The development of malware as a service is giving security firms, and the businesses they protect, an even harder battle.
The world of hacking and malware is always expanding and updating. Security practioners are in a never ending battle to keep up to date with the latest attacks, and close up newly discovered vulnerabilities.
Far from the cliched image of unwashed hackers cooped up in their basements, malware makers are becoming sleek corporations. Attacks nowadays require a variety of sophsticated developers and designers, in the same way that large, legitimate businesses do.
Catalin Cosoi, ?Chief security strategist at security firm Bitdefender explains:"We’ve seen malware makers organise into "cells" or "groups" that offer their services to the highest bidder. The underground market is filled with malware development teams, offering to develop custom malware for targeted attacks."
"Just as companies or corporations invest time and effort in offering products to customers that are tailored for their needs, malware development groups offer their services in pretty much the same way," he adds.
Jim Gumbley, a security expert at IT consultancy ThoughtWorks, agrees. "The evidence is that attackers are increasingly able to buy technical attack capability on secondary markets," he told CBR.
We are in the age of malware as a service, with attacks and viruses being sold, and built, to order.
Gumbley cites the example of "Big Bang Booter" which can bombard a website with traffic to bring it down, and can be bought with Bitcon. "Although almost certainly illegal in most territories," he said, "the service was offered for sale with a slick marketing video and even offered technical support."
These professionally marketed kits are helping mere novices carry out quite sophisticated attacks, which can easily be recycled. The Websense Security Labs 2015 report found that in 2014, 99.3% of malicious files used a Command and Control URL that has been used by one or more other malware samples before, and 98.2% of malware authors used a command and control that was found in five other types of malware,
It is a trend that businesses across various industries need to be aware of, says Gumbley:
"The outcomes for businesses could be chaotic as the market develops. Packaging attacks as a service means that the people with the intent to carry out an attack need less technical capability."
No surprise then that mobile malware increased three fold in the second quarter of this year, with valuable industries like finance a key target.
As data becomes increasingly valuable, the price for those who can capture it, and the tools they build, increases too.
"One of the reasons why the industrialisation of cybercrime is growing is that the demand for custom malware has been increasing, as the value of stolen private and confidential data has become highly sought after," says Casoi.
Malware as a service is then the latest development in bussineses’ battle against cybercrime, and it’s not going away any time soon.