With the term attack-as-a-service model is indicated the practice to outsource all the phases of an attack to specialists instead to rent tools and architecture to conduct personally the illegal activities (Malware-as-a-Service). Danchev has recently profiled a newly launched underground service that could allow for cybercriminals to automate the penetration testing process against any target. The providers of the hacking service sustain that using their own exploitation techniques are practically able to compromise any website.
As usual the authors of this service provide an excellent marketing model, they propose a demo for the attack useful to penetrate several vulnerable websites.
The model on sale for service is very attractive, hackers analyze in a first phase the target for a very cheap price (5$) and only in the presence of vulnerabilities they hack it for a price nearly 50$, of course for large architectures to attack the prices soar from $1000 to 50000.
This type of hacking services is an example of unethically pen-testing activity, the criminals seem to not use any automated tool neither Google services to discover vulnerabilities, another singularity is that they do not operate against website and service of their country, a habit already seen in the sale of Kins and Zeus malware.
Following the key features proposed by Danchev in his post:
Following an image of the profiles hacking service:
At the moment the impact of the specific service is limited due its actual inability cause widespread damage but the availability of a huge quantity of tools and hacking services represents an alarming reality that is causing a sensible increase in blended, automated attacks.
Recently FireHost Secure cloud hosting company issued Q2 2013 Superfecta report that revealed the concerning growth for automated attacks against web applications.
The same Danchev already profiled other DIY tools such as Google Dorks Web site exploitation tools, brute forcing applications and stealth Apache module for backdoor distribution, the greater the number of these tools on the market and the greater the number of cyber criminals who provide for the complete outsourcing of attacks.
According last McAfee report “Cybercrime-as-a-Service” security experts observed a sensible increase for attack-as-a-service proposal, the study profiled as example Password cracking services and Denial-of-services.
“If the budget allows, a budding cybercriminal can skip the process of conducting research, building appropriate tools, and developing an infrastructure to launch a cyberattack by choosing a service that will outsource the entire process.” the report states.
No doubts that hacking services will catch in the medium term a good portion of the offer for cybercriminals on the underground.
(Security Affairs – cybercrime, hacking services)