A blog posting from IBM Internet Security Systems, in which the rapid ascendance of hacking-as-a-service is discussed, confirms an earlier report from Finjan on Crimeware-as-a-Service.
“It is indicative of the domination of criminal gangs in the malware and security attack business these days,” says Yuval Ben-Itzhak, Chief Technology Officer of Finjan.
"Crimeware-as-a-service, or CaaS, represents the latest phase in the commercialization of hacking methods and tools as indicated by our Malicious Code Research Center (MCRC) report at the beginning of this year," added Ben-Itzhak.
“The process of conducting criminal activities is getting even more advanced by simplification – getting straight to stolen data as a service.”
According to Ben-Itzhak, Cybercriminals are deploying malware, botnets, and infected computers to provide online hacking services to anyone willing to pay - the providers themselves do not necessarily conduct the criminal activities related to the data that is being compromised and these services are managed remotely and include features that facilitate the installation of the crimeware program, running the service, online reporting and even offering ongoing maintenance.
"As IBM notes, the legality of the new crop of these services is questionable at best, but we suspect that we are going to see more and more of these types of “commercial” services emerging in the near future," he concluded.