Understanding Malware as a Service


History of Cyber Crime

Cybercriminals are increasingly embracing a service-based economy.  In the past, a cybercriminal had to be a skilled hacker, able to carry out every aspect of a cyberattack on their own.

Now, cybercriminals will sell and lease their services and tools to one another on the black market.  This means that a cybercriminal could specialize in one area and buy any other services that they require or even have no hacking skills at all and buy everything from skilled hackers.

What is Malware as a Service?

Malware as a Service (MaaS) is an example of one of the services provided as part of the cybercriminal service economy.  Malware as a Service enables anyone to perform a large-scale malware attack with little or no technical knowledge or expertise required.

With Malware as a Service, the customer leases access to a botnet, a set of computers that have been compromised via malware or credential stuffing attacks and forced to do the attacker’s bidding.  This leased botnet is configured to scan the Internet for computers that are vulnerable to exploitation using known vulnerabilities.

After the botnet has identified a vulnerable machine, it exploits the identified vulnerability and uses its access to automatically deliver and install malware on the machine.  Once the malware has been installed, the operator of the botnet gets the intended benefit of the malware, whether stealing sensitive data, installing ransomware, or other attacks

Implications of Malware as a Service

Malware as a Service is a different type of threat than what most people picture when they think of a cyberattack.  Instead of the highly-skilled hacker attempting to break past an organization’s defenses and achieve a particular objective, an automated program running on many compromised machines is searching for computers with a known vulnerability and exploiting them to deliver malware.

This difference in how cyberattacks are performed has a number of different implications. Malware as a Service drives an increase in malware attacks, faster exploitation of targets, and a wider range of potential victims of attacks.

Increase in Malware Attacks

One of the major impacts of Malware as a Service is an increase in the number of malware attacks.  With Malware as a Service, the entire process from identifying potential targets to exploitation to delivering malware is completely automated.

The use of automation makes it possible to identify and exploit a much greater number of targets than would be possible before.  Performing an attack requires no technical knowledge, meaning that many attackers could operate in parallel and the scale of their attacks is limited mainly by the size and availability of botnets.

Faster Exploitation

Malware as a Service uses automation for the majority of the exploitation process.  From identifying a potential target to delivering the malware, there is no human involved in the process.

This makes it much more difficult for an organization to respond effectively to an ongoing attack.  The earlier that a defender can respond to an attack, the less damage and cost incurred by the organization.  With a fully automated attack, there is little opportunity for a defender to detect and respond to an attack before the attacker has achieved their intended objective, such as stealing sensitive data or encrypting the computer with ransomware.

Larger Range of Attack Victims

A common belief among companies is that they are too small to draw the attention of a cybercriminal or that they don’t have anything worth stealing.  With Malware as a Service, this argument no longer applies.

Malware attacks are completely automated using a Malware as a Service botnet.  Bots within the botnet will scan the Internet for computers that are vulnerable to exploitation.  This means that the computers that are most likely to be exploited by a Malware as a Service botnet are the ones that contain vulnerabilities that an attacker could exploit.

This means that, most likely, small businesses will be the most common targets of a Malware as a Service botnet.  Larger enterprises often have the resources and security expertise needed to operate an effective patch management program, meaning that their computers are less likely to be exploitable using the known vulnerabilities that the botnet is targeting.  Smaller businesses, on the other hand, lack these resources and are more likely to be running unpatched – and vulnerable –  computers. A great first step is determining responsibilities within your organization and determining the level of access they will need versus providing everyone with complete access. Checkout our Separation of Duties Matrix. 

Protecting Your Organization Against the Malware Threat

Malware as a Service poses a significant threat to corporate cybersecurity.  The use of a large botnet to automatically deliver malware increases the probability that any exploitable vulnerabilities within an organization’s systems will be taken advantage of by cybercriminals.  Protecting against the threat of Malware as a Service requires strong patch management processes and antivirus installed on all the computer’s systems.

Patch Management

Malware as a Service botnets take advantage of vulnerable computers connected to the Internet.  They scan for computers that are connected to the Internet that contain unpatched vulnerabilities.

One of the most effective methods for protecting against Malware as a Service is to ensure that an organization’s computers do not contain exploitable vulnerabilities.  Having good patch management processes in place minimize the window during which an attacker could potentially exploit them to attack the organization.

Use Strong Antivirus

Malware as a Service botnets are designed to deliver malware to an unpatched, vulnerable computer.  Even if an organization is vulnerable to the initial exploit that delivers the malware, it can still protect itself from the effects of the attack.

Organizations should have a strong antivirus installed on all of its computers and ensure that the antivirus will be scanning and updating regularly.  An antivirus could detect and block the malware delivered by the Malware as a Service botnet, minimizing the impact of the attack.

Managing Malware as a Service

Malware as a Service poses a threat to all organizations.  Unlike the highly-targeted cyberattacks designed to steal sensitive data or money from large organizations, Malware as a Service attacks can target any organization.  The use of automated scanning to identify vulnerable machines and deliver malware means that the organizations that are the most vulnerable to these attacks are the ones with the worst cybersecurity practices.

Implementing strong cybersecurity is essential to protecting against the evolving cyber threat landscape, where the cybercriminal service economy means that attacks are more common and can be performed by less skilled individuals.  If developing a cyber program is new for your organization, our Totem Top 5 is a perfect place to start. At a minimum, implementing strong patch management and deploying an effective antivirus is essential to protecting against the threat of Malware as a Service botnets.

Like this post? Share it!

Get notified when new blogs are published!