The Malware-as-a-Service (MaaS) model has become a common feature in the current threat landscape, as ransomware continues its rampage. The 2022 Threat Detection Report by Red Canary states that threat actors are progressively living off the land. The firm analyzed over 30,000 threats across its customer database and has published the following data.
Diving into details
While organizations have improved their backup strategy, ransomware groups are responding by exfiltrating sensitive data and threatening to expose it.
Cybercriminals are still shifting to living-off-the-land attack techniques, i.e. using ubiquitous commercial tools or built-in OS tools.
There has been an increase in the criminal use of Remote Monitoring and Management (RMM) tools.
Impacket—a set of Python classes that offer low-level programming access to packets—made it to the top 10 threats list.
The trend of moving to MaaS has gained momentum as affiliates help malware developers increase their profits while staying hidden from researchers and law enforcement.
Supply chain compromises surged in 2021 and are continuing well into 2022.
Ransomware-as-a-service
Unit 42 has observed at least 56 active RaaS groups, some active since at least 2022.
The RaaS model is minimizing the barrier to entry and broadening the extent and impact of ransomware attacks.
This industry has evolved to now incorporate malware developers, Initial Access Brokers (IABs), and native language speakers for better negotiation handling.
At least five ransomware operations—mostly managed by Russian-speaking hackers—are heavily using IABs. Some of the actors are LockBit, Conti, Darkside, and Avaddon.
The bottom line
The perfect time to start preparing for a cyberattack is before it happens. Hence, organizations are recommended to implement a comprehensive cyber strategy, including good cyber hygiene and security awareness training. The growth of the as-a-service industry is pretty concerning.