For all the back slapping and high fiving that no doubt occurred this past week with the FBI's takedown of the online marketplace for hackers known as Darkode, the troubling news is that there are at least 800 more of these marketplaces out there, and that’s just the ones law enforcement officials know about.
Darkode: In the business of selling malware
Darkode was clearly one of the larger of these online marketplaces. As part of Operation Shrouded Horizon, law enforcement officials around the globe have arrested more than 70 people, including a 27-year old alleged kingpin of malware living in Sweden.
Operating since sometime in 2007, Darkode was a mechanism through which hackers sold botnet access to compromised servers along with other tools of the hacking trade. Access to these compromised systems used to distribute spam ranged anywhere from $50 to $80 per thousand compromised systems. The alleged leader of Darkode, Johan Anders Gudmunds, is also credited with creating malware exploit packages such as CrimePack, Antiklus, and Pandemiya 2014. He is also known for developing botnet malware, called Blazebot, and he controlled and sold access to a Zeus botnet consisting of more than 60,000 systems.
For all the investments made in IT security, cybercriminals are fairly adept at using spear phishing techniques to fool people into downloading a piece of malware. This winds up making a system not only another zombie in global botnet, but also a gateway through which hackers can compromise other systems. For example, an innocent-looking piece of email a parent receives from the school their child attends turns out to be fake. But more often than not the problem doesn’t get discovered until after that end user has already downloaded a malicious piece of malware that was attached to that email.
Lack of effective IT security
Despite all the effort being made to educate end users about these types of attacks, no amount of technology is going to defend human beings from deceit. As a result, there are millions of systems that to one degree or another are infected with malware that has become too sophisticated for anti-virus software to detect.
Naturally, this is leading to frustration in IT security circles. In fact, Dell SecureWorks, the managed security services arm of Dell, in collaboration with The Ponemon Group, recently published a survey of IT and business professionals that suggests that after several years of increased investments in IT security the amount of money in the IT budget being applied to security is now leveling off.
But even after a steady rise in spending, the report finds that only 8.2 percent of the average IT budget is allocated to security. Worse yet from an IT services provider perspective, only 19 percent of the security budget is allocated to managed security services. A big reason for this apparent lack of funding is that many of the IT security technologies being implemented appear to be ineffective.
There’s no doubt that managed security service providers (MSSPs) are now operating in the most interesting of times. The good news is that as cybercriminals become more organized it becomes easier to identify them. The bad news is that, much with like drug cartels, it takes significantly longer for law enforcement to take down a cybercriminal organization than it does for hackers to start one, so it can feel like a losing battle.