RSS Alerts

Share

More services

Common Assurance Maturity Model (CAMM) Committee Members

Biography:
CAMM is a framework to provide the necessary transparency in attesting the Information Assurance Maturity of a third party (e.g. Cloud provider).

Tag Cloud

David HarleySecurityWiFiCompliancehackingcloudMalwarecloud security

Bloggers

Blog

Crimeware-as-a-Service

There is no doubt that the ingenuity of cyber criminals has always been ahead of the game. In many cases this can leave the less-than-prepared security professional/organisation left playing cat-and-mouse, and open to exploitation, and vulnerabilities.

The opposing side is the world of hackers and cyber criminals who seem to leverage their technological tools to great effect. However, even for fledgling hackers or entrepreneurs seeking to join the ranks of the bad guys/girls, they don’t need to possess the required levels of technological expertise. CaaS (Crimeware-as-a-Service) pulled out of some distant Cloud can provision the necessary tools, be they Viri/Worm Creation Kits, Denial of Service (DoS) applications, or the necessary components and reachable infrastructure to deploy and control a botnet – like all business choices, it depends on just how much money one wishes to invest.

But just how obtainable are such CaaS tools to the average user? And how easy are they to find? In October 2010 some very basic research proved they can be just a mouse click away! Kits were easily located to build a variant of ‘Indra’ Malware, as well as a manifestation of Badboy , providing the user with the power to create their own version to send on to their targets.

Granted these are not examples of cutting-edge malware, but they do however still pose a threat to the unprepared and unsuspecting organisation. As amazing as it may seem, even today there are large organisations who permit access to sites, and allow the download of Malware Construction Kits – and even more worrying, there are still pockets of companies who do not maintain their anti-virus or patches in an up-to-dtate condition.

The element that would seem to be missing at the operational level is that of ‘situational awareness’, where the concerned organisation or business assures it is ‘fully’ tuned into the ‘current’ levels of threat and vectors of attack. Then following through with deploying the necessary mitigations, and where required, compensatory controls. In our current day of extended perimeters of operations and threat levels, nothing less will suffice!

For more information on securing the new emerging World of Cloud, visit www.common-assurance.com.

Prof. John Walker FBCS CITP CISM MFSoc A.IISP ITPC MIoD
Steering Committee Member of the Common Assurance Maturity Model (CAMM)
Member ENISA CEI Listed Experts
ISACA Security Advisory Group
e-victims Advisory Council
CTO of Secure-Bastion

Posted 14/10/2010 by Common Assurance Maturity Model (CAMM) Committee Members

Tagged under:Crimeware-as-a-Service,Hackers,Denial of Service,Worm ,Crimeware,CAMM,Common Assurance Maturity Model,ENISA,Walker,Malware

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012