Just like other industries have adopted the "as-a-Service" model, hackers are doing the same by selling easy access to tools, instructions, target lists, and hackers for hire, creating an online platform for cybercriminals. The concept of Hacking-as-a-Service has created a 'pay to play' environment allowing amateurs to quickly develop attacks that are far beyond their skill level. This lowers the hacker barrier of entry, meaning cybercriminals only need basic skills to launch common attacks, including phishing, DDoS, and targeted hackers for hire. It also increases the rate at which threat actors can launch attacks, meaning companies need to defend against more hackers, who are launching attacks at a higher volume.
In this post, we’ll share examples of hacking services we found posted on dark web forums and discuss what steps organizations should take to protect themselves from this growing trend.
Phishing as a Service
Pulling off a successful phishing attack used to require a skilled blend of technical knowledge and social engineering to create a legitimate-looking campaign. Today, much of the hard work can be bought online, bundled into “phishing kits” which are software packages that streamline the process of copying a site design and uploading it to another web server as a phishing site. This can include:
- Fake Domain: preferably deceptively similar to a known legitimate site
- Fake Login Page: preferably one that resembles the original
- SMTP Server: one of several methods to send a large amount of spam (In all of these methods it is difficult to determine the original attacker)
- Bulk Mailer Software
- Leads: lists of target email addresses
These Phishing Kits don’t just enable hackers to run their own phishing campaign, but enables them to run them quickly in an effort to avoid detection. When in the past, phishing websites might be live for days to weeks, today they can be live for only a few hours.
The image to the right is an example of a black market post offering a phishing kit with tutorials for setting up a fake webpage.
DDoS as a Service
Distributed Denial of Service attacks can shutdown online services by flooding the network with traffic from a large number of devices. As seen in the video below, attackers can now purchase DDoS packages on the dark web with enough traffic to overwhelm a service.
Hackers for Hire
For hackers who can’t find a service that sells the attack they are looking for, or are planning a job too big for one person to do alone, there are hackers for hire who lend their expertise for a price. If an attacker can think it, there is a hacker who is willing to do it. See the video below for a Hacker for Hire post found on a dark web forum.
The Hacking-as-a-Service market is thriving and continuing to add new services. The ability for novice hackers to quickly launch advanced attacks has increased the number of threats that companies must deal with.
So, what should you be doing to combat these threats?
- Dark Web Monitoring: Sometimes, you must go behind enemy lines to get good intelligence. Make sure you have a process in place to search through dark web black markets, pastebins, and chat rooms looking for insider threats, hackers for hire, chatter etc. This will help you identify attacks proactively.
- Phishing Domain Monitoring: New phishing websites are constantly being created. Develop a process for identifying new phishing domains and potential attacks so you can block the domain with your security devices and initiate takedown requests with the registrar. This will help you be proactive rather than reactive in defending against phishing.
- Social Media Monitoring: Cybercriminals often imitate brands online to fool unknowing customers and phish information from them. Fake company pages on popular social media sites are one of the most effective ways to do so, so make sure you can identify and takedown these pages before they fool your customers.
Blog: How Cybercriminals use Pinterest to Run Fraud Scams
eBook: Dark Web Black Market Glossary
Research Report: The Dark Side of Asia