Cybercrime-as-a-Service, Ransomware Still on the Rise

Today, cybercrime-as-a-service is a lucrative and growing business model among criminals. Ransomware is still a massive threat to organizations. Demand for stolen credentials continues to grow. These are among the findings of the Sophos’ 2023 Threat Report, which details how the cyberthreat landscape has changed due to an easier barrier of entry for criminal hopefuls.

Threat researchers with Sophos say the expansion is due to the commoditization of “malware-as-a-service” and the sale of stolen credentials and other sensitive data. Today, nearly every aspect of the cybercrime toolkit — from initial infection to ways to avoid detection — is available for purchase on the dark web, say researchers. This thriving business selling what once would have been considered “advanced persistent threat” tools and tactics means any would-be criminal can buy their way into exploitation for profit.

“This isn’t just the usual fare, such as malware, scamming, and phishing kits for sale,” said Sean Gallagher, principal threat researcher at Sophos. “Higher rung cybercriminals are now selling tools and capabilities that once were solely in the hands of some of the most sophisticated attackers as services to other actors.”

As in previous years, one of the more popular as-a-service malware kits is ransomware – which has exploded in popularity among threat actors. Tool kits are now easy to obtain and prove to be highly profitable for criminals. The report also finds ransomware operators are broadening their attack targets to include platforms beyond Windows and are using programming languages like Rust and Go to evade detection. Some groups, such as Lockbit 3.0, are even diversifying their operations and using more sophisticated methods to extort victims.

The growth of ransomware and as-a-service malware has also led to an increased demand for credential theft. Credential theft is still a common method for novice criminals to gain access to underground marketplaces and start their criminal activities. As black market web services have grown, various types of credentials, particularly cookies, can be exploited in a variety of ways to gain greater access to networks, even bypassing multi-factor authentication (MFA).

Look to Managed Detection and Response (MDR) for Defense

As the criminal community widens due to the continuous lowering of barriers to entry for would-be cybercriminals and the commodification of hacking tools, it is critical for organizations to have the tools and strategies in place to detect and neutralize attacks. This becomes a more difficult struggle the longer action is delayed, as bad actors continue to find more intelligent exploit tactics, seeming to always stay a step ahead of IT leaders.

Many IT leaders are turning to Managed Detection and Response (MDR) services to mitigate this struggle. Highly trained MDR defenders can discover and intercept attacks early before targets become the victim of a data breach, ransomware or other compromise, and should be a key component in an organization’s threat defense arsenal.

MDR services offer round-the-clock threat hunting and broaden visibility for better, faster detection and response in an increasingly challenging threat landscape.

For more information on Sophos’ MDR solutions, visit https://www.sophos.com/en-us/products/managed-detection-and-response.