Mpack, Shark 2, Nuclear, WebAttacker, and IcePack are some of the names that are selling hot in the hacking tools marketplace. Cybercrime tools are getting into a business of their own, and the bad news is that the markets are maturing.
A quote from a BBC article:
Malicious hackers had evolved over the last few years and were now selling the tools they used to use to the growing numbers of fledgling cyber thieves.
What is even more interesting is that the tools that get sold come with annual update and service agreements. With the increased frequency of bugs in popular applications, the regular updates make it all the more difficult for security firms to detect the hacking tools.Maturing cybercrime market
Up for sale at the cybercrime markets are individual viruses or whole development kits like the MPack. While a virus costs about $35, a whole kit could fetch up to $1000 for a seller, reports DigitalTrends.
At the same time, the Age reports that:
...As government use of advanced technology increased, there would be an increased risk to online services such as electronic voting and tendering. "Such applications would be attractive targets for groups wishing to disrupt or affect levels of confidence in government and business generally..."
Indeed, with the expansion of enterprises to global levels and with mobile employees operating and collaborating over multiple locations, the threats to data security have also grown exponentially.
Recent research in the U.K. reports that a cybercrime is committed every 10 seconds! (Metro.co.uk). The list of crimes include online harassment, cyberstalking, financial frauds, identity thefts, and PC hacking.
Knowledge is power, and nations are establishing the ideal goals of achieving a full-aware knowledge society. Cybercrimes are one big road block in the path of this global goal. But is cybersecurity being given considerable focus?Security focus
The reason why a market for tools thrives is because there are sufficient vulnerabilities out there that are not patched in time (or not patched at all), and that there are no definite incentives for the vulnerability discovery process. I previously wrote about a swiss security firm that introduced a marketplace for selling vulnerabilities. There are pros and cons to the approach. But it is the attitude of software makers in respect to fixing the issues that is in focus. What is your opinion on the issue of software makers giving sufficient focus to the timely patching of vulnerabilities?