Currently there are technologies that allow the use of the Internet as an infrastructure for computer services. A new dimension of services in terms of functionality and features bring with them new dangers when used by computer crime. There are analogies or similarities between them, such as CaaS (Crime as a Service) or better known as Crimeware.
by Osvaldo Callegari*
The resources provided by the Internet such as Cloud Computing allow the agglomeration of several services. Basically, this technology allows you to use computer services using the Internet as an infrastructure. Examples of these types of services are Elastic Compute Cloud (Amazon EC2), Google Apps, and Microsoft Azure
Some of the main advantages of using this technology lie in the ease of use and the saving of time / cost, since the user does not need to implement extra components to his equipment but uses all the resources he needs, depending on the performance, through the Internet.
On the other hand, there are certain acronyms to classify the different services offered through the Internet according to their benefits. Thus, there are services of the type:
* SaaS (Software-as-a-Service), which consists of using programs as if they were services but usable through the Internet. This allows users to have the advantage of not installing programs on their computers but using them directly over the Internet.
* IaaS (Infrastructure-as-a-Service). Generally, they are located within a virtualization scheme that provides the necessary infrastructure to secure storage externally.
* PaaS (Platform-as-a-Service). In this case, the provision of the service involves the use of platforms that allow the development and execution of applications directly on and from the Internet.
However, the benefits found under this technology are also taken advantage of by computer criminals to speed up the automation of the creation of malware and associated threats, thus channeling all those aspects involved in the fraudulent processes of crimeware.
In this way, a new "service" but of a criminal nature began to appear with increasing force: CaaS (Crimeware-as-a-Service, in Spanish, Crimeware as a Service).
Like those mentioned above, CaaS responds to a service model, although this is fraudulent, through which computer criminals access a series of resources that allow the manipulation of harmful programs and perform fraud actions through the Internet, in order to hinder their detection by security companies.
Consequently, new terms emerge that describe the different criminal alternatives which take advantage and base their strategies on migration to the cloud, such as: MaaS (Malware-as-a-Service), which consists of offering the creation and / or manipulation of malicious code online using the Internet as infrastructure.
In this aspect, an example is represented by an online Cripter. This "service" of the MaaS type offers the possibility of subjecting a certain malware to an encryption process. In this way, each copy of the malicious code that spreads will be completely different from the previous one. Below we see a screenshot of this service.
Similarly, the networks of zombie computers (botnets) that provide their control and administration through the HTTP protocol using web applications, are another clear example of how third-party infrastructure is exploited to commit criminal actions, steal sensitive information from users and spread malware from the Internet.
In this case, the computer criminal (botmaster) provides the necessary infrastructure, through a botnet, so that the other actors in the criminal field have them according to their fraudulent needs, avoiding the cost of the necessary resources to, for example, carry out a DDoS attack (Distributed Denial of Service) or spread spam or phishing emails, among others, since the resources of zombies through the Internet are used as an attack platform.
On the other hand, this criminal cycle that is mentioned as an example constitutes a common factor within the criminal scheme offered by crimeware, thus fueling the business that malware currently represents.
Conclusion
It is a fact that the malware industry has joined the concept of providing services through the Internet, in this case fraudulent, changing part of the conventional scheme around the manipulation of malicious programs, since this type of harmful applications are oriented to facilitate services very similar to the legal business model of software as a service (SaaS).
Tools and/or suggestions to increase security
Cryptography: Encryption of files and folders using robust algorithms such as AES-Rijndael, Twofish, RC4, Cast 128, Gost, Diamond 2, Sapphire II and Blowfish.
Steganography: Hide your sensitive data inside harmless or innocent files, such as JPEG, PNG, BMP, HTML, and WAV.
Email Encryption: Enable the creation of packages with encrypted content and send them by email.
Key Manager: Use software to manage keys.
File Shredder: A confidential file shredder that complies with U.S. DoD 5220.22-M standards to ensure proper deletion and deletion.
App Blocker: An application blocker to protect any application installed on your computer.
Transfer of IP passwords to IP: Establish secure password transfer between two computers.
Virtual Keyboard: The virtual keyboard is useful for preventing programs from stealing passwords when you type them.
Encrypted Trash: An ideal place to have highly coded information.-
Real-time update systems: It allows you to keep the tools updated with new versions and or new features.
Encryption new technologies
The process of secretly encrypting messages has been used for centuries in espionage. Data encryption is a process of creating secret message formats for data that is stored in computer files. Within the computer programs there are multiple encryption techniques available for data files. These techniques are commonly known as data encryption algorithms.
Each algorithm has unique advantages and usage patterns based on the type of data and the desired level of protection.
Unencrypted data is information that can be easily read by a computer or person. Data is created on a computer where it is automatically saved in an unencrypted format. This data is saved on computers or file servers and can be easily accessed by would-be hackers on the Internet. Encryption techniques are special processes designed to convert reading data into the equivalent of gibberish (dark and very confusing encryption language).
Encryption patterns and standards are managed by the National Institute of Standards and Technology (NIST). This body verifies and tests again the development of encryption techniques. At present, the Advanced Encryption Standard (AES) is considered one of the most modern of the rules on cryptography. It is designed to support a 256-bit key encryption program.
Public key cryptography is a standard form of encryption that requires special keys to encrypt and decrypt messages. The encryption techniques they use in this encryption are typically considered secure because the data requires two parts to encrypt. Firstly, it requires the correct decoding algorithm and secondly a special encryption key is required to be used with the algorithm.
What makes public key cryptography unique is the requirement for special keys to encrypt and decrypt messages. A public key is used by the encryption algorithm and a private key is used for the decryption algorithm. These types of encryption techniques are difficult to break due to the two-key encryption process.
The complexity of encryption algorithms is based on the physical size of the encryption key. The larger it is, the more complex it can be.
In early versions of encryption that use Standard Data Encryption (DES), only a 56-bit key is supported. These were manipulated and quickly disrupted by hackers.
With AES standards, the possibilities of permutations make deciphering almost impossible.
Blowfish is one of the most complex encryption algorithms currently available today.
It was designed in 1993 by Bruce Schneier. This AES encryption algorithm is based on and supports a 448-bit encryption key. There is currently no known cryptanalysis of the blowfish algorithm. This version is freely available.
On the fly is a method of securing data on a computer storage device in a form that allows information to remain accessible to a verified user, but protected from the unit itself.
The hallmark of an on-the-fly encryption system is that information is read and written while being encrypted, so at no time is all the information stored on the disk protected and encrypted.
In general, a drive that is protected in this way will need to use special system drivers for data access, which means that some type of encryption software on the go is not necessarily portable from one system to another, unless the software is installed earlier. Very often, encryption that is defined as on the go is used in cases where the storage medium is detachable, portable, or otherwise can be accessed or stolen at any point, requiring data to be stored encrypted at all times.
In a security team, data encryption means taking normal files and processing them in a way where the information becomes unreadable and useless to a person who does not have a key or password that can decrypt the data. There are many types of encryption algorithms, some of which have a good amount of time to run on large files. The real-time on-the-fly encryption process uses encryption algorithms to encrypt and decrypt a file that is accessed.
The names and brands mentioned are names and brands of their respective authors, thanks by sources to ESET LA and André Goujon. A Wisegeek Common Questions.
*If you wish, you can write to the author of this article for queries or concerns to [email protected]
