Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals

The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace.

Subscription-based tools such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have also lowered the barrier-to-entry for less experienced attackers, making it easier to carry out complex, multistage attacks.

“The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have observed the emergence of new malware families, many attacks are carried out by the usual suspects that we have seen over the last few years, still utilizing familiar techniques and malware variants.

“The persistence of MaaS/RaaS service models alongside the emergence of newer threats like Qilin ransomware underscores the continued need for adaptive, machine learning powered, security measures that can keep pace with a rapidly evolving threat landscape.

MaaS continues to pose significant risk for organizations

The findings show that cybercrime-as-a-service continues to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up a significant portion of malicious tools in use by attackers. Cybercrime-as-a-Service groups, such as lockbit and Black Basta, provide attackers with everything from pre-made malware to templates for phishing emails, lowering the barrier to entry for cybercriminals with limited technical knowledge.

It is anticipated that MaaS will remain a prevalent part of the threat landscape for the foreseeable future. This persistence highlights the adaptive nature of MaaS strains, which are capable of changing their TTPs from one campaign to the next and bypassing traditional security tools. Therefore, it is crucial for organizations to leverage AI-driven security measures, that can detect anomalous activity in real time without relying on prior knowledge of specific tactics, and counter sophisticated and evolving MaaS threats.

The most common threats observed from January to June 2024 were:

• Information-stealing malware (29% of early triaged investigations)

• Trojans (15% of investigated threats)

• Remote Access Trojans (RATs) (12% of investigated threats)

• Botnets (6% of investigated threats)

• Loaders (6% of investigated threats)

The report also reveals the emergence of new threats alongside persistent ones. Notably, the rise of Qilin ransomware, which employs refined tactics such as rebooting infected machines in safe mode to bypass security tools and making it more difficult for human security teams to react quickly.