Cybercrimes as a service (CaaS) is the new player of digital threats, with cyberattacks no longer limited to professional hackers but have rather become an expanding network of cybercrime marketplaces, making the process easier to spread cybercriminals.
Now, anyone with an internet connection is becoming part of the dark web cybercrime, pressuring the digital landscape and posing unprecedented threats on global cybersecurity.
Cybercrime As a Service
Nowadays, platforms serve unsecure actions as a service offering a wide range of malicious tools and services for any person willing to pay, reducing the obstacles for cybercriminals to issue attacks.
These malicious services include Ransomware-as-a-service (RaaS), in addition to AI scams, and crypto laundering, offered with minimal technical knowledge. Hackers can now rent tools like botnets, stolen data, and sophisticated malware without any coding skills.
“Looking back to the 1990s and early 2000s, you needed to have a reasonable level of technical competence to pull off these types of crimes,” Nicholas Court, assistant director of Interpol’s Financial Crime and Anti-Corruption Centre, tells CNBC.
These types of platforms usually operate on the dark web cybercrime network, which is an illegal part of the internet that uses encryption to shield user identities. According to Chainalysis, the market of such networks is spreading fast and beyond the dark web to reach messaging apps like Telegram into private groups.
The Growing Illegal Market
One of the largest cybercrime marketplaces is Huione Guarantee, a Chinese language platform linked to Huione Group, also referred to as “one-stop shop for nearly every form of cybercrime,” because vendors offer a wide range of services, like crypto money laundering and romance scams and fake investment schemes.
Chainalysis revealed that Huione Guarantee has guaranteed over $70 billion in cryptocurrency transactions, making it the largest illicit online marketplace. The marketplaces also allow attackers to issue AI-powered online scams including deepfake technology that can create realistic fake identities for scamming victims. Such cybercrime services which have AI social engineering attacks, have become more sophisticated and easier to access.
“It has become child’s play to create really convincing fake emails, audio notes, images or videos designed to scam and trick victims,” said Tony Burnside, vice president and head of Asia-Pacific at Netskope, a cloud security company.
Cybercrime as a service’s entry to cyber scene is the easy entry, for example a few hundred dollars can give individual access to stolen data and fake social media profiles and other scams. Therefore, sophisticated scams have emerged including ransomware-as-a-service and crypto laundering.
In 2024, Hong Kong police reported a $25 million fraud where deepfake technology was used to impersonate a company’s chief financial officer (CFO) during a video conference call, deceiving a finance worker into making the transfer.
“The volume of cybercrime is growing so rapidly that law enforcement can’t arrest its way out of the problem,” says Interpol’s Nicholas Court.
Final Thoughts
The efforts put to shut down cybercrime are still ongoing, but the anonymous nature of cybercrime as a service makes the process difficult for police.
As cyberthreats become more sophisticated, companies must invest in AI-powered security systems that are advanced in detecting fraud actions and respond to threads immediately. To fight the spread of cybercrime services, cybersecurity solutions must be strict and fast, or else, people and companies will keep on falling victims to fraudsters, and cybersecurity will fail.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.