Protect yourself during the rise of Crimeware-as-a-Service is on the rise
By Andrew Newman
Cybercrime is on the rise across the world. From a recent increase in malicious web extensions (particularly in the U.S.) to the continuation of dangerous phishing and malware attacks, cybercriminals show little signs of slowing down—in part due to the rapidly growing market of Crimeware-as-a-Service (CaaS).
Also known as Malware-as-a-Service or Cybercrime-as-a-Service, these terms refer to the evolving and highly lucrative practice of providing cyber products and services to other criminals on the dark web. Instead of having to develop the technical skills and expertise to facilitate large-scale attacks, CaaS allows virtually anyone to buy or rent software capable of delivering dangerous spyware in a matter of minutes.
For instance, cybercriminals can now buy phishing kits—which trick users into opening links or visiting harmful sites that then infect their computers—for as little as $40. For larger scale attacks, harmful malware is also widely accessible on the dark web. One well-known and commonly-sold malware with recent high usage is the Eternity Stealer, an infostealer available for just $260 a year, capable of extracting usernames, emails, and credit card numbers.
With new CaaS products emerging daily, the rise of this criminal ecosystem puts consumer safety and privacy at dire risk. From online shopping and social media to working and learning from home, users are sharing more on the internet than ever before, and the CaaS marketplace makes this data increasingly vulnerable to cyberattacks. Competition within the marketplace itself will also likely heighten demand for new and more advanced spyware, resulting in the proliferation of next-generation threats that even the most savvy consumer has trouble detecting.
What’s more, while corporations have invested heavily to improve their cybersecurity practices, the average household has not, making them prime targets for the influx of bad actors that CaaS enables. Consumers sitting at home browsing the web on their computer or phone may not feel like a top priority for cybercriminals, but the reality is that they are considerably easier and weaker links. Especially with the continuation of remote work, many cybercriminals have doubled down on their consumer attacks, seeing home networks as a perfect window to gain access into far more secure corporate networks.
And though the CaaS marketplace is gaining traction in the cybercrime world in traditional areas, we expect market growth in coming years, particularly around new and developing platforms such as cryptocurrency and the metaverse. We can proactively work to limit the damage it inflicts by pushing for increased cyber education and cyber awareness, teaching adult users how to recognize common threats like phishing, and educating the next generation on how to stay safe across all of their devices from a young age.
The next step is deploying the same quality of cybersecurity tools that corporations use across home networks. Consumers have never been more vulnerable to cybercrime and it’s time they invest in the protections necessary to ward off future attacks before they become victims, including three vital components:
Endpoint protection systems
The best way for home users to protect themselves from next-generation cyber threats is through the use of endpoint protection. These systems are designed to secure the endpoints of user devices, which serve to communicate with other devices and end users over a network, and are often used as entry points by hackers.
While traditionally thought of as an enterprise-only resource, endpoint security tools are a growing necessity for consumers—especially as so many hackers attempt to gain access to corporations through home networks.
Domain name system (DNS) filtering
The domain name system (DNS) translates a website’s domain name into the IP address that computers use to load a webpage. By using a DNS filter, which is easily accessible online, consumers can block suspicious URLs, prevent hackers from monitoring their activity, and filter out explicit content, leading to a more secure and carefree browsing experience overall.
Virtual private networks (VPN)
No matter where or how consumers are accessing the internet, whether at home or using a public Wi-Fi network, their activity is visible to the internet service provider (ISP), search engines, government agencies, and any sites they may visit. This is even true when using a private mode on browsers, as the IP address of the user’s device still remains visible.
The only true way to protect anonymity online is through the use of a VPN, which uses encryption technology to conceal users’ identities online. Simple to install and easy to use, VPNs allow consumers to browse confidentially, as well as bypass geo-blocks and access content from all over the world.
As long as consumers fail to invest in greater cyber awareness and tools, the CaaS marketplace will continue to grow. However, we don’t all have to become victims. Let’s halt this narrative and use this moment as a catalyst to double down on home user cyber education and protections, and make the internet a safer and more enjoyable place for all.
Andrew Newman is the founder and CTO of ReasonLabs.
(11)