering the bar, Simkin said, "Let's raise the bar for the security industry. We have a shared interest in sharing intelligence. It's better for the community as a whole."

The continued rise of as-a-service availability is not going to stop, said Simkin, "Over the next 12 to 24 months we are going to see all of the as-a-services increase. As an organization, their approach needs to be about prevention and how do they support prevention."

Because these services have been so successful, said Greg Martin, CEO of JASK, "Security teams now have a smaller number of threats to keep up with. The market has moved to less than 10 of these providers. There's a smaller amount of malware overall but a volume increase."

Even though these exploit kits are not delivering government grade malware, it’s still very dangerous because it's basically a tunnel into their network, said Martin.

A lot of these guys sell access to the machines they are able to compromise. Martin said, "They will advertise on the dark web, and someone from Russia or China can just buy that access for $5, $10, $20. The price is so low because of time to detection."

AI holds promise as a solution to the increased volume of attacks. "How do we take the best humans in the game and teach a machine to function at 30 percent of what our best analysts can do? A machine doesn’t need sleep. Humans can’t get through it all because it’s so much, so they need to shift more to automation just like the attackers have," Martin said.

Martin echoed the idea that intelligence sharing will benefit the community. "It takes a village to protect yourself. They need to get out of their silos and share information, collaborating through ISAC organizations or intelligence communities because they want to know when that next version of malware comes out and what it supports," Martin said. 

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.