One of the biggest public relations nightmares a company can face is the theft of customer data for the purposes of fraud. This is especially true when the company is operating in a heavily regulated industry such as healthcare, insurance, or finance.
We have seen what widely publicized incidents can do to a company's reputation, shareholder value, and customer confidence. These incidents can also generate additional regulatory scrutiny. All of these impacts can and have shortened the careers of CEOs; Sony and Target are good examples.
FaaS has matured to the level of diversification and specialization. In the arena of cybercrime, groups have emerged into areas of specialization, with the top of the food chain acting as general contractors. According to Daniel Cohen, of the Online Threats Managed Services group at RSA:
As with any free market, suppliers and vendors must innovate to keep up with the needs of their customers. The dark market is no different. "Fraud-as-a-service" based offerings have become so commonplace, with everything from DDoS attacks and botnet rentals to stolen payment cards healthcare records, and social media accounts for sale in just a single click. And with the increasing demand and competition in the deep web, some cybercriminals are making customer service guarantees a key differentiator for their services with try-before-you-buy options and returns for "faulty" merchandise such as bad payment cards.
The demise of Carder Planet, Dark Market, and Silk Road I and II only represented a bump in the road, momentarily influencing the underground economy, but not stopping it. Like the mythical hydra, when the head is cut off, two grow to replace it. More recently an 18-month long investigation dubbed Operation Shrouded Horizon, led by the FBI, took down a site called Darkode. Members were accused of money laundering, conspiring to commit computer fraud, and wire fraud. A new iteration of the site was launched two weeks after the announcement of the arrests and indictments. Raj Samani, chief technology officer, EMEA, Intel Security believes:
The as a service nature of cybercrime tools products and services is one the main drivers behind the exponential rise in attacks, combining this with a perverse set of incentives where returns are high, and the risk is lower than physical crime it represents a major challenge for society in stemming the tide. What has been particularly noticeable is how fluid this economy has become, whilst the introduction of new services is no surprise, the sheer breadth of available data for sale is simply remarkable. With everything from PII, but also criminals selling direct access into compromised organisations.
Sign up for CIO Asia eNewsletters.