CaaS: A Growing Cyber Threat Trend in 2023

Crime as a Service (CaaS) is a cybercrime model that involves experienced hackers providing customized cyber attack services to individuals or groups that want to target a specific organization or company but lack the resources, skills, or time to do so. In other words, CaaS makes it possible for those with the intent to attack but not the skills to do so to easily launch attacks using a one-stop shop for attack services. For those providing attack services, creating and selling attack products and services can be a simple, quick, and repeatable way to generate ongoing revenue.


CaaS is a growing threat. It was considered one of the biggest cybersecurity issues of 2018, and with the rise of artificial intelligence, machine learning, and cloud computing, it has become an even more powerful tool or target for attackers to improve their attack methods.

CaaS attacks are typically targeted, with specific organization or company objectives. Their primary purpose is to steal data, damage systems, extort ransom, or carry out other malicious activities. Because the attackers launching the attacks are experienced, their attack behavior is highly stealthy and flexible, and they can customize the attack plan, timing, and method according to the needs and objectives of the payer. Additionally, CaaS attacks are highly scalable and replicable. The attackers providing the services have access to ready-made tools and techniques that allow them to launch large-scale attacks quickly.

CaaS has opened up a new Pandora's box of cybercrime threats. Common CaaS threats that are currently being seen internationally include malicious crawling, ransomware, distributed denial of service (DDoS), and phishing attacks.

Ransomware as a Service (RaaS): Both skilled and unskilled attackers can rent ransomware tools and launch attacks. This is one of the reasons ransomware attacks continue to increase.

Attack crowdsourcing: Attackers hold open competitions in the dark web to seek new attack techniques and methods, allowing more attackers to help them improve their research and development processes.

Phishing as a Service: Those who want to become phishing attackers can launch phishing attacks by purchasing a phishing toolkit. This includes the features and tools needed to launch an attack, such as email templates, deceptive website templates, and a clever list of potential targets.

Purchasing distributed denial of service (DDoS): Attackers can cause a target's website, app, or individual service to be unavailable or disrupted for a short period of time, resulting in significant revenue and reputational losses, for a relatively small fee (for example, in Europe, the price for such services ranges from 5 to 500 euros).

CaaS: CaaS Attacks Quietly Rising in China

CaaS threats are quietly emerging in China, starting with ticket scalping services and cheating software sales.

Tickets: Hackers Offer Proxy Ticket Service to the Public

In September 2023, Jay Chou's concert in Tianjin was sold out in less than 30 seconds, with more than 130,000 tickets snapped up. Many Internet users have complained about being unable to secure tickets, while "scalpers" have raised ticket prices to outrageous levels. Some tickets in the first three rows of the infield are said to be selling for 19,800 yuan. Some people even sold tickets for 150,000 yuan, which were originally priced at 2,000 yuan. 2023120703.png In the summer of 2023, museum tickets are popular. Free tickets, which cannot be obtained in official channels, are frequently reported to be obtained by increasing prices or bundling services. This happened at popular museums including the National Museum, Nanjing Museum, Hunan Provincial Museum and Shaanxi History Museum.

By the end of 2020, 53 degrees Feitian Moutai was placed on a large number of e-commerce platforms. At the same time, a large number of "Maotai snatch service" appeared on an online shopping platform, and consumers can buy Maotai liquor through the service for a few hundred yuan.

The so-called snatch service is the attack with the personal information of fans, tourists, consumers to grab tickets, buying behavior. For the same product or service, if A is 1 second faster than B, then A can successfully buy, and B can not buy.

Buyers register, log in, and snap up in batches through cheating tools to quickly, instantaneously, and in batches grab the specified goods or services. These cheating tools have the cracking function, can break through the e-commerce order agreement, bypass the picture verification code, automatically change the IP address, forge the device number and so on. Just fill in the account password, set the running time, you can complete the task of automatic buying.

Tools: Hackers Sell Cheating Tools to the Public

In January 2022, the Dingxiang Defense Cloud Business Security Intelligence Center monitored that the black and gray industry cracked the attendance systems of many insurance companies and also produced cheating tools. Through this tool, insurance company employees can not go to work and do not have to be on duty, and they can also realize "punching in at work", and easily receive full attendance awards.

