Over the last decade the technology industry has grown by leaps and bounds. Along with this rapid growth, cyber-attacks have evolved in parallel at an alarming rate. Part of this growth can be attributed to the growing number of markets and attack services available to the public.
Today, those who wish to carry out a digital attack do not need to learn about network security or progrmaming. If they are willing to pay they can skip the lines and jump right into the action of clicking buttons and using user friendly portals to carry out their attacks. It’s no longer necessary for an attacker to build their own tools when vendors have made their tools cheap and easy to access.
A main motivation behind the evolution of attack services in the market place is due to financial gains. The profits behind selling tools to entry level attackers has led to the creation of highly popular and easily accessible marketplaces where potential attackers can purchase anything from undisclosed exploits and malware to botnets, bulletproof hosting and a number of other attack services. Price is the only limiting factor of what one can accomplish with limited skills. The more money an attacker has to spend, the more damage he or she can create with little to no experience.
Those with access to limitless funds can buy all the gear, tools and exploits they need to attack even the largest networks. This can be an absolute benefit for an inexperienced attacker, yet in some ways it works against them since they do not know what they are truly doing. They have a better chance for success given what they can purchase, but at the same time they run a greater probability for failure due to their lack of knowledge. An attacker with a limitless budget could not only go on a serious shopping spree but they could also buy some of the best hardware and network power to conduct their attacks.
So, why does this matter? This matters because the entry level for attackers has been lowered. No longer do you have to be a skilled or knowledgeable hacker to take down a network. The more money you have to spend on attack services, the more you can accomplish without prior experience.
Over the next few months I will be writing about different attack services, tools and marketplaces found on the darknet. I will also be writing about how the growth in general users and their demands for an easy to use and powerful tool has resulted in the monetization of the less experienced. This monetization has led to a much lower buy in, allowing more users the ability to access the powerful tools required to knock out large scale networks with almost no experience required.
Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.