Cos'è Crimeware
Che cos'è Crimeware
Crimeware è un termine generico per tutti programmi software dannosi, il cui scopo è facilitare e automatizzare le attività illegali su Internet. Il software criminale può essere un virus, spyware o qualsiasi software dannoso che può essere utilizzato per commettere reati, come:
- furto di dati personali (nomi, numeri di identificazione, ecc.);
- furto di informazioni finanziarie (numeri di carta bancaria);
- furto di segreti commerciali o informazioni riservate per vendita o ricatto / estorsione;
- Furto di elenchi di contatti e indirizzi e-mail per ulteriori trasferimenti o vendite;
Le azioni di cui sopra vengono di solito effettuate al fine di apportare un vantaggio finanziario al distributore di software criminale, anziché limitarsi a creare inconvenienti agli utenti sotto forma di scherzo.
Criminal Software as a Service (Crimeware as a Service or CaaS)
With cloud computing becoming widespread, the phrase "something as a service" has become common indeed. Offers such as Software-as-a-Service (SaaS) allow organizations to use specialized functions without responsibility for maintaining and protecting the infrastructure. This gives a plethora of advantages and makes it easierfor a business to scale and focus on the main business areas, by outsourcing infrastructure maintenance tasks outside of the central business model.
Unfortunately, this model was adopted by cybercrime, so such offers 'as a service' began to appear. Traditionally, a cybercriminal had to have deep computer knowledge and be a jack of all trades. Crimeware as a Service allows you to specialize in a specific narrow area, renting the necessary services from other cybercriminals as necessary. Crimeware as a Service has become an important component of the underground economy. CaaS takes cybercrime to the next level, making it more organized, automated, and accessible to criminals with limited technical skills.
One of the most common types of criminal software is a phishing kit, which is a set of convenient tools that allow people with minimal technical skills to launch phishing sites. Typically, such a kit includes website development software (including graphic files, content) that can be used to create compelling simulations of authorized sites, and spamming software (to automate the mass mailing process).