Say hello to a new cybercrime business model: CAAS

24 апреля 2008

Finjan, the business web security specialist, has uncovered a new cybercrime business trend: crimeware-as-a-service or CAAS for short.

Revealed in the company's Q1 security trends report and researched by its Malicious Code Research Centre (MCRC), Finjan says that criminals have started to use online cybercrime services, rather than go the trouble of operating their own crimeware servers, installing crimeware toolkits or compromising legitimate web sites.

Yuval Ben-Itzhak, Finjan's CTO, said that his research team is witnessing a rise in the CAAS model in the crimeware-toolkit market-place.

"Cybercriminals and criminal organisations are getting better and better at protecting themselves from law enforcement by using the crimeware services," he said.

This is particularly important, he added, as the operator does not necessarily conduct the criminal activities related to the data that is being compromised, but merely provides the infrastructure for it.

What's interesting about CAAS is that, like the mainstream - and legitimate - providers, the creators and owners of the crimeware toolkits are offering their customers access to updates, whilst at the same time equipping them with anti-forensic attach techniques.

In addition, says Finjan, the owners of the crimeware toolkits are giving customers the ability to manage and monitor malicious code affiliation networks.

This, the company claims, enables a new level of crimeware availability by supplying anyone willing to purchase an easy-to-use crimeware toolkit.

In its Q1 2008 security trends report, Finjan's MCRC claims to show how the delivery and distribution of malware have been upgraded to deliver different types of malware to different geographical regions.

Ben-Itzhak said his team's report shows how the new breed of criminals are using mainstream sales and marketing techniques to meet the needs of the cybercrime economy and ensure that each market gets the most optimal localised cybercrime product.

As if this trend wasn't bad enough, Finjan predicts that criminals will develop the next phase in their CAAS plans: providing the victim data tailored to the criminal intent.

Using this approach, Finjan says, will avoid the need for attackers logging in to manage an attacker profile on a crimeware-toolkit platform.

Источник: infosecurity magazine

