Cybercrime-as-a-Service and the best way to defend against “attacks by order”

Cybercriminals are highly professional organisations and offer a wide range of criminal services as service models. Cybercrime-as-a-Service exacerbates the threat situation, as it means that even non-professionals can easily commission sophisticated attacks. Learn how to defend your organisation against attacks becoming more likely.

There is now a thriving cybercrime ecosystem. Attackers can offer their “goods”, such as stolen data and services, for sale on marketplaces of the Dark Web. Experts and specialists offer many different services: Vulnerability detection, exploit kits to known vulnerabilities or Exploitation-as-a-Service and Attack-as-a-Service offerings for the delivery and attack phase. In the final phase, the attackers access the actual target system. For example, they secretly exfiltrate data and disrupt systems. Last but not least, files are encrypted in order to extort ransom money.

In addition, criminal platforms offer malware-as-a-service and technical support, for example for ransomware or spyware such as keyloggers or Remote Access Trojans (RAT). This means that even people with little technical skills are able to carry out such attacks. Underground forums also enable easy exchange among criminals as well as low barriers for individuals to enter who are not part of a larger criminal organisation.

Security measures for strong cyber resilience

Due to the high commercialized availability of criminal services on the dark web, it is now easier than ever for malicious actors to commission dedicated attacks. In its latest report (November 2023) on the state of IT security in Germany, the German Federal Office for Information Security (BSI) classifies the rapid development of new and adapted attacking methods and the increasing service character (cybercrime-as-a-service) as worrying. For companies and public authorities, financial consequences and reputational damage caused by a successful cyber attack can be devastating.

Cyber security is one of the most important issues of our time. In addition to NIS2, KRITIS, DORA and other directives and restrictions, the geopolitical situation is also fueling the explosive nature of the topic. The threat landscape will continue to intensify in the future due to the high level of professionalism in cybercrime. As a consequence, organisations must be prepared and become more resilient. A multi-layered security approach consisting of robust processes, modern detection technology and professional support from security experts creates the best conditions for defending against attacks, reacting quickly and launching the appropriate response actions.

Subscribe to newsletter

Comprehensive cyber security, which includes technologies, processes and proficient knowledge, is therefore essential:

1. Security Operations Center (SOC)-as-a-Service as the core of cyber defence: when it comes to protection against cyberattacks, most organisations lack specialists. For comprehensive prevention and rapid response to security incidents, companies should therefore consider and commission a Security Operations Center as a service. A SOC acts as the command center of the cyber security strategy. Trained experts are responsible for the continuous monitoring, analysis and optimization of a company’s security status. They help to quickly detect attacks and initiate appropriate countermeasures in the event of a security incident.

2. Keeping software up to date: Unpatched operating systems and applications are easy and popular targets for attacks. Companies must therefore carry out regular vulnerability scans.

3. Security solutions: Email security filters, antivirus software and firewalls help in blocking known malware types. Companies should also rely on Endpoint Detection and Response and advanced threat protection.

4. Management of access rights: Users should only be given as many access rights as they need for their tasks.

5. Multi-factor authentication and network segmentation. The principle is the following: Just because individual employees are given authorization for one piece of software, this does not automatically lead to others. This builds up protective walls against attackers and curbs attacks.

6. Security training: Employees should be regularly educated on the latest security threats and their potential consequences.

7. Penetration tests offer companies the opportunity to find vulnerabilities in the system in a training mode and fix them.