Home » Technology » Hackers are thriving on Malware as a Service: Report

Hackers are thriving on Malware as a Service: Report

malware alert on computer screen

Internet criminals know what service means. A global AI cybersecurity company released a report Tuesday about digital threats in the first half 2024. The report found that the majority of threats used MaaS tools.

The report is by DarktraceBased on data analysis across all of the company’s deployments with customers, the company concluded that MaaS’s growing popularity is due to its lucrative subscription-based revenue, low entry barrier, and high demand.

Report: MaaS allows even novice attackers to launch potentially disruptive attacks.

The report predicts that MaaS is likely to remain a prominent part of the threat environment for the foreseeable future. This persistency highlights the adaptive nature MaaS strains. These strains can change their techniques, tactics and procedures (TTPs), and bypass conventional security tools from one campaign to another.

Callie Guenther is a senior manager of cyber threat research at Critical Start, a leading national cybersecurity company.

She told TechNewsWorld that these MaaS services will introduce new and adaptable attack vectors such as polymorphic malware and advanced phishing scams. These attacks are constantly evolving to avoid detection. The rise of malware as a service represents a transformational challenge in the world cybersecurity. Cybercrime has been democratized and the threat range has increased.

Legacy malware thrives in modern attacks

Darktrace reported that MaaS-related tools like Amadey and Raspberry Robin had been using malware families from years past. This indicates that, while MaaS strains adapt their TTPs to suit a new campaign, some strains are unchanged and continue to be successful. It also said that some security teams are still failing to defend their environments.

Frank Downs Senior Director of proactive Services at BlueVoyantNew York City-based enterprise cybersecurity firm.

He told TechNewsWorld that this could be because of outdated systems, unpatched programs, or the lack of comprehensive security. The persistence of older threats indicates that some organizations are not investing enough in cybersecurity defenses, or failing to follow the best practices for system updates and maintenance.

Roger Grimes, a defense evangelist for KnowBe4Security awareness training provider in Clearwater (Florida) added that the majority of anti-malware software isn’t as good as their vendors claim.

He told TechNewsWorld that organizations need to be aware they can’t rely on malware to detect and remove threats. They need to take action and defend themselves accordingly. “Anti-malware alone won’t save most organizations,” he told TechNewsWorld. “All organizations need multiple defenses at multiple layers in order to detect and defend.”

Double Dipping Digital Desperadoes

A second finding was that “double exortion” is becoming more common among ransomware. Double extortion involves malicious actors not only encrypting their target’s files but also leaking sensitive data with the threat of public publication if ransom money is not paid.

“Double extortion began in November 2019, and within a few short years, this strategy reached levels of over 90% for all ransomware,” Grimes stated.

“It’s popular because, even if victims have a very good backup, they aren’t negating all the risks,” he added.

“The number of victims paying ransom has decreased significantly over the years, but those paying pay much more and many times in order to keep the stolen confidential information from being leaked or used by a subsequent attack by the attacker,” he stated.

Matthew Corwin, managing Director of Guidepost SolutionsData loss prevention programs are even more important for organizations because of the double extortion threat. He told TechNewsWorld that the implementation of DLP for endpoints, cloud assets, and policy enforcement should include data classification and real-time quarantining and alerting.

Attacking the Edge

Darktrace reported that during the first half of the year, malicious actors were still executing mass-exploitations of vulnerabilities in edge devices such as Ivanti Connect Secure and JetBrains TeamCity. Palo Alto Networks PAN-OS.

The report explained that initial compromises can be used by malicious actors as a springboard to carry out further activities such as tooling and network reconnaissance.

Downs explained that by compromising the edge devices, attackers could gain a strategic foothold within the network. They would be able to monitor and intercept traffic as it passed through these points.

He continued: “This means a carefully exploited device on the edge can give attackers access to sensitive corporate data without having to compromise multiple systems within the company.” “This makes the attack more effective, but it also increases its potential impact because edge devices handle significant data flow to and from networks.”

Morgan Wright is the chief security advisor for SentinelOneEndpoint Protection Company in Mountain View (California) added: “Many organisations are probably behind in patching devices that are vulnerable, such as firewalls, VPNs or email gateways.”

He told TechNewsWorld that “it doesn’t help” when there are many critical vulnerabilities. “For attackers, this is the digital equivalent to shooting fish in barrel.”

Grimes from KnowBe agreed that the maintenance of edge infrastructure is often lacking. He said that edge devices are among the least patched devices and software for many years. Most IT shops focus their patching efforts on workstations and servers. Edge devices are more vulnerable to attack and can be exploited because they have less chance of being patched. They also contain admin credentials.

DMARC End Run

Darktrace’s researchers found that, after analyzing 17,8 million emails they also found 62% of them could bypass DMARC checks.

DMARC’s purpose is to verify whether an email is coming from the domain that it claims. However, it does have limitations. Scammers may create domains that look similar to well-known brands and DMARC those. “As long they can get the fake-looking domain past the victims, their email will pass through DMARC check,” Grimes explained.

The alarming statistics of the Darktrace Half Year Threat Report underscore the need for organizations adopt a multilayered approach to email protection, incorporating advanced AI anomaly detection and behavior analysis as a complement to traditional security measures”, added Stephen Kowski. SlashNextPleasanton, California, is home to, a company that specializes in computer and network safety.

TechNewsWorld reported that he said “This holistic approach can help identify sophisticated phishing campaigns which evade DMARC, and other conventional defences.” By continuously monitoring and adjusting to evolving threats patterns, organizations are able to significantly improve their email security posture.

Dror Liwer co-founder CoroThe majority of findings from the report are attributed to the same problem by, a Tel Aviv-based cloud-based security company. Citing a Coro study released earlier this summer, he stated that 73% security teams admitted to missing or ignoring important alerts.

He told TechNewsWorld that “too many disparate and separate tools require maintenance, updates, and constant monitoring,” which leads to security teams focusing on administration rather than protection.

Wright suggested that the findings could point to an even bigger flaw in the industry. “With all the money being spent on cybersecurity and the threats that continue to proliferate, it begs the question — are we spending enough money on cybersecurity, or just spending it in the wrong places?” He asked.