A major underground marketplace acting like an eBay for criminals is selling access to more than 70,000 compromised servers allowing buyers to carry out widespread cyber-attacks around the world. It offers access to hacked computers owned by governments, companies and universities in 173 countries. Access goes for as little as $8 for a compromised server pre-equipped with software to mount DoS attacks, spam campaigns, illicit bitcoin mining or compromise online or retail payment systems. Low prices, searchable feature lists that advertise attack capabilities, together with services to protect illicit users from becoming detected attract buyers from entry-level cybercriminals to state-sponsored espionage groups. (Financial Review)
Why cyber security is losing, in a nutshell. What is our answer to such illicit marketplaces? What about our approach is going to change in response to the economically superior approach of our adversaries? Hundreds of thousands of dollars in licenses and appliances and services, or in short: nothing. Cyber security is a racket. It wasn’t intended to be, no one started out to be a war profiteer, but this is where we find ourselves and this is where we’re remain until we can figure out how to compete on price.