Known as Exploits-as-a-Service (EaaS), Trend Micro says that Robopak EaaS takes things that were once only 'script-kiddie-simple' and makes them 'marketing-guy-simple'.
Trend reports that Robopak uses obfuscated Javascript that has to be decrypted in two separate parts in order to work, which the company says is a pretty slick use of the code.
"More seriously, this shows how easy it is to take IaaS cloud technologies and use them to quickly roll out multi-tenant versions of just about any app you can think of. PaaS-like payment APIs help to make it easier to get paid too", says Trend in its latest cloud security blog.
The unnamed researcher goes on to say how s/he was impressed with how Robopak uses metrics similar to that seen on a marketing campaign to track effectiveness. It also, s/he notes, shows that you're getting your hacker-dollars’ worth.
"My personal machine is relatively locked down and I follow best practices like using SSH with a proxy, virtual machines, keeping my Trend Micro Titanium software up to date, and not falling for lame phishing attempts", s/he says.
"Even though I work at Trend Micro, I have no problem using software from whichever security vendor has the highest detection rate - which is why I choose to use our stuff", s/he adds.
The Trend researcher goes on to say that, if the industry does not move to track down cloud-based threats, we are going to see a significant reduction in people's willingness to conduct financial transactions online.
"In a world like that, the winners are large sites like Amazon.com and Best Buy, where people will assume their data is safe (despite the new breach), but the losers will be the tens of thousands of small businesses which make sales online every day", s/he concludes.