Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service businesses.
Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars.
Cybercrime-as-a-service is a model where adversaries with superior skills build attack tools, like automated bots, to sell to other fraudsters who may not be as technically adept, increasing the opportunity and reach for cybercrime and fraud.
CaaS businesses encourage and enable more people to commit fraud at a volume and velocity that can overwhelm even experienced internal security operation center teams.
CaaS is in part responsible for the 167 percent increase in bot attacks this year, according to Arkose Labs.
The group's CaaS business initially sold fraudsters ready-made, rote solver services for CAPTCHAs, which are the most effective security technology solutions to distinguish malicious bot attacks from genuine human consumers' activities.
Storm-1152 promoted that its solvers could bypass any CAPTCHA, enabling fraudsters to abuse the online environments of Microsoft and enterprises in other industries.
It later pivoted its business model, deploying bots to register phony Microsoft accounts using fictitious usernames and then selling the fake accounts in bulk to other fraudsters so that they could use the accounts for a wide variety of online attacks, like phishing, malware, romance scams, in-product abuse, etc.
Storm-1152 earned millions of dollars through these illicit activities, predicate offenses to financial crimes like money laundering.
The Arkose Cyber Threat Intelligence Research unit first detected Storm-1152 in August 2021, pinpointing its whereabouts in Vietnam.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 14 Dec 2023 09:43:05 +0000