In recent times, the “E-crime as a service” phenomenon has radically changed the cybercrime landscape, opening the door to “low-skill” criminals.
Thanks to an increasingly accessible ecosystem and the availability of turnkey criminal tools, today even inexperienced actors can launch sophisticated and profitable attacks.
Emerging platforms
Underground forums continue to be crucial reference points for the exchange of illegal tools and information. After the decline of historical platforms such as RaidForums and BreachForums, new spaces such as LeakBase have rapidly taken over.
These forums offer stolen databases, and various ready-to-use services and malware. Alongside these traditional platforms, Telegram channels and Discord groups have become increasingly popular, further simplifying access to illegal tools and technical information.
Cybercrime facilitators
The ease with which operational tools can be found is a significant element in the evolution of cyber threats. For instance, the availability of “stealer logs”, containing credentials stolen by malicious software, on specialised online platforms is cheap.
This data can be exploited to conduct credential stuffing attacks and gain unauthorised access to corporate systems.
Furthermore, the spread of ransomware-as-a-service (RaaS) services has made it easier for individuals with limited technical skills to implement sophisticated attacks.
Through membership models, groups like PlayCrypt make advanced ransomware available for a fee. Such services often include detailed operational guides and ongoing support, contributing to a wider spread of potential malicious activity.
Automated Phishing
Phishing has also undergone a process of industrialisation. Platforms such as EvilProxy and Greatness offer phishing-as-a-service (PhaaS), where, for a modest monthly fee, users can take advantage of advanced tools to create credible and targeted phishing campaigns.
These services include highly realistic fake pages, automated campaign management and advanced features such as multi-factor authentication bypass.
Crypters and builders
Another emerging trend is the widespread use of “crypter” and “builder” tools for malware. These tools allow inexperienced criminals to generate customised malware and make it invisible to antivirus software, paying only a few tens of dollars.
This accessibility makes less experienced criminals even more dangerous, as they can now easily circumvent standard corporate security measures.
Script kiddies
The evolution of the tools available for illicit online activities has contributed to the operation of a new generation of cyber criminals with a basic technical background: “script kiddies”. These are individuals with limited skills who can use pre-existing resources to conduct highly complex attacks.
An example of this is the FunkSec group, active in 2024, which is predominantly composed of inexperienced operators who, using tools based on artificial intelligence, have carried out malicious actions against corporate targets beyond their individual technical capabilities.
The increase in the use of generative artificial intelligence in the Dark Web has accentuated this dynamic, allowing individuals with low skills to automate sophisticated attacks such as targeted phishing, the creation of deepfakes and the development of malicious software, without the need for specific programming knowledge.
In conclusion
The evolution of e-crime as a service is significantly lowering the technical barriers to accessing cybercrime.
This democratisation has led to a substantial increase in attacks, forcing companies to adopt more sophisticated and responsive defence strategies.
Constantly analysing the deep and dark web with Cyber Threat Intelligence and understanding these trends is crucial for cybersecurity professionals, who are called upon to strengthen their defences and constantly monitor the evolution of threats.
Analysis by Vasily Kononov – Threat Intelligence Lead, CYBEROO
