ocial media has revolutionized technology in many ways, and its effect on the cybercrime ecosystem has been no exception. Recently, many cybercrime squads have turned to social media channels to advertise and help improve end user experience. Much like traditional businesses in the technology sector, cybercriminals are turning to platforms such as YouTube and Instagram to engage potential buyers.
Greek Helios, a prolific peddler of DDOS services, illustrates a perfect example of this recent trend. DDOS attacks are defined as when “multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.” Well known on the dark web for his staggeringly effective DDOS tools, Greek Helios also markets and demonstrates his wares on YouTube and Instagram. He also offers a dedicated helpdesk channels via Discord.
Another example can be found in CloudEyE, an Italian company that provided “protection against reverse engineering for different Windows applications” While having a legitimate front and a slick public facing website, it was advertised on underground hacking forms as a way to protect files with “heavy code randomization”. This was used to protect malware from being identified and discovered. CloudEyE utilized social media channels such as YouTube to post demonstration videos for how to abuse Google Drive and OneDrive in order to aid in malware distribution. Their monthly service fee, of course, included helpdesk support. All of this was available for a nominal fee – sometimes as low as $100 a month.
As cybercrime is becoming increasingly organized and structured, the sale of sophisticated tools and infrastructure to the masses for affordable fees cannot be ignored. Blue team defenders need to consider that their threat models will be forever changed by the typically underestimated “Script Kiddie” having easy access to advanced infrastructure for which to launch their attacks.