The operation run by botnet author Peter Levashov demonstrates how easy it is for would-be criminals to get into the business.
So, you want to become a cyber criminal? To get you started, you need two basic things:
- Some kind of malware that you can make money from.
- A ton of email addresses sufficiently large enough to ensure a measurable degree of success.
Don’t have either? Back in 2016 (before he was arrested), Russian national Peter Levashov ran a business selling both. Levashov, who is currently on trial in the U.S. for a two-decade cybercrime spree, used bots to harvest millions of email addresses, selling them for as little as $300 for 1 million addresses.
Now, all you need is some malware and a means to push it out.
According to court documents, Levashov had that too – offering a malware distribution service, Levashov was responsible for helping cybercriminals infect machines with banking Trojans, ransomware, and DDoS attacks.
Need something else to finish off your cybercrime business? Perhaps bulletproof hosting, an exploit kit, or even a money mule? Those crime services are readily available on the dark web for a very reasonable price.
While Levashov is off the market, there have been countless others that have taken his place - mostly running their cybercrime service businesses from Eastern-block countries with no extradition agreements to the U.S.
Anyone today can be a pretty effective cybercriminal for “one low monthly payment” that provides you everything you need. This is part of the reason why the industry is seeing rapid increases in attacks.
With the barrier to entry set so low for those interested in choosing the path of a cybercriminal, it’s impossible to stop the threat of attack and for someone in your organization potentially becoming a victim.
Organizations utilizing Security Awareness Training make their employees ready for any kind of social engineering attack – whether involving email, malicious links, malicious attachments, compromised websites, or any other attack vector. The training educates them on what to watch for, how to respond, and elevates their sense of security overall, lowering the risk of successful attack.