The thriving and easily accessible black market for nefarious security products and services means that protecting your business is that much harder. Eric Geier details the growing threat.
In the earlier days of computers, virus writers and hackers were viewed as fame-seeking and adrenaline-hungry teens with nothing better to do. But as PC usage and the Internet grew, the amount of potential victims grew exponentially and money became the hacker's greatest motivator; spawning a whole new cyber-lexicon that now includes the term criminal. Because of this, hacking and creating malware can be done by just about anyone that’s willing to venture down to the black market with a fist full of cash.
This money-making opportunity has created an entire cyber crime ecosystem of goods and services. There are a plethora of malware do-it-yourself (DIY) kits; malware development organizations and hackers-for-hire -- many located in countries where these activities are not illegal and/or tolerated.
There are also numerous other associated services out there that are required to carry out a large successful attack such as malware quality assurance (QA) (yes, it's true), distribution, and search engine optimization (SEO). All these goods and services can come together to make a cookie-cutter process for the attack originator while also making it nearly impossible to catch them due to all the third-party providers involved.
Understanding this black hat hacking and the processes can help you better realize what you’re up against when in IT security field.
Attacks and scam
There are numerous attacks and scams that almost anyone can pull off when utilizing the numerous underground resources. Here are just a few examples:
- Installing fake look-a-like antivirus software on PCs that fools users into thinking they have viruses and asking for payment to remove them; often called scareware (even Apple is not immune to this one).
- Installing key loggers on PCs to capture usernames and passwords for websites. These sites may include banks or online gambling sites where they could transfer money out of and email accounts or social networks to help spread malicious links or programs.
- Installing malware that looks for and steals specific files for select programs like money management software to obtain sensitive financial details.
- Accessing a particular website or server so many times it brings it down; performing what’s known as distributed denial of service (DDoS) attack, which may be done to aid in the process of hacking or just to wreak havoc.
- Accessing a particular website over and over to increase ad revenues, for instance with pay-per-click campaigns.
- Installing a proxy program onto someone else’s PC, so they can remotely use their Internet access to perform attacks or do illegal file transfers.
Read the rest about hiring hackers and buying malware at eSecurity Planet.