Cybercriminals Find It Easier to Attack with Malware-as-a-Service: A Cybersecurity Challenge

Malware-as-a-Service

Rise of Advanced Cyber Threats

Cyber threats are becoming more sophisticated, with attackers using advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and avoid detection. According to Darktrace, subscription-based tools like Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have made it easier for inexperienced attackers to launch complex, multi-stage attacks. These developments highlight the growing importance of the practice of protecting systems, networks, and programs from digital attacks.

Evolving Threat Landscape

The threat landscape is constantly changing, but many new threats are built on existing methods rather than replacing them. Nathaniel Jones, Director of Strategic Threat and Engagement at Darktrace notes that while new types of malware are emerging, many attacks are still carried out by familiar culprits using known techniques and malware variants.

“The ongoing use of MaaS/RaaS models, along with newer threats like Qilin ransomware, highlights the need for adaptive, machine learning-powered security measures to keep up with the rapidly changing threat environment,” Jones added. This underscores the critical nature of the practice of protecting systems, networks, and programs from digital attacks.

The Impact of MaaS on Organizations

MaaS and RaaS continue to play a major role in cybercrime, with tools from groups like Lockbit and Black Basta providing attackers with ready-made malware and phishing templates. These services lower the entry barriers for cybercriminals who lack technical skills.

MaaS is expected to remain a significant threat in the future due to its ability to adapt and change tactics from one campaign to another. To counter these evolving threats, organizations must use AI-driven security measures capable of detecting unusual activities in real time without relying on known tactics, emphasizing the importance of the practice of protecting systems, networks, and programs from digital attacks.

Common Threats and Emerging Risks

From January to June 2024, the most common threats included:

  • Information-stealing malware (29% of early triaged investigations)
  • Trojans (15% of investigated threats)
  • Remote Access Trojans (RATs) (12% of investigated threats)
  • Botnets (6% of investigated threats)
  • Loaders (6% of investigated threats)

The report also highlights the rise of new threats like Qilin ransomware, which uses advanced tactics such as rebooting infected machines in safe mode to bypass security tools, making it difficult for security teams to respond quickly.

Ransomware remains a top concern, with the use of double extortion methods becoming common. Darktrace identified three main ransomware strains affecting customers: Akira, Lockbit, and Black Basta. All three use double extortion techniques, reinforcing the need for the practice of protecting systems, networks, and programs from digital attacks.

Ongoing Threat of Phishing

Phishing remains a significant risk for organizations, with 17.8 million phishing emails detected across Darktrace’s customer base between December 21, 2023, and July 5, 2024. Alarmingly, 62% of these emails bypassed Domain-based Message Authentication, Reporting, and Conformance (DMARC) checks, and 56% passed through all existing security layers.

The report notes that cybercriminals are using more sophisticated tactics to evade traditional security measures, such as leveraging legitimate third-party services like Dropbox and Slack. There’s also an increase in the use of covert command and control (C2) mechanisms, including remote monitoring and management (RMM) tools, tunneling, and proxy services. This trend emphasizes the necessity of the practice of protecting systems, networks, and programs from digital attacks.

Concerns Over Edge Infrastructure Vulnerabilities

Darktrace has seen a rise in the mass exploitation of vulnerabilities in edge infrastructure devices, particularly those related to Ivanti Connect Secure, JetBrains TeamCity, FortiClient Enterprise Management Server, and Palo Alto Networks PAN-OS. These compromises often act as a starting point for further malicious activities.

Organizations must remain vigilant about existing attack trends and Common Vulnerabilities and Exposures (CVEs) since cybercriminals may revert to previously dormant methods to deceive organizations. In 40% of cases investigated by the Threat Research team from January to June, attackers exploited CVEs. This scenario highlights the critical role of the practice of protecting systems, networks, and programs from digital attacks.

👁 Post Views = 58k

Share this post :

Facebook
Twitter
LinkedIn
Pinterest