Ransomware operators have adopted best business practices, from bug bounties to career pages, from a subscription model to opportunities for entry-level newcomers.
Cyberthreat landscape has reached a new level of commercialization and convenience for attackers, cybersecurity company Sophos claims in its 2023 Threat Report.
Nearly all barriers to entering cybercrime have disappeared since cybercrime now functions as-a-service business.
According to principal threat researcher at Sophos Sean Gallagher, criminal marketplaces like Genesis are invaluable to crooks to trade malware, scamming, phishing kits, credentials, and other data in bulk.
Criminals are now trading tools that only highly sophisticated threat actors could land their hands on not that long time ago.
“For example, this past year, we saw advertisements for OPSEC-as-a-service where the sellers offered to help attackers hide Cobalt Strike infections, and we saw scanning-a-service, which gives buyers access to legitimate commercial tools like Metasploit, so that they can find and then exploit vulnerabilities,” Gallagher.
Attackers with any skill level find it easy to enter the cybercriminal world. Recent research by Arkose Labs showed that fraud “employment” outpaced cybersecurity jobs and estimated there were at least 15 million fraudsters at large, jumping on any possible opportunity to lure victims into a trap.
Rookie fraudsters with minimal skills “earn” at least $20,000, while master criminals “earn” up to $600,000.
Cybercriminals are trading their tools and services and posting job listings to recruit attackers with distinct skills, and some marketplaces have dedicated “career” pages.
“As ransomware became hugely profitable, ransomware operators looked for ways to scale their productions. So, they began outsourcing parts of their operations, creating an entire infrastructure to support ransomware. Now, other cybercriminals have taken a cue from the success of this infrastructure and are following suit,” said Gallagher.
Ransomware operators have advanced significantly, expanding their potential attack service by targeting platforms other than Windows and adopting new languages like Rust and Go to avoid detection.
Some gangs, like Lockbit 3.0, have been innovative and creative in finding new ways to extort victims.
“Lockbit 3.0 is now offering bug bounty programs for its malware and ‘crowd-sourcing’ ideas to improve its operations from the criminal community. Other groups have moved to a ‘subscription model’ for access to their leak data, and others are auctioning it off. Ransomware has become, first and foremost, a business,” Gallagher concluded.