As information security professionals with over 20+ years in the business, we now see that if a bad actor wants to successfully scam someone online, all these hackers need is to have a basic level of software or networking skills. Everyone now has the tools to enter this lucrative business; albeit in many cases: very illegal. Malicious “phishers” of the past used poor graphics, poor grammar, misspellings and showed signs that English was not their first language. Most often, businesspeople were their targets and many easily saw through the scams, especially if the sender was a “Nigerian Prince.” As an example, many spent years mastering the art of fly fishing. It does not seem fair that you can now be an accomplished “Phisher” without any practice.
Today’s phishing world has changed. For a small fee, inexperienced phishers can buy high-quality phishing tools online through the Dark Web, enabling them to bypass all the difficulties associated with learning how to code, generate graphics, or any of the other steps required to successfully phish someone. Technology is a tool used for good and evil, and new software applications allow nearly anyone to become an accomplished phisher. Unfortunately, we have learned that phishing can lead to the deployment of trojans which can then lead to serious ransomware attacks. A low-level attack can be the segue for much worse problems; such as locking down your servers, private data exposure and having to pay a ransom (hoping the actors provide a legitimate decryption key once the ranso...
Link to the full report: TR-20-091-001-Crime_As_A_Service.pdf
Comments