Malware-as-a-Service: A Growing Business Model for Cybercriminals, According to Darktrace Report

A report released by Darktrace on digital threats for the first half of 2024 reveals that malware-as-a-service (MaaS) has become a significant component of many prevalent cyber threats. This trend is driven by the lucrative subscription model and the low entry barriers of MaaS tools, which allow even less experienced attackers to execute sophisticated attacks.

According to the report, MaaS platforms offer ready-to-use malware that simplifies the process for attackers, making advanced cybercrime accessible regardless of technical expertise. Darktrace predicts that MaaS will continue to be a major factor in the threat landscape due to its adaptability and ability to evade traditional security measures by frequently altering tactics and techniques.

Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, notes that as demand for powerful attack tools grows, the sophistication of MaaS offerings is expected to increase. This presents ongoing challenges for cybersecurity professionals, who must evolve their defense strategies to counteract advanced threats such as adaptive phishing schemes and polymorphic malware.

Persistence of Legacy Malware

The report also highlights that many MaaS tools, including Amadey and Raspberry Robin, continue to use older malware strains effectively. This persistence suggests that many organizations still have significant security gaps. Frank Downs, Senior Director of Proactive Services at BlueVoyant, points out that outdated systems and unpatched software often contribute to these vulnerabilities.

Roger Grimes, Defense Evangelist at KnowBe4, emphasizes that no anti-malware solution is fully effective on its own. Organizations need a multi-layered approach to security to detect and defend against threats effectively.

Rise of Double Extortion in Ransomware

The report reveals that double extortion tactics are increasingly common among ransomware operators. This method involves encrypting a victim’s data and exfiltrating sensitive files with threats of public release if the ransom is not paid. Grimes notes that while the proportion of victims paying ransoms has decreased, those who do pay often face higher demands to protect their stolen data from being misused.

Matthew Corwin, Managing Director at Guidepost Solutions, underscores the importance of implementing robust data loss prevention measures to protect against such attacks.

Exploitation of Edge Devices

Darktrace also found that attackers are exploiting vulnerabilities in edge infrastructure devices such as Ivanti Connect Secure and Palo Alto Networks PAN-OS. Compromising these devices can provide attackers with valuable access to network data and facilitate further malicious activities.

Morgan Wright, Chief Security Advisor at SentinelOne, and KnowBe4’s Grimes both highlight the frequent neglect of patching edge devices, which are often less maintained than servers and workstations. This oversight makes them attractive targets for attackers.

Challenges with DMARC Verification

The report identifies that a significant percentage of emails (62%) are able to bypass DMARC verification checks. DMARC is designed to verify email authenticity but can be circumvented by creating domains that closely mimic well-known brands.

Stephen Kowski, Field CTO at SlashNext, recommends adopting advanced AI-driven anomaly detection and behavioral analysis to enhance email security and address sophisticated phishing attacks that bypass traditional defenses.

Dror Liwer, Co-Founder of Coro, attributes many of these issues to security teams being overwhelmed by numerous disparate tools, which can lead to missed critical alerts. He suggests a more streamlined approach to security management.

In conclusion, Roger Wright questions whether the current investment in cybersecurity is effectively addressing the evolving threat landscape or if resources are being misallocated.

By editor1

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *