The scene operates like the regular economy and even offers customer support
More and more companies and institutions are falling victim to cybercriminals, who often paralyse entire computer networks and only release them in exchange for a ransom, which is usually high. This has now become a real business model, according to Ayman El Hajjar from the University of Westminster (https://www.westminster.ac.uk/).
Established business model
‘Cybercrime has evolved from individual and uncoordinated attacks by isolated groups into an established business model that generates revenue and mirrors real companies,’ says El Haijar. This model has its own supply chains, partners such as criminals who use malware instead of developing it, and even customer support.
According to the expert, the cybercrime ecosystem now operates on the ‘as-a-service’ model that also characterises legitimate businesses. In this model, they rent a service, such as software, rather than buying it. ‘Criminals have transferred this model to cybercrime,’ says the security expert.
‘In this underground market, hackers sell ready-made malware, rent out botnets, i.e. networks of infected devices, and operate payment platforms. They even go so far as to offer customer support and help pages for criminals who want to use their malware to blackmail companies but don’t know exactly how to do it,’ says El Hajjar.
Cyber gangsters with a purpose
The criminals, known as ‘initial access brokers,’ act as middlemen. They are experienced cybercriminals who break into systems, enable initial access, and offer it as a package for sale to others. The packages often contain stolen data, usernames and passwords, or even direct access to compromised networks. This opens the door for cybercriminals with fewer skills to attack companies.
“This business model will continue to exist. It’s simple economics: everyone involved in this business benefits from it. This includes experienced hackers and malware developers who get their share, brokers who sell bundled services, and hosting and payment platform providers who take their cut. It also includes the criminal accomplices who carry out the attacks and collect their profits,” says El Hajjar.
This makes it a low-risk and profitable business. To make matters worse, society’s attitude towards hackers often glorifies them as brilliant outsiders, and hacking, especially when large companies are the target, is mistakenly viewed as a minor crime. ‘The truth is, however, that a successful business model for cybercrime ultimately jeopardises the entire economy.’ Ransom should therefore never be paid.
