Malware-as-a-Service is a booming business

Malware as a Service (MaaS) has become a booming business for cybercrime organizations. The scourge of ransomware is estimated to have cost the world over $ 1 billion in 2020, with attackers using MaaS to target large companies with critical or sensitive assets – what is known in the industry as “big game hunting”.

MaaS has become popular because it is powerful and immediately ready to use. Malware creators handle the development and maintenance of MaaS, encouraging less sophisticated threat actors by eliminating the need for technical exploit writing skills. Similar to the Software as a Service (SaaS) revenue model, MaaS provides access to botnets that distribute malware. The paid service usually includes a personal account where non-technical cybercriminals can control the attack and obtain technical assistance.

Please note: “medium severity” does not mean “medium risk”

MaaS typically targets low to medium severity vulnerabilities that allow attackers to infiltrate underprotected corporate environments. Traditional remediation techniques focus on the “most severe” vulnerabilities first, but risk assessment is more complicated than severity alone – an idea threat actors are now exploiting.

Organizations using the Common Vulnerability Scoring System (CVSS) frequently pursue high severity issues while leaving medium severity vulnerabilities unpatched for extended periods of time. However, Skybox Research Lab found that medium-severity vulnerabilities represented 41% of total vulnerabilities in the world. Attackers know that organizations don’t address all of their weaknesses, so they use “less severe” vulnerabilities to infiltrate networks.

Looking at the volume of new malware samples in 2020, it’s clear that the pandemic has energized criminals: New ransomware samples have increased by 106% year-on-year, and all types of Trojans increased by 128%. Multiple incidents suggest that nation states and international criminal syndicates are turning to MaaS like a cash cow. Historically, MaaS has generally been associated with novice attackers, but more recently North Korea’s Lazarus group would have took advantage of Trickbot’s MaaS to carry out attacks.

Act now: double breach prevention and scalability

Security teams who leave medium-risk vulnerabilities unattended effectively open “checkouts” for threat actors to “steal their stores”. To move forward, organizations must focus on preventing breaches. This can be achieved with three points of focus:

  • Get full visibility of the attack surface: Security teams can’t protect what they can’t see. Obtaining complete visibility of the business environment is the basis of a successful security program. It is essential to mitigate the risks on traditional and hybrid networks spanning physical, virtual and multicloud assets.
  • Understand the level of exposure of each vulnerability: Today, attacks can be simulated before they happen with an offline, contextual model of the network and its security controls. A complete and detailed picture of the attack surface enables security teams to scan for vulnerabilities in highly complex environments. By focusing on exploitable and exposed vulnerabilities, organizations can know how to secure their vulnerable assets.
  • Include up-to-date and accurate information: According to IBM’s Fifth Annual Report on Cyber ​​Resilient Organizations, on average, companies deploy 45 cybersecurity-related tools on their networks. Aggregation and analysis of data from all sources in a single solution is essential for securing modern and complex organizations. By continuously collecting and aggregating security configuration and monitoring data across disparate infrastructure, security teams can follow the path of a potential breach.

With the expanding threat landscape, effective vulnerability management is essential to protect the business. Instead of focusing only on “big threats” with high CVSS scores, security teams can quickly identify and quickly remediate vulnerabilities that are not protected by security controls and most likely to be exploited. By addressing medium-severity risks, security teams will make MaaS less effective and therefore less attractive to amateur and sophisticated threat actors.

Comments are closed.