The Rise of Cybercrime-as-a-Service Has Major Consequences for Businesses. Here’s Why 

May 12, 2022

What industry, if measured as a country, would have the world’s third-largest economy, after the U.S. and China? If you answered cybercrime, you’re right. Cybersecurity Ventures estimates that cybercrime raked in $6 trillion in 2021. The rise of cybercrime as an industry represents the most significant shift in economic wealth history. The damage inflicted is exponentially greater than the economic damage from natural disasters in a year and more profit-making than the global trade of all illegal drugs. The growing prominence of cybercrime as a service is a critical evolution in the cybercrime landscape. What began as a highly-skilled activity, driven by curiosity and research, has morphed into a shadow economy that attracts motivated young individuals looking for quick and easy money without resorting to traditional criminal activity. 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Cybercrime-as-a-Service is a Smart Business Move 

Savvy bad actors understand the business value in Cybercrime-as-a-Service (CaaS) on the dark web. Just like any other business, hiring specialists and service providers makes good business sense. It is more profitable, faster, easier and a more efficient way to get work done. It’s also less risky for the developers of cybercrime tools like malware or phishing kits. Cybercrime specialists typically sell their services on dark web message boards, Discord servers and Telegram channels, and they’re generally paid in cryptocurrency. Major players in the cybercrime world, from nation-state threat actors to the biggest ransomware outfits are also major players in the cybercrime-as-a-service economy. They’re more than happy to do things like buy software, hire gig workers or contract with affiliates to complete their objectives.  

Most of the requests made on hacker forums are about hacking websites, selling sensitive data, obtaining stolen credentials or gaining access to a corporate resource. Highly skilled specialist cybercriminals advertise themselves on hacker forums showcasing their repertoire of skills. Researchers have determined that 90% of posts on popular dark web forums are from buyers looking to contract someone for hacking services, while 69% of posts were looking for website hacking and 21% looking for bad actors who could obtain specifically targeted user or client databases. You don’t have to be a skilled cybercriminal to make money on the dark web as part of the Cybercrime-as-a-Service economy either. There’s a brisk trade in credentials. A malicious insider can easily sell their access to interested cybercriminals. An average legitimate corporate network credential sells for around $3,000., and legitimate privileged user credentials can go for as much as $120,000.    

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

Malware-as-a-Service, Ransomware-as-a-Service and Phishing-as-a-Service Have Joined the Chat 

While many assume highly skilled programmers are behind ransomware or other malware, many cybercrime groups don’t write their own code; they might not even have personnel on board who know how to write it. Instead, these days malware is commonly packed as plug-and-play software complete with a user manual. An estimated 300,000 thousand new pieces of malware are created daily. Malware as a service (MaaS) and it’s offshoot Ransomware-as-a-Service(RaaS) is a business model that offers the usage of ‘pay-and-use’ malware for conducting cybercrime. Think of it as adopting the ‘software as a service’ revenue model. Malware authors develop and maintain software for customers/buyers, just like any other software company.  

But unlike legitimate companies, they offer access to malicious software. The threat actor that purchases or obtains the malware that MaaS practitioners make can then use it to conduct profitable cyberattacks. Distributing that malware through phishing can also be subbed out or even contracted through a subscription service courtesy of a Phishing-as-a-Service specialist. According to Microsoft researchers, a PhaaS group’s subscription prices vary dependent on a host of factors, but in general, the service can cost about $800 per month. Many of these operators offer what amounts to a one-stop shop for phishing. featuring everything from DIY kits to full-service contracting. 

This model offers a few advantages for bad actors. Unlike other forms of cyberattack, which come with inherent risk, the MaaS business model enables the hackers to scale their earnings from selling the software on the dark web and hopefully avoid dealing with the heat that big cybercrime operations face from the authorities.  Ransomware is another form of malware ‘as a service model’ that has grown into a significant industry in the criminal underworld, worth billions of dollars a year. 

See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>

How to Reduce Your Risk of Trouble from Ransomware-as-a-Service and other Malware-as-a-Service

Cybercrime as a service will most certainly increase in the coming future. If that stays on pace, Cybersecurity Ventures predicts that we’ll see a 15% increase in revenue for cybercrime in the next three years, resulting in a whopping $10.5 trillion by 2025. Therefore, businesses must invest in strong, resilient defensive tools and smart protective measures to protect themselves from trouble. Smart measures to take include security awareness training coupled with robust security policies, anti-phishing solutions and technical controls like adding multifactor authentication. Investing in backup is also essential.  

Resisting Ransomware Starts with Confronting Phishing 

By far, phishing is the most common way ransomware gets going in an organization’s environment, and employees are all too likely to fall prey to phishing tricks. An estimated 60% of employees have opened emails that they were not sure of. Even more worrisome, one in three employees are likely to click on a malicious link and one in eight are likely to share the requested information by bad actors. A lack of cyber security awareness from employees in an evolving cybercrime landscape can lead to a catastrophic outcome. Phishing attacks have become the most rampant form of cyber threat that organizations have faced in recent years. The new world of remote work and cloud-based operations has exposed a plethora of opportunities for hackers to bomb employee inboxes with dangerous messages. It is clear that the first step toward protecting an organization from ransomware is combating phishing. 

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Catch ‘em All with Graphus 

In today’s evolving cybercrime landscape, sophisticated phishing attacks can slip through traditional security systems. But Graphus catches almost all malicious messages. It’s a formidable email security solution at an affordable price. 

  • Provides triple layer protection that keeps phishing attempts at bay. 
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm. 
  • Does not rely on safe sender lists, Graphus does its analysis of the threat. 
  • No delay in incoming and outgoing communication. 
  • Uses more than 50 data points to analyze phishing attempts before sending them to the employees’ inboxes. 

Fight phishing attempts with Graphus. Contact one of our solution specialists today and book a demo. 

Book a demo now! 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus