• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Intelligence
  • Cybercrime-as-a-Service, the rise of hacking services

Cybercrime-as-a-Service, the rise of hacking services

Pierluigi Paganini August 19, 2013

Security expert Dancho Danchev profiled one of the numerous hacking services offered in the underground highlighting new trends in the cybercrime ecosystem.

With the term attack-as-a-service model is indicated the practice to outsource all the phases of an attack to specialists instead to rent tools and architecture to conduct personally the illegal activities (Malware-as-a-Service). Danchev has recently profiled a newly launched underground service that could allow for cybercriminals to automate the penetration testing process against any target. The providers of the hacking service sustain that using their own exploitation techniques are practically able to compromise any website.

As usual the authors of this service provide an excellent marketing model, they propose a demo for the attack useful to penetrate several vulnerable websites.

The model on sale for service is very attractive, hackers analyze in a first phase the target for a very cheap price (5$) and only in the presence of vulnerabilities they hack it for a price nearly 50$, of course for large architectures to attack the prices soar from $1000 to 50000.

This type of hacking services is an example of unethically pen-testing activity, the criminals seem to not use any automated tool neither Google services to discover vulnerabilities, another singularity is that they do not operate against website and service of their country, a habit already seen in the sale of Kins and Zeus malware.

Following the key features proposed by Danchev in his post:

  • the service offers a demo of the hacking process for several (vulnerable) Web sites
  • the price for scanning a single Web site is $5, and if a scanned Web site can be hacked using the service, the price becomes $50
  • the instructions of the service state that – “We don’t touch our (country’s) Web sites, and our law enforcement doesn’t touch us”
  • the service doesn’t utilize Google for finding vulnerable Web sites on a mass scale, instead it allows the cybercriminal to manually enter the Web site about to get unethically pen-tested
  • even if the service cannot automatically hack into the Web site (based on what the service claims are private techniques for exploitation) the specially displayed output is supposed to increase the probability for a successful compromise
  • the service also offers consultation for hacking into any given Web site, with the prices varying between $1000 to $50,000
  • the service successfully detects Microsoft SQL Server, Oracle, MS Access

Following an image of the profiles hacking service:

hacking services underground

At the moment the impact of the specific service is limited due its actual inability cause widespread damage but the availability of a huge quantity of tools and hacking services represents an alarming reality that is causing a sensible increase in blended, automated attacks.

Recently FireHost Secure cloud hosting company issued Q2 2013 Superfecta report that revealed the concerning growth for automated attacks against web applications.

The same Danchev already profiled other DIY tools such as Google Dorks Web site exploitation tools, brute forcing applications and stealth Apache module for backdoor distribution, the greater the number of these tools on the market and the greater the number of cyber criminals who provide for the complete outsourcing of attacks.

According last McAfee report “Cybercrime-as-a-Service” security experts observed a sensible increase for attack-as-a-service proposal, the study profiled as example Password cracking services and Denial-of-services.

hacking services DDoS

“If the budget allows, a budding cybercriminal can skip the process of conducting research, building appropriate tools, and developing an infrastructure to launch a cyberattack by choosing a service that will outsource the entire process.” the report states.

No doubts that hacking services will catch in the medium term a good portion of the offer for cybercriminals on the underground.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – cybercrime, hacking services)


facebook linkedin twitter

attack-as-a-service brute forcing Cybercrime Cybercrime-as-a-Service Google Dorks Web site exploitation tools Hacking hacking services malware malware-as-a-service penetration testing underground

you might also like

Pierluigi Paganini July 29, 2025
Seychelles Commercial Bank Reported Cybersecurity Incident
Read more
Pierluigi Paganini July 28, 2025
Scattered Spider targets VMware ESXi in using social engineering
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Seychelles Commercial Bank Reported Cybersecurity Incident

    Data Breach / July 29, 2025

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT