It wasn’t long ago that crimeware-as-a-service (CaaS) was a new buzzword that made its way across the Internet detailing the next generation of security threats to computer users and corporate networks around the world. Unfortunately, CaaS is now an even bigger threat.
As malware has evolved and cloud computing has become the latest social and business platform, scammers and cybercriminals have moved away from developing malware for notoriety sake to building online cybercrime services that are designed to support the needs of other cybercriminals, as well as attract new recruits and affiliates. Rather than going through all the effort of developing, hosting and deploying the malware, the criminals are developing toolkits that allow others to perpetuate the crimes, further hiding their operations from detection by law enforcement. Essentially, everything that a criminal would need for cybercrime is now available for purchase.
So what has changed the last couple of years to make CaaS an even bigger threat?
The biggest thing that has changed is that technology has improved, allowing criminals to be more targeted with their threats. As we have seen in the last 6-8 months, traditional email filtering solutions and anti-virus engines are having trouble stopping the sophisticated campaigns that look and feel like big brand messages and contain content that read like legitimate emails. We have seen the emergence of plug-and-play (PNP) malware, which requires only a single click for malware to infect a computer. We have monitored multiple variations of this type of malware, each using a variety of techniques to target users and slip through corporate security systems undetected.
Plug-and-play is one of many delivery vehicles used by cybercriminals to distribute malware. The PNP architecture is a game changer because criminals can simply chain on exploits as they become available without needing to modify their spam campaigns in any way. Examples of malware and exploits that we have stopped include signature-distinct executables, Windows Help Center vulnerability, obfuscated JavaScript, PDF vulnerabilities and fake A/V tools and Adobe executables.
We have also seen compromised accounts on eBay and other big brands acting as sources for malware and for zombies to acquire spam templates used in malware campaigns. As was mentioned in an earlier post, the styles of the new wave of threats are “far too varied, detailed and idiomatic to have been generated by spammers.” In other words, the people and or tools perpetuating the malware campaigns are more sophisticated than we have seen in the past.
With the toolkits available and the infrastructure in place, these types of attacks are likely to increase in volume and complexity. Going forward, CaaS providers will continue to provide updates to their toolkits, providing users with increasingly more advanced techniques for compromising computers and networks and new ways to monitor their effectiveness. The CaaS business is not unlike traditional software providers, and the motivation is not unlike a traditional business. Money is driving the commercialization of new CaaS techniques and technologies. As a result, development of the toolkits and online services will continue in an effort to improve performance for the cybercriminals.
As ugly a picture as this presents, companies can protect themselves by taking a more aggressive approach to email security. Relying on end users to serve as a filter and giving them the ability to establish their own personal filtering policies weakens any existing security infrastructure as a whole. Security needs to be dynamic and must be able to react quickly to changes in user behavior and the evolving threat landscape. While CaaS may be the next big thing, even today, it doesn’t necessarily have to impact your business. The big question is, “Will it?”
