As the digital landscape undergoes transformation, it is imperative for organizations to remain vigilant in the face of a persistent threat from for-hire hackers.
To safeguard their networks, customers, and financial stability, organizations must comprehend the risks associated with cyber threats and take proactive measures.
Sourcing Hackers for Hire:
Hackers for hire, malevolent individuals who offer their hacking services to carry out cyberattacks on behalf of others or as a paid service, provide a range of offerings. These services encompass malware as a service (MaaS), ransomware as a service (RaaS), phishing as a service (PhaaS), distributed denial of service (DDoS) as a service, and targeted attacks on specific systems or environments.
These nefarious hacker-for-hire services are widely available on the dark web, an unregulated corner of the internet beyond the reach of conventional search engines like Chrome™, Safari®, or Firefox™. The dark web serves as a notorious marketplace for hackers offering services such as MaaS, RaaS, PhaaS, and DDoS attacks. Potential clients can peruse various hackers' offerings on dark web marketplaces and select the services they require.
Payment is typically made using cryptocurrencies, which offer a degree of anonymity to both parties involved. Privacy-centric digital currencies like Monero, Zcash, and AXEL provide the highest level of anonymity, although investigative techniques can still be employed to trace transaction origins.
However, hacker-for-hire services are not limited to the dark web. These services can also be found on social media platforms and messaging apps such as WhatsApp and Telegram, as these apps provide end-to-end encryption for all messages, making them attractive to both hackers and their customers.
Crowe cybersecurity experts conducted an investigation to assess the ease of hiring a hacker, both on the regular internet and the dark web. The study found that DDoS services are the most straightforward to access. A simple search using terms like "IP booter" or "IP stresser," along with advanced techniques for identifying forums and communities that offer these tools, yielded a wealth of information from active sites providing hacker-for-hire services.
DDoS services are often categorized into tiers based on resource usage, application programming interface (API) access, and attack duration. For instance, Tier 1 offers a 300-second attack duration, while Tier 4 extends to 3,600 seconds with access to the developer API (dev API) for use in other applications. DDoS services are accessible and affordable to individuals or groups with disposable income.
To explore more significant hacker-for-hire services such as malware and ransomware, the investigators turned to the dark web, utilizing a specialized browser to search for hubs offering these services. They identified marketplaces, vendors, and individual developers offering custom payloads for customer-specific scenarios.
Some marketplaces provided guaranteed escrow, indicating a level of professionalism and significant resources allocated to market, sell, and purchase these services. The range of offerings included malware, adware, worms, keyloggers, and other custom-developed tools, many of which included developer support for setup and execution.
The researchers also encountered a market on the dark web selling stolen cryptocurrency wallets, offering access to the wallets' private keys in exchange for bitcoin (BTC).
Investigation Results:
The investigation unveiled the disconcerting reality that virtually anyone with internet access can engage the services of hackers, employ their skills, and purchase compromised credentials, wallets, and personal information. These threats demand serious attention, and organizations and individuals should take immediate action to mitigate these potential risks before they materialize.
The services identified in the investigation were tailored based on specific exploitation criteria, the hacker's skill set, and available toolkits. Most of these services were reasonably affordable for individuals with the financial means and motivation to acquire them. The scope of hacker-for-hire services is limited only by the online presence of potential targets, suggesting that anyone can become a target for the right price.
Typical Customers:
A report from the cyberthreat intelligence firm Mandiant identified government-sponsored groups like UNC2589 and APT28 as significant clients for hackers for hire. Government-sponsored groups leverage hackers for hire to carry out espionage, sabotage, or disruptive activities against their adversaries. Corporate entities also resort to hacker-for-hire services to access their competitors' trade secrets, customer financial data, or to launch attacks like DDoS on competitors' websites. Individuals use hacker-for-hire services for personal motives, including revenge or personal gain.
Potential customers do not need to possess an in-depth understanding of cyberattacks; they merely need to provide a target and payment. Hiring a hacker for DDoS services, for example, can be as straightforward as searching for relevant keywords.
Serious Consequences:
Cyberattacks orchestrated by hackers for hire can inflict severe damage on organizations and individuals. In addition to the direct financial costs associated with a breach, organizations experience reputational harm, potentially leading to a loss of revenue as customers lose trust in a compromised business. According to a 2022 report by IBM, 83% of organizations have faced multiple data breaches.
Hackers for hire themselves can also face severe consequences if caught. For instance, in December 2022, the Federal Bureau of Investigation (FBI) seized approximately 48 domains related to DDoS-for-hire services. These domains were operated by six individuals who were subsequently arrested and faced criminal charges. The FBI linked these domains to DDoS attacks on educational organizations, government agencies, and prominent gaming platforms between 2014 and 2022.
Consequences have also befallen hackers offering ransomware as a service (RaaS). In January 2023, the FBI dismantled Hive, a major Russian crime syndicate that had been selling ransomware tools and services to affiliates since spring 2021.
The Importance of Pen Tests:
One of the most effective means for organizations to mitigate the threat posed by hackers for hire is by employing penetration testers (pen testers). These experts evaluate an organization's security by assessing its external internet presence, internal network, websites, applications, and even simulating scenarios like ransomware, malware, and social engineering campaigns.
Pen tests identify vulnerabilities that could be exploited by malicious hackers, enabling organizations to address these issues before they are used against them. Pen tests often reveal specific areas where improvements can be made, including network segmentation, Microsoft Active Directory™ security, and missing security patches on various systems.
Pen tests are a valuable investment for organizations of all sizes, ranging from small businesses like restaurants and banks to large multinational corporations and government entities. Even seemingly insignificant businesses can be targeted by hackers for hire, and the costs associated with a successful breach can be devastating.
Pen Tests and Staying Ahead of Threats:
The proliferation of hackers for hire represents a significant threat to both organizations and individuals. These malicious actors offer an array of services, including malware, ransomware, phishing, and DDoS attacks, and their services are increasingly accessible.
However, organizations can protect themselves by conducting regular pen tests, which identify vulnerabilities in their systems or networks before they can be exploited by malevolent hackers. It is crucial for businesses to regularly assess the security of their environments and services and take proactive steps to enhance their security posture.
