A new study by the Digital Footprint Intelligence team at Kaspersky, where 97 families of malicious software distributed through the dark web were analyzed, reveals that ransomware is the most prevalent type of malware as a service (MaaS) in the last seven years.
The specialists, who examined the sale of families of malware, as well as chats, publications and research announcements in the darkest corners of the Internet, detail that ransomware represents 58% of all MaaS distributed between 2015 and 2022. The ability to generate huge profits in less time than other types of malware is the main reason for its success.
Infostealers represent 24% of MaaS distributed during the period under review. This type of malicious software is designed to steal data such as credentials and passwords, but also card and bank account information, browser history or encrypted wallet data.
The Kaspersky team explains that information theft services are paid for through a subscription model, with the price varying between 92 and 280 euros per month. Attackers can also gain access to additional services for an extra fee.
BUT: Ransomware continues to be a major threat, with over 60% of attacks targeting MPEMs
Botnets, downloaders and backdoors make up 18% of all MaaS identified by researchers, who indicate that this type of threat is often aimed at downloading and executing other malicious software on victims' equipment.
Kaspersky analysts indicate that cybercriminals exploiting MaaS platforms are commonly known as operators. Those who buy these services are known as affiliates.
When closing a deal, affiliates receive access to components such as command and control panels, programs for quickly creating unique samples of malicious software, as well as malware and interface updates, support, instructions and hosting.
Some types of MaaS, such as infostealers, allow affiliates to create their own groups and teams to execute cyberattacks. These groups and teams, which go by the name Traffers, aim to distribute malware in order to increase profits.
As Alexander Zabrovsky, an analyst on Kaspersky's Digital Footprint Intelligence team, points out, understanding how the market for the sale of illicit goods, including malware and stolen data, is structured is one of the key steps to understanding the methods and motivations of cybercriminals, something that can help companies develop effective strategies to prevent cyberattacks.
