Criminals in the cloud: How malware-as-a-service is becoming the tool of choice for crooks

Rather than selling their malware as a one-off, virus writers are offering access to the latest exploit kits via on-demand services.
Written by Danny Palmer, Senior Writer

Cybercriminals are increasingly offering malware as a cloud-based on-demand service.

Image: iStock

Everyone is working to a cloud business model now -- even virus writers. Rather than turning a profit just once by selling a security exploit as a one-off, authors of malicious software are now selling malware as a cloud-based service. This means they make money each time someone pays to use or rent one of the products, according to researchers.

"The biggest cybercrime operations are essentially computer software and services companies, albeit illicit ones," says the 2016 Trustwave Global Security Report,which claims that criminal services sold on the 'dark web' even come with the reassurances and terms and conditions you'd expect to see with any other legitimate software product.

"Developers create tools that they sell or rent to customers through online black markets, complete with sales, money-back guarantees, and reputation systems to provide customers with assurances that they won't get ripped off," the report says.

Cybercriminals can now pay fees to rent malware; the developer keeps their 'malware-as-a-service' products up to date with fresh exploits and other tools so that members of the criminal underworld can use them to target thousands of unsuspecting victims.

"In recent years, exploit kit authors have moved to cloud-based kits, mirroring the trend in the legitimate software industry -- in essence, a criminal version of software-as-a-service," the report says in a section on 'exploit kits as a service'.

"Today, most of the major kits use a rental-based business model, wherein customers pay for an account on a server under the kit authors' control and manage their illicit 'campaigns' through an administrative interface," it adds.

"Cybercriminals have been congregating and organizing for years, but 2015 showed a marked increase in the behaviour we would normally associate with legitimate businesses," said Trustwave CEO Robert J. McCullen.

When it comes to the exploits which hackers are targeting, while Java was previously the most targeted platform for malicious attacks, now exploit makers have moved onto other targets; namely Adobe Flash player, which was the biggest exploit target for 2015.

Read more on cybercrime

Editorial standards