The Rise of Crimeware-as-a-Service
The cybercrime landscape has undergone a remarkable transformation, with the emergence of a new business model that has revolutionized the way malicious actors operate. Dubbed “crimeware-as-a-service,” this trend has effectively commoditized cybercrime infrastructure, lowering the barriers to entry for even novice cybercriminals.
In the past, launching a successful cyberattack required a high degree of technical expertise and resources. Threat actors had to invest significant time and effort into developing their own malware, exploits, and other tools. However, the advent of crimeware-as-a-service has changed the game entirely.
Just as businesses leverage the “as-a-service” model to access innovative tools and advanced capabilities without the need for extensive in-house development, cybercriminals have embraced a similar approach. They now have access to a thriving underground marketplace where they can rent or purchase a wide range of tools and services, including botnets for distributed denial-of-service (DDoS) attacks, malware for ransomware campaigns, and even phishing kits.
This trend has had a profound impact on the cybercrime landscape, as former Defense Criminal Investigative Service agent and cybersecurity professor Thomas S. Hyslip explains: “The cybercrime marketplace has evolved into a managed services industry because it’s more profitable and less risky to sell the tools to commit the crime than to actually perpetrate it.”
Ransomware-as-a-Service: The Poster Child of Crimeware-as-a-Service
One of the most prominent examples of crimeware-as-a-service is Ransomware-as-a-Service (RaaS). RaaS has significantly lowered the barriers for even novice cybercriminals to execute successful cyberattacks. In this model, the ransomware producer offers the RaaS software to “affiliates” who then deploy the exploit to encrypt or hold data hostage. Typically, the malware developer gets a percentage of the ransom paid by the victim organization.
The benefits of this arrangement are twofold: The malware creator can grow their revenues at lower risk, while the buyer can pursue profitable exploits with little to no technical skill or long-term investment. It’s estimated that as many as two-thirds of ransomware attacks are enabled by the RaaS model, and its use is increasing.
The commoditization of ransomware operations has had a profound impact on the cybersecurity landscape. As the UK’s National Cyber Security Centre (NCSC) explains, RaaS groups typically demand approximately 45% of the ransom, but this figure has been dropping rapidly due to the proliferation of groups in the market. This has pushed threat actors to commoditize their extortion and ransomware operations even further, leading them to target a larger number of smaller organizations to net the same profits as before.
The Evolving Threat Landscape: From Phishing Kits to AI-Enabled Crimeware
The commoditization of cybercrime infrastructure extends beyond ransomware. Phishing-as-a-service is also on the rise, with readily available phishing kits that can be deployed with minimal technical expertise. These kits come pre-packaged with the code and resources required to launch phishing attacks, making it easier than ever for bad actors to target unsuspecting victims.
Moreover, as the application of artificial intelligence (AI) for malicious purposes grows, the cybercrime-as-a-service ecosystem is adapting accordingly. Philipp Amann, head of strategy at Europol’s European Cybercrime Centre, warns that “we’ll have AI-for-crime-as-a-service too.” This could include the commoditization of deep fake technologies for creating convincing phishing attempts or the use of machine learning algorithms to bypass CAPTCHA and other security measures.
Defending Against the Commoditization of Cybercrime
The proliferation of crimeware-as-a-service has made it increasingly challenging for organizations to defend against cyberattacks. As the barrier to entry for cybercriminals continues to decline, the number of attacks is expected to surge, and the tactics used will become increasingly sophisticated.
To mitigate the risks posed by this trend, organizations must take a comprehensive approach to cybersecurity. This includes:
-
Improving Cyber Hygiene: Implementing fundamental security practices, such as regular backups, network segmentation, and employee training, can help organizations strengthen their defenses against a wide range of threats.
-
Enhancing Detection and Response Capabilities: Deploying advanced threat detection and response solutions, such as next-generation Security Incident and Event Management (SIEM) platforms and Security Orchestration Automation and Response (SOAR) tools, can enable organizations to quickly identify and respond to ransomware and other malware-based attacks.
-
Leveraging Threat Intelligence: Incorporating threat intelligence into the existing security arsenal can help organizations stay ahead of the curve, anticipating emerging threats and proactively adapting their defenses.
-
Prioritizing and Contextualizing Alerts: Developing a practice for prioritizing and contextualizing security alerts can help organizations efficiently investigate and respond to potential threats, reducing the risk of falling victim to successful attacks.
-
Considering Managed Detection and Response (MDR) Solutions: For organizations with limited security resources, MDR services can provide an effective way to enhance their threat detection and response capabilities without the need for extensive in-house expertise.
As the cybercrime-as-a-service ecosystem continues to evolve, organizations must remain vigilant and proactive in their approach to cybersecurity. By leveraging the right combination of people, processes, and technology, they can better protect themselves from the growing threat of commoditized cybercrime.
Conclusion: Staying Ahead of the Curve
The rise of crimeware-as-a-service has fundamentally transformed the cybercrime landscape, making it easier than ever for even novice cybercriminals to launch sophisticated attacks. From ransomware to phishing and AI-enabled malware, the commoditization of cybercrime infrastructure has far-reaching implications for organizations of all sizes.
To stay ahead of this rapidly evolving threat, organizations must prioritize comprehensive cybersecurity strategies that go beyond traditional approaches. By embracing a multi-layered defense, incorporating the latest threat detection and response capabilities, and leveraging the expertise of managed security service providers, organizations can enhance their resilience and better protect themselves from the growing scourge of commoditized cybercrime.
In the ever-changing world of technology and cybersecurity, it’s crucial for IT professionals and organizations to remain vigilant and proactive in their approach to defending against the malicious actors who seek to exploit the commoditization of cybercrime infrastructure. By staying informed, adapting their strategies, and leveraging the right tools and resources, they can better safeguard their digital assets and maintain the trust of their customers and stakeholders.
