Malware-as-a-Service (MaaS)

Cloud services include offering infrastructure-as-a-service (IaaS), software-as-a-Service (SaaS), platforms-as-a-service (PaaS), containers-as-a-service (CaaS), to name but a few. Ever faster devlopment on fully cloud-based technology stacks. With the “necessary” Artificial Intelligence added of course.

All of these services can and are used by adversaries too, creating opportunities for unskilled adversaries to attack too, and for digital defence companies to charge corporations and organisation exorbitant prices with more products (some of which lock the customer in).

Think of Malware-as-a-Service (MaaS) and the larger Crime-as-a-Service (CaaS or Craas) market as a variation of the Software-as-a-Service (SaaS) business model.

For a reasonable monthly fee, adversaries who do not know how to write their own InfoStealer or Ransomware yet, can simply pay to use one written by an expert. It works similar to legitimate subscription services.

In this business model, developers offer negotiations, cryptocurrency transfers, leak site management, ransomware development, botnets, etc. to multiple affiliates, in trade for cryptocurrency and not running the risk of getting identified and arrested.

We only had to wait for it. Anyone with a few hundred euros worth of cryptocurrency can get started with a few clicks.

Tongue, cheek

Deploy Disaster-Recovery-as-a-Service (DRaaS) to ensure quick recovery in case of an attack.