Cybersecurity has become a major concern for businesses and individuals alike. With the increasing amount of sensitive information being stored and shared online, the risk of cyber-attacks has risen dramatically. One trend that has emerged in recent years is the use of “Hacker as a Service” (HaaS). This is where businesses or individuals can hire a professional hacker to perform a variety of tasks, such as testing the security of a website or network or even launching attacks on a competitor’s network. But when is HaaS treading a thin line that is close to opening doors for hackers to execute Cybercrime as a Service?

Logpoint
Logpoint

Award winning SIEM

What is Hacker as a Service? 

In its simplest form, it’s a type of outsourcing for cybersecurity services. Instead of a business hiring a full-time employee or team to handle its cybersecurity needs, it can outsource these tasks to a professional hacker. These hackers can be hired on a contract basis and can perform a wide range of tasks, including penetration testing, vulnerability assessments, and even full-scale cyber-attacks.

Of course, this is exploitable and can be truly risky. Hacking as a Service is typically conducted to improve security and assist organizations in identifying and mitigating vulnerabilities, of course, this also gives some people an option or opening to conduct Cybercrime as a Service which involves the provision of tools and services for illegal activities conducted by malicious actors.

So-Called Benefits of HaaS 

One of the main benefits of HaaS is that it allows businesses to access highly skilled professionals without the need to hire them full-time. This can save a significant amount of money, as well as reduce the risk of hiring the wrong person for the job. HaaS can also provide businesses with access to the latest tools and techniques, which may not be available to them otherwise. Additionally, HaaS can help businesses to identify vulnerabilities in their systems and networks before they can be exploited by malicious actors. 

HaaS uses 'The so-called Good'

One example of HaaS in action is a company hiring a professional hacker to perform a penetration test on its network. The hired hacker can identify several vulnerabilities, which are then fixed before they can be exploited by malicious actors. This is a well-known example of how companies are using Hacker as a Service to secure their systems.  

Another example of using HaaS is hiring a hacker to test the security of mobile apps. The hacker potentially finds several critical vulnerabilities that would allow an attacker to steal sensitive information from the app's users. This highlights the importance of testing the security of mobile apps and how HaaS can be an effective way to do so. 

HaaS uses 'The Bad'

The FBI arrested five people for using hacking-for-hire websites to obtain email account passwords. Two men from Arkansas operated the needapassword.com site and faced up to five years in jail if found guilty of computer fraud. Three other people paid over $23,000 to similar websites outside the US. The FBI worked with police forces in Romania, India, and China, and arrested six other alleged site administrators overseas. The sites charged between $100 and $500 for obtaining passwords.  

When HaaS Becomes Cybercrime as a Service

Cybercrime as a service involves various activities in the attack lifecycle that are aimed at bypassing an organization's security defenses. These activities can be categorized into primary activities directly involved in conducting the attack and secondary activities that support the cybercrime ecosystem.

Primary Activities:

  1. Vulnerability discovery as a Service: This involves using tools to identify potential vulnerabilities in an organization's security network. Hackers may employ network analysis tools like Wireshark or gather information on technologies and software versions used in the network. They can then trade this information on Dark Web cybercrime communities.

  2. Exploitation Development as a Service (EKaaS): In this phase, cybercriminals package an exploit kit that contains the necessary tools and viruses to exploit known technology vulnerabilities. They may also use additional attack payloads to spread the attack. Operational weaknesses, such as fake Wi-Fi networks or spyware, may be set up to compromise the human element before delivering the attack payload.

  3. Exploitation Delivery as a Service (EDaaS): The exploitative packages from EKaaS are delivered to the target systems. This can involve deploying botnets, redirecting traffic, and utilizing bulletproof hosting services in loosely regulated locations to initiate the attack.

  4. Attack as a Service (AaaS): After the attack delivery (EDaaS), the attack avenue on the target system is exposed. The attack aims to leak sensitive information, disrupt target network operations, or monetize the attack through activities like ransomware or denial-of-service attacks.

Secondary Activities:

  1. Operations and lifecycle management: Cybercriminals use services to enable and sell their tools and services to potential buyers. They manage the attack lifecycle to achieve the financial objectives of the Cybercrime as a Service ecosystem while minimizing costs and risks. This includes identifying valuable targets, organizing hackers with relevant services, and managing the distribution of financial proceeds.

  2. Hacker community: Forums provide a platform for the cybercrime community to engage with each other. These communities have some hierarchical organizational structure that allows members to work individually without associating with a specific cybercrime ring. It also reduces the entry barrier for support from fellow hackers.

  3. Marketing and delivery: Digital gains are traded among attackers on Dark Web marketplaces. Attackers may receive benefits in the form of goods, services, cryptocurrency, and technical support that assist them in selling their services.

Defending against Cybercrime as a Service poses challenges due to the thriving cybercrime ecosystems and collaborative support available on the Dark Web. To defend against such activities, it is crucial to recognize the industrialization of cybercrime. Instead of focusing on individual hackers or groups, individuals, corporations, and regulatory authorities need to be prepared to defend against anyone with malicious intent.

Why Some See HaaS as an Option

Hiring a professional hacker on a contract basis, businesses sometimes use this as a way to access the latest tools and techniques and identify vulnerabilities in their systems and networks before they can be exploited by malicious actors. However, it is important to remember that hiring a hacker for illegal activities such as cyber-attacks can lead to severe legal consequences.

It is crucial to use HaaS for ethical hacking and penetration testing only, to help keep your systems secure and protect sensitive information from malicious actors. There are many drawbacks, and it can be a double-edged sword. There is a dark side to HaaS, where hackers can be hired for illegal activities such as cyber-attacks and espionage.  

Furthermore, in some countries, using HaaS for activities may be illegal, and it is important to ensure that all activities are conducted within the bounds of the law. 

Logpoint has the only Converged SIEM that collects, analyzes, and prioritizes security incidents. Get in touch today to book a demo and find out how we can take your cybersecurity to the next level.