The Rise and Growth of Malware-as-a-Service


A deep dive into the minds of the hackers and their new and profitable business model.

Imagine you’re part of a group of hackers, and you spend hours upon hours coding the perfect malware package. Then, you and your team successfully hit a few companies with ransomware. Of course, once you collect your ransom, other groups would get their hands on your hard work and try to replicate your success — but your work is done.

But imagine if you could offer your hard work as a service to those other groups for a fee? You’ve now tipped into the world of malware-as-a-service (MaaS).

To understand the present malware crisis, we must get into the minds of the hackers who do the hard work of creating the tools of their trade. The first part of that journey is to recognize that malware is software and software is business. Some of it is brilliant, albeit misguided. And hack-as-a-service? Well, that’s just next-level genius.

The Proof is in the Numbers

As many of us have only just begun our education in cybersecurity, people are still reasonably astonished that hackers came up with a business model to support their “industry.” Why be surprised? After all, this is the same community that figured out how to hack our networks and devices and generate a global security crisis. And proof of their effectiveness is in the numbers.

Four months ago, SonicWall released its widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report with alarming news of the sharp rise in ransomware and other malicious attacks. Unfortunately, news from the third quarter was not much better: ransomware’s rise has not slowed.

Image that explains the rise of ransomware in Europe and North America

This year was already proving to be the most active year for ransomware on record. According to the latest data, activity continues to climb with no sign of slowing down. After posting a groundbreaking 188.9 million ransomware attacks in the second quarter, attacks continued and broke another record of 190.4 million in the third quarter. The total 495.1 million attacks represent a 148% increase over 2020, making 2021 the most costly and dangerous year on record.

Maas Is a Demonstrative Business Model

Many other corporate software companies — Microsoft 365, Google Workspace, Salesforce, to name a few — are available to consumers as a software service; thus, software-as-a-services (SaaS). The business model puts creators in the development and maintenance side of the equation of customizable applications that manage all sorts of tasks.

The arrangement is a big help to organizations that do not have the software skills or willingness to develop their own applications. Similarly, hacker groups with expertise can offer their malware-as-a-service (MaaS) to people who want to make money from hacking, which leads us to “ransomware-as-a-service.” Both labels are apt descriptions of the activities taken by well-known hacker gangs such as Circus Spider, Conti, DarkSide, REvil.

There are dozens of other groups that have franchised their skills to other gangs that have complementary expertise and capabilities in such areas as phishing, social engineering, encryption tools, server power, ransom collection — and they do it all under agreements to share revenues generated from their joint activities.

The fact we can call it a business model at all spells out how lethal the situation has become. With the ransomware crisis still raging on, wannabe attackers of all skill levels can now rise as major global cyberthreat gangs. Anyone with a grudge and enough time on their hands can chase after government agencies, major enterprise networks – and even smaller players like the average home office user.

Maas As a Turnkey Threat Asset

In effect, MaaS is a turnkey threat. And within SonicWall’s latest threat data is another sign of what that could mean: a 73% increase in unique malware variants.

SonicWall used its patented RTDMI™ (Real-Time Deep Memory Inspection) technology embedded in its cloud-based Capture Advanced Threat Protection (ATP) sandbox service to uncover 307,516 never-before-seen malware variants during the first three quarters of 2021. This unsettling discovery means that cybercriminals are releasing an average of 1,126 new malware versions per day.

Dcorativ Imag

The rise in variants points coupled with the increase in activity shows that the “hacker industry” has learned how to rapidly diversify the software they use to attack networks and computers. The result is that businesses, governments and individuals will find it increasingly difficult to protect themselves. Clearly, the combination of security weaknesses demonstrated by previous attacks and the rise of MaaS/RaaS has excited a whole new threat level.

Learning the New Threat Landscape

Considering how quickly the threat landscape has grown this year, network operators of all sizes are in a race against time to get ahead of the crisis with better cybersecurity. Therefore, effective vulnerability management and is the essential core of everyone’s mission.

Here’s your invitation to find out what thought leaders in cybersecurity know about this emerging threat. Explore how cybercriminals are leveraging the software-as-a-service business model to establish a rapidly growing ‘hacker economy.’ This webcast will include insights on new trends, define the MaaS/RaaS business model, and what you can do to protect your business.

Presented by Simon Wikberg, SonicWall Cybersecurity Expert, the webcast will also dive into deep business data behind MaaS and known examples that have been uncovered.

This post is also available in: French German Spanish Italian

SonicWall Staff