Your business data is a valuable asset. The bad news is that it can also be attractive for cybercriminals looking to make some money for themselves. Hackers have even taken to using the ‘as a service’ business model for themselves, with serious consequences for network security. This ‘Phishing-as-a-service’ development is a major threat and has been identified as a significant danger by Microsoft.
The ‘as a service’ business model has been used by hackers before, and ‘Phishing-as-a-service’ isn’t actually new either. The difference between the past and the present is the emergence of ransomware, which is one of the most worrying cyberthreats to plague the IT world. What makes ‘Phishing-as-a-service’ such a threat is that even amateur hackers can get in on the game, using your hard work and your data to make themselves a dirty buck.
‘Phishing-as-a-service’ is an organized business in its own right. Groups, like the Malaysian phishing service named BulletProofLink, sell the tools that hackers need. These products include website templates, hosting, email delivery and credentials theft, all provided as links that are fully unidentifiable. The role of the service provider is to host these on their own servers, and do their clients’ dirty work (such as harvesting credentials) for them. It’s bad enough for a business if these credentials are stolen, but there’s also a market for them on the Dark Web. Buyers can then use them for whatever cybercriminal purposes they choose.
It’s not all good news for the people who buy stolen credentials. There’s no guarantee that they’ll work – they’re taking a gamble on getting credentials that will provide them with opportunities. BulletProofLink sells template access for all kinds of login pages, including Microsoft OneDrive, Dropbox, Google Docs, Adobe and LinkedIn, to name a few. There’s also a service known as ‘double theft’. Here the provider illegally gets hold of credentials for a customer but actually sells them to someone else. This all feeds into the ransomware workflow and the escalating threat of your data being held hostage until you pay out for its de-encryption and return.
Some of the detail in this article may be new to you, and not that easy to get your head around. We’d like you to take this away with you: hackers are ingenious, unscrupulous and some of them are extremely dangerous. Don’t ever underestimate the damage they could inflict on your business.
Cybersecurity is complex and fast-changing. Quikteks can help your business protect itself from hackers and cybercriminals. For more information on cybersecurity for your organization, call us at (973) 882-4644.