Hacking as a Service: There are many who may not be able to remember the days when the HTML was written entirely by hand, as there are many hackers who can not remember when a exploit has to be built from scratch. The process of hacking has not ceased to be illegal, but seems to have become more user-friendly. By combining this with the increase in the number of transactions made online, it creates a good ground for the growth of the underground economy.
With sophisticated exploit kits, free tools, botnets and hackers for hire, it has become relatively easy to do something that used to only be done by skilled hackers. An illegal marketplace has been created where anyone can buy and sell malware, exploit kits, botnets, credit card information, cards, zero-day ευπάθειες (για τις οποίες κανένα patch δεν είναι διαθέσιμο) για δημοφιλή λειτουργικά συστήματα ή για εφαρμογές καθώς και υπηρεσίες όπως η επίθεση και η καταστροφή ενός website ή η εκτέλεση attacks DDoS. So how does this whole market work?
As Software as a Service (SaaS) turns the way we access applications, so does it Hacking as a Service (Haas) facilitates attackers.
From an economic point of view, the cost needed to hire a hacker is similar to what is required to recruit any other professional. The time that hackers will spend determines their pay, the more time it takes to complete the attack process, the higher their pay will be. A simple DDoS attack or some malicious ones SEO links could cost only $ 100, while RATs like this Blackshades or renting botnet could cost from $ 250 up to $ 500. Full control of a botnet such as Zeus with management and control features can range to $ 20,000.
Since hackers obviously won't wait until their services are requested to seek financial benefits, they usually seek revenue through the sale of exploit toolkits. Initially the sale of toolkits was not that profitable, as once they are bought, downloaded and resold, the profits they can bring to the developers μειώνονται σταδιακά. Το Blackhole toolkit έλυσε αυτό το πρόβλημα, εισάγοντας ένα μοντέλο παροχής υπηρεσιών για updates, με το οποίο ο χρήστης μπορεί να λάβει υποστήριξη, νέα features και νέα zero-day exploits provided the original developer has subscribed. Developers in turn will invest some money in finding and creating new exploits and features in the toolkit. Open source exploit kits such as Metasploit can be downloaded for free.
There are different specialties among them Hackers;
Just like "legal" and ethical hackers and IT/Network security professionals, hackers have specialties. There may be some who are more expert in programming and creating viruses or Trojans, just as there are IT Security professionals who specialize in creating signatures to detect this type of malware and participate in the creation of antivirus/antimalware products. There may be others who specialize in identifying vulnerabilities in software or operating systems. There may be others who are experienced in hacking websites or networks. This industry is as diverse as the list of network security certifications that IT managers strive to acquire to become more proficient.
What is the solution?
It has been found that the cost can be relatively low, causing great damage, while the obstacles have been significantly reduced so that one can act voluntarily. On the part of an IT administrator, this situation should not lead to resignation, but to the search for new smart ways of protection. In general, ensuring that all software patches are updated, and being fully informed of new industry trends are an important principle. When talking about trends, make sure you are in contact with the competent authorities in case you fall victim to an attack botnet. Her work Symantec in this area has led to several blows against botnets so far.
It is important for users to be trained so that they know how to protect their data. Network administrators should let them know they should avoid clicking on email left-wing who do not know or avoid opening attachments that they do not recognize. Administrators should also ban "pirated" software and conduct awareness-raising courses to keep users informed.
Editor Note: This information is not provided to help you compare the market or to encourage you to engage in illegal activities but to better understand what IT managers and Administrators. The costing provided is not specifically mentioned, but in the time it is spent on these activities.
