• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

How to Defeat Malicious Everything as-a-Service

October 10, 2018 By Sylvain LeJeune


In the sharing & collaborative economy we live in, we are witnessing two major trends at play.

First, an increasing number of people are getting online. Recent statistics suggest that 4 billion people around the world are now using the internet (this is half of the world’s population): https://wearesocial.com/blog/2018/01/global-digital-report-2018

Second, the consumerization of IT. Business leaders and lines of business are increasingly consuming IT services from their own IT department or directly from public cloud services providers (a trend called “Shadow IT”) on a pay-as-you-consume/PAYG (Pay-as-you-Go) basis. This IT-as-a-service framework has a few fundamental attributes:

  • Standardization
  • Automation
  • The availability of a catalog of services (the “service menu”)
  • Orchestration
  • A business and charging model based on consumption/PAYG
  • Self-service capability

We are now living in a demand-driven model vs the old supply-driven model which was focused on the available legacy technology and its constraints.

The winners in today’s super competitive markets are those that can out-think and out-maneuver their competition. They do so by leveraging a self-service-based operating model based on a high degree of standardization and automation, increasingly with a consumption-based business model (PAYG).

As a result, tech is increasingly present in every single revenue stream.

And bad actors have followed suit. They are leveraging the aforementioned trends to pocket large financial benefits. They are making malicious code and attacks available to the masses as “kits” which can be consumed as-a-service off of service menus built on highly automated and scalable architectures. Add all the stolen data to the mix and you have a very powerful (and daunting) value proposition.

It is very easy, cost-effective and fast now for malicious actors to modify hashes and create new malware variations that evade signatures. Hence the massive amounts of malicious code out there. More on this later.

Examples of “Malicious Everything as-a-Service” abound

Phishing attacks. There are now phishing kits available for sale. They comprise phishing website resources and tools that need only be installed on a server. Once installed, all the fraud actor needs to do is send out emails to potential victims. Email addresses of potential victims are available on the deep web – just like phishing kits.

Ransomware-as-a-Service, or RaaS, are ransomware distribution kits sold on the dark web for a few hundred dollars that allow malicious users with little technical skill to attack relatively easily. Some of these kits allow fraud actors to create their very own customized version of a given ransomware, e.g., Satan, with a “profit-sharing” business model (e.g,, the RaaS developer takes a 30% cut of any payments made by victims, the attacker pockets 70%).

DDoS attack tools are also easily available. A simple web search reveals a significant number of booter and stresser services openly advertised which give unskilled individuals the ability to launch significant DDoS attacks. 2016 marked a turning point with the Mirai malware, which triggered DDoS attacks originating from botnets of compromised Internet of Things (IoT) devices. A series of devastating attacks from the Mirai botnet struck a number of high-profile targets. Variations of the Mirai malware are still active today. More details at https://en.wikipedia.org/wiki/Mirai_(malware)

One of the most active services for launching distributed denial-of-service (DDoS) attacks, WebStresser.org, was taken down in April 2018. The service had more than 136,000 registered users, and it is estimated it contributed to millions of attacks over a three-year period. All of this for a mere 15 euros/month for users to carry out devastating attacks.

In all three aforementioned examples, phishing kits, Raas and DDoS attack tools, the business model, automation, standardization, service menu and the self-service capabilities are five attributes which closely align with IT-as-a-Service and the collaborative economy we mentioned earlier.

An avalanche of malware, compromised URLs, DDOS attacks

The phenomenon of “Malicious Everything as-a-Service” and the rapid growth in the volume of available highly standardized kits have led to a deluge of malware, cryptomining software, compromised URLs, DDoS attacks (in the wake of Mirai), etc.

As briefly mentioned earlier, it is easy and fast to create new malware or mutate** existing ones to evade detection. Today’s malware threats are far more advanced and prolific than ever before. Modern malware creation is automated. As a result it requires very little effort for attackers to mutate a piece of malware. [**Mutating malware is the process of changing existing malicious software without altering its functionality. This is often performed by changing a piece of malware’s hash. Mutation allows malware to evade signature-based anti-malware solutions such as your traditional antivirus.]

The case for man and machine working together

The rapidly increasing volume of advanced, evasive cyber threats is triggering the urgent need for traditional human involvement in addressing IT threats (through the provision of signatures, white-listing, black-listing, heuristics, etc.) to be augmented by the immense capabilities of artificial intelligence. In particular, it is the ability of machine learning and deep learning models to deal with vast data sets – an ability that humans simply do not possess.

Machines and algorithms bring automation, quicker response times, reduced error rates and pre-execution capabilities to the table. It is all about processing and analyzing large amounts of relevant data, and scale.

Human analysts bring human insights at two critical levels: once the AI models have sorted through data, human analysis can then take over and look into suspicious patterns of activity to confirm whether or not these are actual attacks or false positives.

That human analysis then feeds back to the machine learning models (e.g., by adding another layer of security or by continuously sorting and adjusting a mix of supervised and unsupervised machine-learning models, or a combination) to improve pre-execution outcomes and future predictions.

This is the power of man and machine working together to address the increasingly automated, standardized production of “Malicious Everything” delivered as-a-service to wannabe hackers who are flooding businesses, government agencies and consumers with compromised websites, DDoS attacks, cryptomining software and malware of all sorts.

— Sylvain LeJeune

Share This:

Related

Filed Under: Editorial Articles Tagged With: Denial of service attack, Malware, Zero day exploit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use