Crimeware

Crimeware-as-a-Service

Technician using a laptop while working in a server room. Mature man analyzing a code to fix a computer network system while doing maintenance in a datacenter. Engineer updating software on a machine

Arguably, one of the most impactful software trends over the last decade is the ubiquity of software-as-a-service (SaaS) applications. Instead of downloading and storing software on your computer, an outside company hosts the application on their server and allows you to access it at a price. This is a convenient way to utilize popular applications, such as Dropbox, Google Workspace and Salesforce, as well as to connect in real-time with other users. However, as we have previously observed, any positive technological advancement has the potential to be mirrored by threats to privacy.

As SaaS applications have increased in popularity, we have also experienced the rise in CaaS applications, or crimeware-as-a-service. Similar to SaaS, CaaS allows cybercriminals to sell goods to one another in the form of cyber hacking services. A key draw here is the way this model allows nascent attackers to deploy complex attacks without the need for advanced hacking skills, thus creating a lower barrier of entry. The result? More advanced cyberattacks than ever before.

The primary CaaS applications for sale are ransomware-as-a-service (RaaS) attacks. These kinds of attack allow attackers to steal data and charge a fee for its return; the creator of the ransomware will often receive a percentage of what the victim pays to the attacker. This allows ransomware producers to receive income from multiple sources without lifting a finger. Current estimates have roughly 2/3rds of all ransomware attacks originating within the RaaS model. What is more is that these numbers are set to only increase.

How do you defend against CaaS attacks? The answer is simple: continue to invest in strong anti-virus and anti-ransomware protection. Other good practices are to not click on any suspicious links or attachments; it is also a good idea to never use any USB drives that you are unable to verify. By routinely upgrading, updating, and patching your security software, you can also work to avoid any holes or lapses in your protection.