MaaS Chaos. Malware-as-a-Service is Growing.
Everyone who has watched mobster or drug-trade movies has heard the term, "organized crime" or "black market" and understands what it means. Instead of a corner drug dealer or small-time thief working alone, a network of criminals come together (under the radar) to break the law and make money on a large scale.
In the legitimate business world, there's something known as Software-as-a-Service, or SaaS. Here's a definition: A software licensing-and-delivery model in which centrally located and controlled software is made available and licensed/rented on a subscription basis by users. SaaS clients are generally businesses.
Now, organized online crooks have moved into that space and business model too. It didn't take long for that large-scale approach to not only hit the Internet, but to create a lucrative malware business for criminals who are selling viruses and more to anyone who wants it and is willing to pay for it. It's "MBA-like" thinking for the purpose of making money by committing technologically based crimes.
Malware-as-a-Service is the latest term for the business of a network of sophisticated cyber-crooks providing illegal services, for a fee.
MaaS, and more of it.
Malware-as-a-Service is a booming black market service. It isn't simply the malware (a computer virus, etc.) itself for sale...it's an entire system that lets the buyer acquire, implement and cash-in on it.
Think of it as a full-service, cyber-criminal store, a "Virus Depot" if you will—an enterprise that sells you the malware and offers all the other support services (again, for a fee) to make your criminal venture a success.
If you shop in the other departments, you'll also find Attacks-as-a-Service and Fraud-as-a-Service.
My, times have changed.
It looks like the pickpockets and snake-oil salesmen of the past will stay in the past. A lot of crooks are going online now and it's a growing business.
- Cybercriminals can rent malware the way graphic designers can rent software to do graphics
- Malware creators work hard to keep their products fresh and effective, offering new wrinkles to stay ahead of the authorities and create more havoc for legitimate companies
- Every hacker or thief with a grudge or an agenda can peruse the malware menus on the black market to target thousands of unsuspecting victims
It's simply a combination of supply and demand with technological innovations. Why should a small band of thieves limit themselves to a small market when, evidently, there's a lot of money to be made by going big-time and offering their "(mal)wares" to the entire world.
No one really knows how much money these illicit MaaS enterprises are making—they're not printing out annual reports, after all—but some estimates put it in the billions of dollars. After all, once word gets out whose malware service is the best, the buyers will pay for the goods to do bad.
Structured for success.
It takes teamwork to succeed in business, and MaaS enterprises know it. You could view an organization as three different layers of workers coming together to offer their product. Each of these business units can operate independently and sometimes do (hiring out their services), but more often than not, they work together. Here's an overlay of a business structure:
- Vice Presidents: These are very skilled, elite programmers or engineers who write malware, develop exploits and are good at research.
- Assistant VPs: Here are the spammers, botnet owners, distributors and providers of hosted systems. These people are also skilled, but not the cream of the crop. This is where the malware distribution takes place.
- Administrative staff: Here's where the money changers reside, as well as "treasurers" and financial data providers.
Care for a sample?
Here's an example malware in action. The software Java has been one of the most targeted platforms for malicious attacks. In March of 2016, Oracle released an emergency patch to fix a bug that had been exploited by hackers. According to a March 2016 article on ZDNet.com, a technology news website, "if a user running an unpatched version of Java in either their browser or desktop, a single visit to a malicious page can lead to the remote exploitation of their system — without any authentication details such as usernames or passwords."
The dark clouds.
Cloud computing is big enterprise business. It is essentially data storage, data access and analysis by third-party cloud companies. All big businesses are turning to it and so are MaaS enterprises. By doing so, the cyber-crooks make money every time someone leases one of their malware products.
"The biggest cybercrime operations are essentially computer software and services companies, albeit illicit ones," says the 2016 Trustwave Global Security Report, which claims that criminal services sold on the Dark Web even come with the reassurances and terms and conditions you'd expect to see with any other legitimate software product.
According to the report, "Developers create tools that they sell or rent to customers through online black markets, complete with sales, money-back guarantees, and reputation systems to provide customers with assurances that they won't get ripped off."
Still, it's not likely that you'll see any complaints reported to the Better Business Bureau...not when the malware is bringing a lot of illegal dollars to a MaaS client.