Even cyber criminals have helpdesk services on dark web
With hacking getting easier, both end users and organisations have a responsibility to stay protected
These days, a 13-year-old can initiate a DDoS (Distributed Denial of Service) cyberattack on an online gaming platform if he wanted to.
This is the reality of Cybercrime as a Service (CaaS). It is increasingly worrying because of how easy it can be.
A quick search on Google can provide contact information for such cyber criminals - often touting a wide range of services.
Left unchecked, CaaS increases both the volume and complexity of cyber attacks.
New technologies such as cloud computing and Internet of Things increases the number of entry points for cyber criminals.
With more people storing personal data like credit card details on the cloud, cyber criminals thrive on stealing such information.
Another way cyber criminals can earn their keep is through selling tools for hacking others.
On the dark web, cyber criminals list various hacking tools, along with user manuals that provide a step-by-step guide.
Some of these CaaS providers even provide helpdesk services, highlighting the level of organisation within these communities.
A complete set of hacking tools can cost as little as $125 and can do a wide array of tasks such as hacking Wi-Fi networks and stealing personal information.
Compared with regular crime, cybercrime is low-risk and high-profit. Skilled cyber criminals are able to hide their tracks well and are not easily caught.
As incredible as it may sound, in most countries, hiring a hacker is not illegal.
Corporations or businesses hire hackers to test their cyber defences to find potential loopholes.
They are called "white-hat hackers" or "ethical hackers".
In Singapore, the Government has taken a proactive approach to discovering vulnerabilities and zero-day exploits through a "bug bounty" programme.
Through this programme, hackers are invited to participate in intensive vulnerability testing frameworks.
The contentious nature of the operations make it difficult for authorities to prove malicious intent.
On an international level, there is also no unified law that can indict cyber criminals who commit transnational crime.
This means that cyber criminals who are caught can possibly get away scot-free.
Even in cases where cybercrime is prosecutable, what is illegal in one country might not necessarily be illegal in another.
The lack of a unified law makes it incredibly hard to prosecute cyber criminals who launch cross-border cyber attacks.
CaaS can be executed at large and small scales.
We all have a responsibility in building our personal resilience against cybercrime.
Basic steps that provides home users with a measured level of cyber security include:
- Installing security updates
- Using complex passwords (and two-factor authentication options when available)
- Not sharing passwords across different accounts
- Conducting regular anti-virus scans
- Avoiding dubious links and suspected phishing sites
Organisations also have a responsibility to protect the end user.
Internet service providers can take a proactive role in cyber security by employing simple machine learning to alert them of any suspicious activity and deal with it before it spreads through the network.
Governments can invest in cyber security talents. With a bigger talent pool, better cyber defences can be developed.
Laws are part of the equation to increasing cyber resilience.
Having global unified accords will play a vital role in helping to combat cybercrime.
If cybercrime becomes less risk-free and lucrative, it will not be as attractive to criminals.
The writer is a senior research fellow at ESET, an IT security company that provides antivirus and Internet security solutions for homes and businesses.