View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 21, 2015

How malware is building hacking corporations

The development of malware as a service is giving security firms, and the businesses they protect, an even harder battle.

By Charlotte Henry

The world of hacking and malware is always expanding and updating. Security practioners are in a never ending battle to keep up to date with the latest attacks, and close up newly discovered vulnerabilities.

Far from the cliched image of unwashed hackers cooped up in their basements, malware makers are becoming sleek corporations. Attacks nowadays require a variety of sophsticated developers and designers, in the same way that large, legitimate businesses do.

Catalin Cosoi, ?Chief security strategist at security firm Bitdefender explains:"We’ve seen malware makers organise into "cells" or "groups" that offer their services to the highest bidder. The underground market is filled with malware development teams, offering to develop custom malware for targeted attacks."

"Just as companies or corporations invest time and effort in offering products to customers that are tailored for their needs, malware development groups offer their services in pretty much the same way," he adds.

Jim Gumbley, a security expert at IT consultancy ThoughtWorks, agrees. "The evidence is that attackers are increasingly able to buy technical attack capability on secondary markets," he told CBR.

We are in the age of malware as a service, with attacks and viruses being sold, and built, to order.

Gumbley cites the example of "Big Bang Booter" which can bombard a website with traffic to bring it down, and can be bought with Bitcon. "Although almost certainly illegal in most territories," he said, "the service was offered for sale with a slick marketing video and even offered technical support."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

These professionally marketed kits are helping mere novices carry out quite sophisticated attacks, which can easily be recycled. The Websense Security Labs 2015 report found that in 2014, 99.3% of malicious files used a Command and Control URL that has been used by one or more other malware samples before, and 98.2% of malware authors used a command and control that was found in five other types of malware,

It is a trend that businesses across various industries need to be aware of, says Gumbley:

"The outcomes for businesses could be chaotic as the market develops. Packaging attacks as a service means that the people with the intent to carry out an attack need less technical capability."

No surprise then that mobile malware increased three fold in the second quarter of this year, with valuable industries like finance a key target.

As data becomes increasingly valuable, the price for those who can capture it, and the tools they build, increases too.

"One of the reasons why the industrialisation of cybercrime is growing is that the demand for custom malware has been increasing, as the value of stolen private and confidential data has become highly sought after," says Casoi.

Malware as a service is then the latest development in bussineses’ battle against cybercrime, and it’s not going away any time soon.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.