The ease of access to dangerous malware has become significantly easier with gangs of cyber criminals selling access to “do it yourself” malware platforms. To start these gangs will infect millions of computers around the globe with their own custom malware. Then in a sinister move they will then sell the infected users to other criminals who want to extort financial details from the infected computers.
Criminals are now able to buy access to compromised Irish computers for as little as $0.10 per computer. In an update issued to its customers, Irish IT security firm Smarttech.ie have reported that a price war has broken out amongst cyber criminals. In the USA, this has resulted in the cost of a hacked computer falling by nearly 50% since the start of 2014.
Ronan Murphy, CEO of Irish IT security firm Smarttech.ie has warned “For the criminal gangs around the world who want to launch a cyber-attack, it is a buyers’ market. Initially they may not have had the skills to build and deploy the malware services themselves but with this new user friendly model they can buy it off the shelf. Also the appetite for this service is huge and competition has seen prices fall by 50% since the start of the year. In the USA, cyber criminals will now sell a list of 10,000 computers that have been deliberately infected with a customised virus, for only $1,000 in total or $0.10 per computer. We see evidence on a daily basis of Irish customers who have also fallen prey to these global botnets.”
In the new Malware as a Service (MaaS) industry, cyber criminals are able to access the same kind of professional services that are normally associated with the legitimate Software as a Service industry. The scale of the cybercrime operations and the number of new entrants in the MaaS market has resulted in “Malware” as an industry going mainstream, with cyber criminals offering extremely high levels of customer care.
Ronan Murphy said that “The MaaS market is a scary prospect because it allows non technical criminals to branch out into an area where they have no experience. Criminals are able to access all the professional customer care services like 24 hours web chat, quality assurance and all the other necessary support services. For criminals, they are able to order customised viruses which are geo-specific making Irish owned computers a legitimate target for cyber criminals.”
While the commodity being sold by cyber criminals are computers infected with malware, it is what the malware does which matters. A large percentage of the Malware is designed to steal the finical information such as online banking or credit card credentials. If these are non forth coming then the malware will generally encrypt the computer and demand a ransom for decryption.