The IT Backbone of Cybercrime

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.

Marc Wilczek, Digital Strategist & COO, Link11

August 17, 2020

5 Min Read
Dark Reading logo in a gray background | Dark Reading

As organizations increasingly adopt digital platforms, criminals are snapping at their heels, slavering to breach those platforms and steal money. The "Global Risks Report 2020," published by the World Economic Forum (WEF), notes that cybercrime will be the second most-worrisome risk for global business until at least 2030. Every year, the world's cybercriminals harvest at least $1.5 trillion in ill-gotten gains — as much as Russia's gross domestic product (GDP). If cybercrime was a country, its GDP would be the 13th largest on Earth.  

As anyone who's been paying attention knows, in recent years the market for compromised assets — stolen credit card data and other personal information — has ballooned. To supply this market, cybercriminals use various underground hosting and associated services — including bulletproof hosting, virtual private networks (VPNs), anonymizers, and distributed denial-of-service (DDoS) protection — to run their operations and keep them safe. Among other things, these services protect availability, keep the bad guys anonymous, block forensics, make physical locations hard to find, and enable IP spoofing.

The fact is, cybercrime is a highly developed sophisticated industry that makes big sales and uses the same marketing techniques and platforms as legal businesses do. Trend Micro found an ad for dedicated, compromised US-based servers with prices ranging from $3 to $6 for guaranteed 12-hour availability. Many such services are flogged on the Dark Web and are invitation-only; others are advertised and sold on well-known (and legal) platforms including Twitter, VK and Telegram.

The Blurry Distinction Between Cybercrime and Legitimate Business
Today, it's becoming hard to discern the difference between online crime and legitimate business. Some hosting providers serve legitimate clientele and sell their services openly on the Internet, but there's no doubt that some of their customers are resellers that deal only with criminals. The hosting company may or may not know this.

The so-called "bulletproof hosters" are typically linked to cybercrime. These are often regular hosting providers that are attempting to broaden their business by homing in on specific customers. The hosts are ready and willing to push the legal envelope for the customers — for a price. However, the potential for prosecution has driven most of this activity onto the Dark Web, where crypto-payments such as Bitcoin make it hard to identify bad actors. Here, in this place where no one trusts anyone, some markets use escrow payments to facilitate risky transactions. Some vendors even offer customer support and money-back guarantees on their services.

Criminals Target Each Other
An October 2019 report by Europol, the European law-enforcement agency, notes that DDoS attacks are among the biggest threats to international commerce. However, law-abiding companies aren't the only ones that suffer. Anyone who spends time checking out Dark Web services knows that many of them typically indicate an "uptime" — that is, the time when they aren't out of action because of a DDoS attack. This just goes to show that dirty tricks happen in every kind of business, legitimate or not. When one Dark Web vendor is targeted and taken offline, its customers have to go someplace else — perhaps, even, to the service that launched the attack.

These clandestine markets are vulnerable to DDoS attacks due to characteristics inherent in the Tor browser, a favorite among Dark Web users. In 2019, the Dark Web's three largest markets — including Dream Market, which was extorted to the tune of $400,000 — were all hit by major and prolonged DDoS attacks.

Tilting at Windmills
Now for a bit of technical geekery. A DDoS botnet requires command-and-control servers, but anyone using domain generation algorithms and similar tools can move their infrastructure faster than legal authorities can pinpoint it and take it out.

According to Europol, DDoS-for-hire "is a pressing issue, mainly due to how easily accessible it has become." The organization figures that stressor and booter services have made it much easier to get into cybercrime: for a small fee, almost anyone can unleash a DDoS attack with a mouse click, take websites offline, and clog networks with a flood of bogus traffic. The targeted organizations can be brutalized financially and reputationally, and customers lose access to vital services offered by financial institutions, governments, and police forces. The US Department of Homeland Security warns on its website that "over the past five years the scale of attacks has increased tenfold", and that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale".

Law enforcement and other groups are trying to prevent DDoS attacks, but often doing it taking down booter sites (that is, sites that let criminals rent access to a network of hacked or infected computers to launch DDoS attacks). But it's easy for the bad guys to put up new websites and keep on doing bad stuff. Some observers, including those behind this study, say that DDoS takedowns are useless. Even after 15 major DDoS-for-hire outfits were snared in a coordinated action by US and European law enforcement, the volume of DDoS traffic hitting victims didn't budge. In fact — in what may have been a deliberate poke in the eyes of legal crusaders — the number of DDoS-for-hire websites actually increased, the same study mentioned above concluded.

Time to Boost Cyber Resilience
Cybercrime spreads like wildfire, makes a ton of money for its perpetrators, and is far less likely to land them in jail than, say, bank robbery. In the United States, according to the WEF report, the chances of catching and prosecuting cybercriminals actors are as low as 0.05%.

The bottom line is that companies need to protect themselves against DDoS attacks by being strategic and proactive. As DDoS attacks become easier and less expensive to launch, the number and types of organizations they target is likely to continue to expand. Making matters worse, the growth of the Internet of Things will open up a universe of new and unprotected smart devices, while widespread adoption of 5G will cause the size of attacks to skyrocket far beyond the available internet bandwidth.

Related Content:

 

About the Author

Marc Wilczek

Digital Strategist & COO, Link11

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across the ICT industry. Before serving as chief operating officer at Link11, he was member of the management board of T-Systems' Computing Services & Solutions (CSS) division. Prior to that, he served as senior vice president, Asia Pacific/Latin America/Middle East & Africa at CompuGroup Medical, and as managing director, Asia Pacific, for Sophos. He is an Alfred P. Sloan Fellow and holds master's degrees from FOM Graduate School for Economics and Management in Frankfurt and London Business School.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights