Finjan Identifies the Latest Cybercrime Business Model – Crimeware-as-a-Service
April 2008 by Finjan
Finjan Inc., announced important findings by its Malicious Code Research Center (MCRC) identifying and analyzing the latest trends in the ongoing commercialization of cybercrime.
Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites.
“Currently, we see the rise of the Crimeware-as-a-Service (CaaS) business model in the Crimeware-toolkit market. Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it,” said Yuval Ben-Itzhak, CTO of Finjan.
As with mainstream software providers, the creators and owners of these Crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques, as well as the ability to manage and monitor malicious code affiliation networks. It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use Crimeware toolkit.
During 2007, Finjan’s MCRC covered the trend of new Crimeware that purely focuses on financial gain, as well as the way it works to get revenue out of each infection. In this report, MCRC shows how the delivery and distribution of malware have been upgraded to deliver a different type of malware to different geographical regions.
“Cybercriminals can now generate more targeted infections and deliver specialized Crimeware for specific geographical regions,” Ben-Itzhak said. “Our report illustrates how these criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper “product” localized for it.”
Finjan foresees the next phase in the commercialization process as creating a service for getting straight to stolen data by providing the victim data tailored to the criminal intent. Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a Crimeware-toolkit platform.
Concludes Ben-Itzhak: “The trends described in this report confirm that the security industry and law enforcement agencies should take an innovative approach in handling these Crimeware commercialization threats. Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities.”