Hacking as a Service: There are many who may not be able to remember the days when the HTML was written entirely by hand, as there are many hackers who can not remember when a exploit has to be built from scratch. The process of hacking has not ceased to be illegal, but seems to have become more user-friendly. By combining this with the increase in the number of transactions made online, it creates a good ground for the growth of the underground economy.
Με τα εξελιγμένα exploit kits, τα δωρεάν εργαλεία, τα botnets και τους hackers προς ενοικίαση, έχει καταστεί σχετικά εύκολο κάτι που παλιότερα ήταν δυνατό να πραγματοποιηθεί μόνον από ειδικευμένους hackers. Έχει δημιουργηθεί μία παράνομη αγορά όπου ο καθένας μπορεί να αγοράσει και να πουλήσει malware, exploit kits, botnets, πληροφορίες για πιστωτικές κάρτες, zero-day ευπάθειες (για τις οποίες κανένα patch δεν είναι available) for popular operating systems or for applications as well as services such as attacking and destroying a website or performing DDoS attacks. So how does this whole market work?
As Software as a Service (SaaS) turns the way we access applications, so does it Hacking as a Service (Haas) facilitates attackers.
From an economic point of view, the cost needed to hire a hacker is similar to what is required to recruit any other professional. The time that hackers will spend determines their pay, the more time it takes to complete the attack process, the higher their pay will be. A simple DDoS attack or some malicious ones SEO links could cost only $ 100, while RATs like this Blackshades or the rental botnet they could cost anywhere from $250 to $500. Full control of a botnet like ZeuS with management and control capabilities can run as high as $20,000.
Since hackers obviously won't wait until their services are requested to seek financial benefits, they usually seek revenue through the sale of exploit toolkits. Initially selling the toolkits was not that profitable, as once they are bought, they are done download and resold, the profits they can bring to developers gradually decrease. The Blackhole toolkit solved this problem by introducing a service delivery model for updates, whereby the user can receive support, new features and new zero-day exploits provided that they have subscribed to the original developer. Developers in turn will invest some money in finding and creating new exploits and features in the toolkit. Open source exploit kits such as Metasploit can be downloaded for free.
There are different specialties among them Hackers;
Just like "legal" and ethical hackers and IT/Network security professionals, hackers have specialties. There may be some who are more expert in programming and creating viruses or Trojans, όπως ακριβώς υπάρχουν επαγγελματίες IT Security που ειδικεύονται στην δημιουργία signatures για να εντοπίζουν τέτοιου είδους malware και συμμετέχουν στην δημιουργία προϊόντων antivirus/antimalware. Πιθανά να υπάρχουν και άλλοι, που έχουν ειδίκευση στην ταυτοποίηση ευπαθειών στο λογισμικό ή στα λειτουργικά συστήματα. Μπορεί να υπάρχουν και άλλοι, οι οποίοι είναι έμπειροι στην παραβίαση websites ή δικτύων. Αυτός ο κλάδος είναι τόσο ποικιλόμορφος όσο και ο κατάλογος των πιστοποιήσεων ασφαλείας δικτύων, που οι υπεύθυνοι πληροφορικής προσπαθούν να αποκτήσουν για να γίνουν πιο καταρτισμένοι.
What is the solution?
As it has been established, the cost can be relatively low for causing great damage, while the barriers to acting voluntarily have been significantly reduced. From the point of view of an IT administrator, this situation should not lead to resignation, but to search new smart ways of protection. In general, ensuring that all software patches are updated, and keeping abreast of new trends in the industry is an important start. Speaking of trends, make sure you're in touch with the proper authorities in case you fall victim to an attack botnet. Her work Symantec in this area has led to several blows against botnets so far.
It is important for users to be trained so that they know how to protect their data. Network administrators should let them know they should avoid clicking on email left-wing who do not know or avoid opening attachments that they do not recognize. Administrators should also ban "pirated" software and conduct awareness-raising courses to keep users informed.
Editor Note: This information is not provided to help you compare the market or to encourage you to engage in illegal activities but to better understand what IT managers and Administrators. The costing provided is not specifically mentioned, but in the time it is spent on these activities.
