The dark web has become a multibillion-dollar industry. Like in any other sector, cybercriminals constantly innovate, resulting in constant evolution and technology-driven changes in dark web criminal markets. One of the key contributors to this growth is the Cybercrime-as-a-Service (CaaS) sector, which makes it easy for bad actors to launch sophisticated attacks. Many dark web forums offer various CaaS services, and those services are directly responsible for fueling the dark web economy’s growth. Sometimes cybercrime services are provided by hackers who exclusively operate in the shadows, but that’s not always the case. Unfortunately, many businesses are discovering that the cybercriminals they defend against are sometimes a little closer to home.

• What is Cybercrime-as-a-Service:

Cybercrime-as-a-Service is an organized crime model fashioned in the same vein as Software-as-a-Service. Cybercrime practitioners sell their tools, expertise, and services to other individuals or cybercriminal gangs through various online platforms and marketplaces on the internet and the dark web. More and more individuals are choosing to take up CaaS as the potential for profit grows. Some participants are career cybercriminals, but others are malicious employees of legitimate companies looking to make easy money. In 2022, CaaS caused $6 trillion in losses to organizations across industries.

Today, anyone can launch a cyberattack with no required tech skills and a meager startup cost. Common CaaS services in dark web forums include malware creation, exploit kits, malicious bots, phishing kits, and other plug-and-play cyberattack tools. Today, even an amateur cybercriminal can launch a sophisticated attack on a target or hire someone to do it affordably. Due to the vast array of quality ready-made tools and skilled cybercrime labor available on the dark web, organizations are more vulnerable to cyberattacks, both from external sources and due to malicious insider activity, than ever before.

• Cybercrime-as-a-Service operators act as employers:

Extensive CaaS operations essentially operate like legitimate corporations. Most offer their “employees” an array of lucrative benefits, like guaranteed salaries, hiring bonuses, profit sharing, flextime, paid time off, and sick leave, to attract the best talent. Some cybercrime groups even require drug tests. Many organizations also offer their “employees” performance bonuses, promising them a share of the profits for cybercrime operations like a successful ransomware attack or data theft.

People can make a substantial living from ransomware and malware without launching an attack. Developers are in the highest demand in the CaaS industry, accounting for more than 60% of the hiring posts on dark web forums. Those posts listed developer jobs with advertised monthly salaries of up to $20,000. However, the median monthly salary for a developer was around $2000. People with some cybercrime skills and experience are always in demand too. Cyberattack specialists (penetration testers) can make up to $15,000 monthly.

• You don’t need essential tech skills to make significant money:

There are also many other IT jobs available on CaaS forums that require varying degrees of technical expertise, sometimes not much. Cybercrime gangs hire people for roles that do not need excellent technical skills, like web and email designers, data analysts, and IT administrators. Some CaaS providers even have tech support representatives to alleviate buyers’ technical challenges. The median pay for a lower-tier hire ranged between $1,300 and $4,000 per month, with designers receiving the lower amounts and engineers at the higher end.

The list of cybercrime job opportunities is a dark mirror of the legitimate tech world. Hiring is handled in much the same way as in a legitimate business with an interview process, probation period, test projects, and more. However, a person doesn’t have to sign on with a cybercrime gang to make money in the CaaS economy. Plenty of freelancers work on a by-the-job basis doing everything from creating phishing messages to launching ransomware attacks, making it easy for anyone with cash to hire the help needed to launch an attack without building a criminal organization.

• Is cybercrime a second job for one of your users?

As the world sees waves of tech layoffs in today’s challenging economy, there is good reason to believe that some laid-off tech professionals may turn to cybercrime to pay the bills. Some IT professionals that legitimate companies still employ may also be tempted by the money and do a bit of dark web freelancing. Alternatively, a disgruntled employee may turn to the dark web to harm their employer. In the U.S., an estimated three-quarters of businesses have experienced fraud, sabotage, or data theft from a malicious insider.

That can spell disaster for their employers, especially if malicious insiders have or have access to highly privileged user accounts at their legitimate employer’s business (or a former employer’s network). Those employees could choose to sell their company’s data or sell access to their company’s network to make a quick buck. Research by Verizon shows that malicious employees contribute to 20% of data loss incidents, and the attacks that insiders are involved in are, on average, ten times larger than those conducted by external actors. Businesses must take precautions to stop malicious insiders before they get started or face the consequences.

Source: ID Agent