Previously, to carry out a cyber attack it was necessary technical knowledge in technology, software development, networks and especially information security. Nonetheless, the “as a Service” business model, that is, one that offers a service based on a subscription (health insurance, insurance, streaming, among others), that has always existed on the dark web, has now been identified more and more frequently on the shallow internet.
According to Banco Bradesco’s information security coordinator, Leandro da Silva Ludwig, cybercriminals are organizing themselves in such a professional manner that even “mission, vision and values” are establishing for their “companies” of banditry.
“The malicious software industry is so developed that criminals have already created companies with a mission, vision and values; fake call centers; phishing pages identical to the target company”, said Ludwig, this Thursday (16), during Mind The Sec 2021.
Ludwig explains that this idea that cybercriminals are only on the dark web is old. “We can see in reports that they are coming out of the deep web (messaging apps like Discord, WhatsApp and Telegram), where they normally negotiated malware rental and cybercriminal tools and going to the superficial internet”.
Malicious operations that offer cybercriminal services in this business model are increasingly frequent on the shallow internet, that is, indexed by Google and other web search engines. “Cybercriminals are setting up virtual stores to rent malweare and other cybercriminal services such as ransomware and phishing.”
To reach these conclusions, Ludwig says he investigated some operations in this model. “We opened some command and control centers and identified malicious actors renting malware for various functions such as breaking into bank accounts, mobile apps and others. The “customers” can choose from the various packages of malicious solutions to buy”.
As an example used to illustrate the presentation, the expert shows the case of Bruno Dias Sistemas, a company that, of course, has a false name, but that offers several malware packages, with varying prices, from the simplest to the most robust package .
“From the research, we found some [Malware Developer], like this Bruno Dias Sistemas, a false name, of course, but it’s what offered a more complete cybercriminal package. His package was able to ‘bypass’ several commercial security controls”.
During the presentation, Ludwig showed a video of a cybercriminal demonstrating a malicious financial transaction, inside a smartphone infected with a Remote Access Trojan (RAT), in which, through the malware drivers, anyone, even without technical knowledge, can perform a malicious download.
“Today, to operate a malicious campaign, you no longer need technical knowledge. You buy a criminal solution and work with it. the sale of Malware as a Servie (MaaS) it is a very strong market”, concludes Ludwig.
Check out everything we’ve published about Mind The Sec 2021, the largest and most qualified corporate conference on information security in Latin America!