Hacking now is so easy that hackers don’t even have to be a technically sophisticated hacker with hacking skills and knowledge, and to deal with the technical challenges to run their own crimeware. Instead, they can just buy a hacking service that will do most of hacking works for hackers, enables them to automate the hacking online and gain access to sophisticated network easily. Obviously, the Crime-as-a-Service (CaaS) offering is contributing to the increasing volume and sophistication of cybercrime and the increasing difficulties of tracking malicious hackers. The victims are not only the targets under attacks, but also those attackers, customers of the CaaS offerings. For example, a newly discovered crimeware service is using Facebook hacking tools hosted on Google Drive. It requires users/customers to provide their Facebook login credentials before they can hack other accounts. It steals aspiring hackers’ account information and tricks them that they can hack into other accounts. This crimeware service makes money by selling stolen account information in the underground market. This also put enterprise user accounts under at risk. Hackers can steal business users’ credentials and develop a botnet for stealing a company’s intellectual property, damaging software or conducting other future attacks, while it is hard to track back and find the real attackers. They can also make money by selling the credentials to the highest bidder. Therefore, to prevent this kind of attacks, IT managers are suggested to prevent employees from using business accounts for personal use, open suspicious link or downloading unauthorized files, and ensure to have fast response to attacks.
This article made me think about the security of social media sites, like Facebook, Twitter and LinkedIn. As most trusted communication channels to most of people, many social media sites even cannot secure their own environment. It makes social network a hotbed of CaaS and other cyber crime that allow hackers to manipulate users and develop botnet easily. It is weaponized, and makes hacking more effective and less trackable. To companies, social media attacks are not only about reputation damage, it also leads to big data breaches. According to research, eighth companies suffered a security breach due to social media-related cyber attacks. However, companies can hardly prevent employees from using social network because it has become part of our lives. Instead, companies should identify their social assets, develop an effective social media security plan, educate employees, and be almost prepared to for social media attacks.
Wade Mackey says
As you will hear from me as we progress through the course, this is often the case. Anonymous is good example, they generally do not actually attack anyone. They talk it up and get unsuspecting dupes to launch attacks. The dupes then get busted.
Wade
Noah J Berson says
There used to be a hard rule that you don’t enter your username and password in another location but the site intended. Now with Facebook, Google, and Twitter trying to be single-sign on services for the entire internet, The average user is now signing into other sites with a friendly button that says for example “Sign in with Facebook!” This is supposed to open a secure window but an easy trick would be to fake the first pop up, collect the info, say there was an error please try again, and then pop up the real window. For this site, the users don’t even have anyone to turn to since they can’t say they were hacked when trying to hack other people.