Buyers purchase the "face spoofing attendance cheating tool" through e-commerce platforms and IM tools, and then log in to the official App of the insurance company. Upload your personal photos and enter your employee ID information. The cheating tool injects false data into the system to deceive the facial recognition and complete the attendance punching. 2023120702.jpg

Security: Using Technology to Protect Against CaaS Attacks

Dingxiang Cloud Security experts have analyzed that CaaS attacks have the following technical characteristics:

CaaS threats typically adopt a modular design, with a large number of attack components or services that can be freely combined as needed. For example, fake accounts and malicious crawlers can both be used as components of CaaS attacks. Massive fake accounts: Registration is a key process for creating an account. Attackers can use technology to automate account registration in batches, registering hundreds or even tens of thousands of accounts to achieve instant large-scale scalping. CaaS threats often use advanced encryption and evasion techniques to avoid detection and interception by security software or organizations. For example, they use second dial tools, jailbreak tools, and emulators to hide their real identities and locations. Quickly spoof IP location: IP addresses are the network information addresses that users use when they are online. Attackers can use second-dial IP tools to automatically call dynamic IP addresses all over the country or even abroad. These tools have functions such as automatic switching, line disconnection and re-dialing, automatic clearing of browser cookies cache, and virtual network card information, which can quickly and seamlessly switch IP addresses in different regions of China and abroad.

Quickly spoof GPS positioning: GPS positioning is the location information of the user when using network services. Attackers can use simulation software or third-party tools to change the latitude and longitude of their location. They can achieve instant "traversal" to any place.

Massively spoof device attributes: Device models, serial numbers, and IMEI numbers are unique. Attackers can use jailbreak tools to hijack device interfaces from the system level. When applications call these interfaces to obtain the parameters of each device, they will get the device attribute information forged by the jailbreak tool. Generally speaking, a jailbreak tool can complete 1,000 device attributes in 2-3 minutes.

CaaS threats often have a high degree of collaboration and sustainability, and can be used to achieve long-term network attack activities through remote control. For example, they use crowd control software to manipulate a large number of accounts to receive instructions, send data, and publish information. Use crowd control to manipulate accounts: Black and gray industries use crowd control to control dozens, hundreds, or even thousands of devices from one computer, for unified registration, login, scalping, and ordering. Crowd control also provides functions such as simulated positioning, shaking, batch importing of contact lists, and message push.

Dingxiang: A Security Solution to Prevent CaaS Attacks

Dingxiang defense cloud business security experts suggest that in addition to the complement of business rules and improve the need for more targeted change business security system, in order to effectively prevent CaaS risk attacks. Device and IP address risk monitoring: Access the IP risk database, match the risks of IP addresses associated with users, identify malicious behaviors such as proxy and second dial IP addresses, and block malicious IP addresses in a timely manner. At the same time, through the device fingerprint recognition technology, judge the legitimacy of the client device, identify whether there is any potential risk such as injection, hook, simulator, and quickly identify illegal behaviors such as machine modification, Root, and jailbreak. It can also further improve risk identification and interception capabilities by monitoring multiple activations of the same device, abnormal IP behavior associated with the device, and abnormal proportion of old device models in the same channel.

Risk account identification and interception: In the user verification process, analyze the verification environment information and token, and discover anomalies and risky operations in a timely manner. The user behavior analysis technology is used to conduct strategic account layout control, and the situation of switching a large number of accounts for order initiation on the same device is implemented to effectively identify and intercept risk accounts.

Data analysis and prediction: Establish a dynamic operation and maintenance mechanism for local lists. Based on registration data, login data, activation data and other information, precipitate and maintain corresponding blacklist and whitelist data, including the blacklist of user ID, mobile phone number, device and other dimensions. At the same time, combined with risk control strategy and business precipitation data, machine learning and data mining technology are used to conduct behavioral modeling, and registration, login, ordering, buying and other behaviors are analyzed and predicted. The output model results can directly support the risk control strategy.

By strengthening the monitoring of devices and IP addresses, identifying and intercepting risk accounts, as well as risk behavior changes based on data analysis and prediction, it can more accurately identify and respond to potential risk factors, and provide users with a safer and more reliable service environment. At the same time, the risk control strategy is updated and optimized in a timely manner to continuously meet the evolving risk situation and needs, and ensure the security of the business.


*shared library hardening,Safeguard sensitive app data,anti-reverse engineering,in-app security,hooking frameworks,Hardening apk,Financial fraud,App shielding,App repackaging and cloning,App Hardening,Android Hardening,Android app security,Android app hardening,Android App Bundle hardening,aab hardening,atbCAPTCHA,bot management,anti-bot Captcha,captcha,anti-bot solution,captcha security,fraud protection,Mobile Authentication,captcha *

Copyright © 2024 AISECURIUS, Inc. All rights reserved
Hi! We are glad to have you here! Before you start visiting our Site, please note that for the best user experience, we use Cookies. By continuing to browse our Site, you consent to the collection, use, and storage of cookies on your device for us and our partners. You can revoke your consent any time in your device browsing settings. Click “Cookies Policy” to check how you can control them through your device.