Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Ransomware Operations 'Based on a Culture of Mistrust'

Intel 471 CEO Mark Arena on Bulletproof Hosting, Ransomware-as-a-Service Providers
Mark Arena, CEO, Intel 471

Two cornerstones of the cybercrime ecosystem are bulletproof hosting and ransomware offerings, says Mark Arena, CEO of the security firm Intel 471.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

The most expensive, high-end and sophisticated bulletproof hosting sites feature dedicated data centers, run by and for criminals, he says. "For bulletproof hosting, what people typically mean is: resistant to complaints. So you can send in complaints, if you're the victim of something that's hosted on this hosting provider, and they're going to ignore the complaint."

Previously, such sites were widely used to host banking malware and command-and-control systems. But today, high-end sites are frequently used by ransomware attackers, which again reflects what clients want. "The reality is that ransomware is massively lucrative to cybercriminals of all shapes and sizes, and unfortunately, it's really easy to do and you get millions out of it," Arena says.

Many ransomware-as-a-service operations, he says, now provide their customers - aka affiliates - with access to a dedicated portal where they can generate a ransomware executable and use it to infect users. If a victim pays, the RaaS operator and affiliate share in the profits.

In a recent video interview with Information Security Media Group, Arena discusses:

  • How bulletproof hosting continues to be a cybercrime cornerstone;
  • Ransomware operations: How they are structured and function not like a street gang or Mafia family, but rather as a loose collection of criminals who work together "based on a culture of mistrust";
  • How initial access brokers, network hacking specialists and software-as-a-service ransomware operations work together.

Arena is the CEO and founder of Intel 471. He was previously chief researcher at iSIGHT Partners, now FireEye. Prior to this, Arena worked at the Australian Federal Police as a technical specialist within the high-tech crime operations function and as a software engineer on embedded systems for public transportation systems.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.