Platform Criminality Aids Sales of Exploits and IP
- Platform criminality is enabling and incentivising insider threats to sell on corporate IP and potent malware
- Understanding cybercrime platforms is key to disrupting the supply of hacking tools and IP theft
Platform criminality has been reshaping the way in which the security industry thinks about cybercrime. It’s made the sale and purchase of cybercrime tools, expertise and data as easy as shopping online, giving insiders an attractive outlet to sell on corporate IP.
This was demonstrated perfectly last month, when a disgruntled cybersecurity employee attempted to sell a piece of malware for $50 million in cryptocurrency. Dubbed Pegasus, the exploit was developed by NSO Group, which sells some of the most potent malware in the world. It’s used by governments like Mexico and the United Arab Emirates to break into smartphones, with some versions of the tool able to remotely steal data.
The rise of Crimeware as a Service (CaaS)
This is the perfect example of the dangers posed by platform criminality. The cybercrime economy is becoming so huge that the sale of dangerous exploits, as well as the resulting stolen corporate IP, has become inherently easy. The malware the employee was attempting to sell was intended to be used by governments only. Yet the proliferation of cybercrime platforms means that the chances of advanced tools and corporate IP falling into the wrong hands has grown exponentially, enabling any buyer to develop new versions of the malware for illicit purposes.
The cost of crime
During my “Into The Web of Profit” research, I found evidence on dark web marketplaces that purchasing a DDoS attack would set you back as little as $200 per day, while a sophisticated iOS exploit costs around $250,000. This ease of access means that everyone can obtain cyber tools and expertise, meaning anyone can become a cybercriminal. You or I can jump on the dark web and buy a tool that could steal IP, or buy credit card details and treat ourselves to a new laptop.
Considering the financial gain possible, it’s no wonder there is also a huge incentive for malicious actors to sell on corporate IP and software. The ease at which this employee took an exceptionally dangerous tool and offered it to the market is alarming, but shows how platform criminality has evolved cybercrime. We’re now in an age where anything being developed by organisations or nation states could be leaked and disseminated utilising dark web platforms.
On this occasion, the lone actor was caught before the exploit could cause any damage, but often corporate data and tools slip through the net. Just look at how the EternalBlue exploit was used to help carry out ransomware attacks. Or even Stuxnet. It’s easy to see how Pegasus could have become the next big exploit.
Knowledge is key
Situations like this are unlikely to stop. We need to be much more aware of insider threats now that cybercrime platforms are supporting and making the sale of exploits and IP much easier. In the case of NSO it was an iPhone cracking exploit, but it could have also been company secrets or the details the governments they work with and how they operate.
The risk this demonstrates is massive. Law enforcement and the cybersecurity industry need to work together to disrupt these platforms to prevent them from being so lucrative. Key to this is further understanding of how these systems operate. We need a holistic understanding of the entire cybercrime economy where we look at the entire interconnected nature of the platforms, players and users. Without this, our understanding of cybercrime will only ever be partial, meaning exploits like Pegasus will continue to leak to the dark web platforms.
To find out more about platform criminality and how it enables the easy sale and purchase of IP and threats, download the Into the Web of Profit report here.