Page 273 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 273

What is an example of FaaS? A paying client wanting to perpetrate fraud could find a threat group on the
            dark web and ask them to overbill on their behalf. The malicious service provider would then infiltrate a
            company’s systems and adjust invoices to help them charge for labor they never provided.



            How Does FaaS Work?

            While the specifics of FaaS vary from threat group to threat group, they typically carry out their services
            in three main ways.

            Subscriptions

            In a FaaS subscription model, an organized cybercrime group leases its services to others in exchange
            for recurring payments. It often provides out-of-the-box tools like botnets, malware, hackers or stolen
            information.

            Upfront Fees

            Organized cybercrime groups typically ask for an upfront fee in exchange for their services. It’s ideal for
            resources the client can reuse after paying for them once. However, it also ensures the organization
            receives payment regardless of the fraud attempt’s success.

            Profit Sharing

            Sometimes, cybercrime groups agree to take a cut of the profit from a fraud attempt in exchange for
            smaller upfront fees. This way, they draw in clients and improve their reputation in their community. If
            their first attempt fails, they will likely reattempt until they succeed.

            The Implications of FaaS

            One of the most concerning implications of FaaS is that it lowers the entry barriers for cybercriminality. If
            anyone — even unskilled, unknowledgeable threat actors — can commit fraud, the amount of fraudulent
            activity will rise drastically. About 57% of chief financial officers have noted an increased number of FaaS
            schemes, so it is already happening.

            Another worrying implication revolves around the congregation of cybercriminals. As these organized
            cybercrime groups grow in reputation and stature, it will become easier for highly skilled hackers and
            fraudsters to find each other. Consequently, the severity and impact of their attempts will substantially
            increase.

            Identifying the source of organized fraud will become more challenging as these groups become more
            prominent. How can law enforcement agencies pinpoint perpetrators when they hide behind a global,
            expansive network of hackers and fraudsters? The answer is that they might not — their chances of
            eliminating such vast cybercrime systems may be slim to none.







                                                                                                            273
   268   269   270   271   272   273   274   275   276   277   278