The Dark Web’s battle against a digital skills

Source: Vsoftsystems, 19/10/2018

High demand is placing a strain on services already struggling to find
the right talent
For technology driven economies reliant on electronic communication
and secure data storage, cybercrime is a prevailing threat that`s
increasing in frequency and constantly evolving to bypass safeguards.
In 2016 cybercrime broke industry records more than once, with hacks
discovered against Yahoo, LinkedIn and AdultFriendFinder alone
exceeding 2 billion leaked user accounts. Almost two thirds of large
UK businesses have been hit by an attack or data breach in the last
year, according to government statistics and this year we`re likely to
see greater innovation in the use of ransomware and mass exploitation
of our Internet of Things lifestyle.
The changing nature of cybercrime
Recent attacks have demonstrated the nature of rampant `mainstream`
hacking, where individuals use prebuilt systems developed as-a-service
to launch attacks. Users with relatively basic hacking abilities are
now able to carry out criminal activity on a much larger scale. This
evolution of cybercriminality is not only proving a challenge for
industries racing to curb the higher frequency of attacks, but
cybercrime itself is struggling to source enough skilled techies
willing to help build these services.
Security researcher Michael Marriott and his team at Dark Web
monitoring service Digital Shadows have identified a demand surge for
`modern` applications built with ease of use in mind. `You see so many
services today where the UI is so much improved on these criminal
support sites, and the UI is so much better than anything that has
gone in the past,` explains Marriott. `There`s this increasing
professionalisation of these services that people are demanding. There
are lots of support services for cashing out, as well malware and
infrastructure that helps with attacks. They need it to be easier to use.`
Over the last six months, the Digital Shadows team has been monitoring
the emergence of a filtering website called Ripper.cc. The service
uses a look-up database of known `Rippers` -- fraudsters who either
sell poor quality datasets or simply fail to come up with the goods --
and alerts users if they are engaging with a known scammer. The site
provides automated alerts using browser extensions and plugins for
Jabber, a messaging platform that has proven popular for criminal
activity. But due to the complexity of the service and a lack of
skilled coders, development has been severely delayed.
Skills shortage on the Dark Web
`Although there`s all this professionalisation of cybercrime, we have
seen evidence with Ripper.cc that they still find it hard to find good
talent,` says Marriott. `We always go on about it in cybersecurity,
that we struggle to find the right people or we lack the right talent.
But cybercriminals are having the exact same problem. Ripper.cc
couldn`t find enough developers to write the code for one of its
plugins -- it delayed its release because they couldn`t find enough
good people. So although we`re seeing more and more cybercrime and
stuff affiliated with that, they`re still struggling to find the
really high skilled talent.`
Marriott explains that Ripper.cc is a support service that helps
cybercrime function more efficiently by ensuring the market place is
as effective as possible.
`If you can weed out the people who are dishonest, the fraudsters,
then it`ll encourage the high quality vendors to come back to the
market, because the buyers are more confident and they can make more
profit overall,` he says.
`But as you have all these support services with as-a-service
offerings, you get all these people who don`t need that high level of
coding ability. They can just plugin, type in a target address, type
in their own Bitcoin address for ransomware, and go.`
This over-reliance on support services is having a profound impact on
the cybercriminal talent pool. Like wider legitimate industries,
evidence suggests that cybercrime is also suffering from a digital
skills shortage and that the well of skilled talent willing to engage
in illegal activity is drying up.
It`s simply not the case that the Dark Web is a homogeneous entity
with a single guiding principle, explains Marriott, but that there are
in fact similarities with legitimate counterparts in the nurturing and
hiring of talent. Recruitment in the criminal world is surprisingly
similar to any other company, from the use of anonymised Skype
interviews to three-month hacking probationary periods.
Groups do not just want `hackers` -- they need, for example, users
skilled in DDoS tactics with knowledge of SQL injection, or someone
who can speak fluent English and use cross-site scripting. Born out of
frustration with the number of users clogging up forums, `Skids`, or
`Script Kids` has become a widely used term for users with no
discernable skill. Although there are plenty of these Skids about, a
shortage exists when recruitment involves specialist knowledge, such
as cryptology or insider experience of an organisation`s operating system.
Digital skills arms race
Unlike the basement dwelling stereotype, the hacking community is a
big business that bares an uncomfortable resemblance to legitimate
industry. `It seems that in the cybercriminal field, not only are they
highly skilled but also good businessmen running very big industries,`
says Avi Kasztan, CEO of cybersecurity firm Sixgill. `What makes a
difference is that in general they are well organised and have made a
profession from their activity.`
This professionalisation has resulted in a digital skills arms race,
where both domains compete for the same talent from an under-supplied
pool. But the illegality of activities on the Dark Web places even
greater strain on recruitment. Trust is a significant obstacle and it
can be difficult to know who is legitimately looking to hire or offer
their services.
`Mutual trust remains an issue,` says Pieter Antz, malware analyst at
Malwarebytes. `I would imagine that their shortage is even bigger than
that of the regular industry. They need people who will keep on
working for them, even after they find out that what they are doing is
illegal, immoral or both.`
Exploiting the weakness
If the skills shortage continues, malware is likely to evolve at a
slower pace, according to Jerome Segura, lead malware intelligence
analyst at Malwarebytes. `From my perspective I would say there`s a
shortage of exploit writers working in the underground,` says Segura.
`There has been no real improvements in exploit kits since about mid
June of 2016 with the disappearance of some larger players.`
Microsoft recently boasted that Windows 10 is capable of squashing
some bugs on its own, without the need for a specific patch. This,
according to Segura, will make it `more difficult to find new zero
days or exploits that can work reliably` and that `the costs of new
exploits will also go up as fewer individuals will possess the skills
to come up with them`.
To stay ahead in this arms race, organisations need to understand
where individual actors sit within the broader criminal ecosystem,
according to Marriott. `It`s about working out what you represent to
them and having security accordingly - making sure that your resilient
to certain aspects of theft that make the costs of attacking you
hopefully as prohibitive as possible.`