Crime-as-a-Service lowers entry barriers to cybercrime world


Europol Cyber Crime Centre (EC3) has sounded the alarm over the rise of the Crime-as-a-Service business model, and how it's lowering the barriers to entry into the world of cybercrime.

According to the organisation's 2014 Internet Organised Crime Threat Assessment (iOCTA), the model allows cybercriminals to develop sophisticated malicious products and services before selling them on to the less experienced to use via the "digital underground" world.

As a result, it's getting easier for less technically-minded criminals to engage with cybercrime, putting companies at even bigger risk.

"In a simplified business model, a cybercriminal's toolkit may include malicious software, supporting infrastructure, stolen personal and financial data and the means to monetise their criminal gains," the report states.

"With every aspect of this toolkit available to purchase or hire as a service, it is relatively easy for cybercrime initiates lacking experience and technical skills to launch cyber attacks not only of a scale highly disproportionate to their ability but for a price similarly disproportionate to the potential damage."

Many of these transactions take place on the "Dark Net", which the report states has fuelled evolution of cybercrime in recent years.

Cecilia Malmstrm, EU commissioner for Home Affairs, said almost anyone can become a cybercriminal these days, thanks to the proliferation of the anonymous and hidden internet.

"This put an even increasingly pressure on law enforcement authorities to keep up," she said.

"We need to use our new knowledge of house organised crime operates online to launch more transactional operations. We need to ensure that investigations into payment card fraud and online child abuse don't stop at national borders," Malmstrm added.

Professor Alan Woodward from the University of Surrey, who co-authored the report, added: "If agencies fail to mobilise to meet the threats highlighted in this report then organised cybercrime will gain the upper hand.

"However, if agencies work together, across borders, then we can use modern technologies to catch criminals, rather giving them a platform for ever more innovative forms of crime."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.