Ransomware has emerged as the most pervasive Malware-as-a-Service (MaaS) during the past seven years, according to a new study from the Kaspersky Digital Footprint Intelligence team. Based on analysis of 97 malware families that were disseminated via the dark web and other sites, the study was undertaken. The researchers also discovered that hackers frequently rent infostealers, botnets, loaders, and backdoors to conduct their attacks.
An illegal business concept called malware-as-a-service (MaaS) involves renting out software to commit cyberattacks. Clients of these services are typically provided with a personal account via which they may manage the attack as well as technical support.
Ransomware the most widely used malware-as-a-Service
In order to determine the popular types, Kaspersky's experts assessed the sale quantities of different malware families as well as mentions, debates, posts, and search advertising on the darknet and other sites regarding MaaS. The dominant force turned out to be ransomware, or malicious software that encrypts data and demands payment to decrypt it. Of all the families supplied under the MaaS model between 2015 and 2022, it accounted for 58%. Ransomware's appeal can be ascribed to its capacity to produce greater earnings than other forms of malware in a shorter amount of time.
Ransomware-as-a-service (RaaS) allows cybercriminals to "subscribe" for nothing. They start paying for the service after the attack occurs after they are partners in the programme. A portion of the victim's ransom payment, usually between 10% and 40% of each transaction, determines the payout amount. Entering the programme, meanwhile, is not an easy undertaking because there are strict qualifications.
Infostealers made up 24% of malware families offered as a service throughout the analysed time frame. These are malicious software meant to steal information, including usernames, passwords, banking information, browsing history, data from cryptocurrency wallets, and more.
Subscription-based payment methods are used for infostealer services. The cost per month ranges from 100 to 300 dollars in the United States. For instance, Raccoon Stealer, which was cancelled in the first few days of February 2023, could be purchased for 275 dollars per month or 150 dollars per week. According to information provided on the Darknet by its operators, RedLine's rival charges 150 dollars a month and also offers the chance to buy a lifetime licence for 900 dollars.
Botnets, loaders, and backdoors were found to be present in 18% of malware families offered as services. Since many of these threats share the same objective—uploading and running further malware on the victim's device—they are grouped together as a single threat.
Prevention tips
Kaspersky experts advise the following to safeguard your business from such threats:
- To stop hackers from breaking into your network by taking advantage of vulnerabilities, keep the software updated on all the devices you use.
- Update your systems with fixes as soon as new vulnerabilities are discovered. Threat actors cannot exploit the vulnerability after it has been downloaded.
- To stay informed about the real TTPs employed by threat actors, use the most recent threat intelligence data.
- Investigate an adversary's perception of your company's resources with the aid of Kaspersky Digital Footprint Intelligence to quickly identify any potential attack vectors you may have. This also aids in spreading awareness of the threats that cybercriminals are currently posing so that you can timely alter your defences or implement countermeasures and elimination strategies.