New Service Lowers Entry Barriers for Cybercriminals

As if the recent advances in malicious software weren’t scary enough, a newer cybercrime-as-a-service group is making it even easier for low-level cybercriminals to engage in large-scale attacks. The Traffic Distribution System (TDS) that they operate has already been implicated in several malware distributions.

Cybersecurity gap

MicroStockHub / iStock / Getty Images Plus / Getty Images

According to the cybersecurity research firm Proofpoint, the anonymous group behind BlackTDS started advertising on the Dark Web in December 2017. They offer services to clients as part of a package they are calling “Cloud TDS.” BlackTDS claims that its Cloud TDS platform handles “social engineering and redirection to exploit kits (EKs) while preventing detection by bots—namely researchers and sandboxes,” and will provide new, reputable domains should the client need them.

What makes BlackTDS interesting is that the malicious actor does not need to have its own server to handle the traffic. This means that low-level cybercriminals, who lack the infrastructure can carry out large-scale malware, ransomware, or other kinds of drive-by attacks.

How the BlackTDS service works

According to Proofpoint “threat actors drive traffic to BlackTDS via spam, malvertising, and other means, set up the malware or EK API (Application Programming Interface) of their choice, and allow the service to handle all other aspects of the malware distribution via drive-by.” These distributions occur either directly, using social engineering to trick the victim into downloading the malware by mimicking a software update or through redirects from domains that may be “typo-squatted,” meaning that visitor mis-typed the Web address, which takes them to a malicious page controlled by BlackTDS. Should you click in the window of one of these pages, the malware would then automatically download.

Moving forward

What the emergence of BlackTDS into the cybercrime-as-a-service space shows is that malicious actors have made EKs relevant again through social engineering. Instead of relying on exploits buried in software code that can be patched, they are now “taking advantage of both existing underlying infrastructure and human fallibility.”

This means that pressure is not only put on IT staff to maintain and repair its business’s hardware and software infrastructure. There is also the need to ensure that every end user in the company with access to hardware and the network is trained to avoid these socially engineered pitfalls.