Sophos 2023 Threat Report: Cybercrime-as-a-Service on the Rise
The global cybercrime landscape has “reached a new level of commercialization and convenience,” according to the 2023 Threat Report from Sophos. This is occurring due in large part to the expansion of cybercrime-as-a-service.
Cybercrime’s Many Forms
Hackers are increasingly using several forms of cybercrime-as-a-service to attack global organizations, such as:
- Malware-as-a-Service involves the distribution of malware within regions or sectors with watering-hole attacks, crossover with access-as-a-service listings and other vulnerabilities.
- Phishing-as-a-Service enables threat actors to offer services for cloned sites, hosting, emails to bypass spam filters and other types of phishing campaigns.
- Crypting-as-a-Service involves the use of encrypted malware to bypass detection for a one-time purchase or subscription.
- Spamming-as-a-Service refers to infrastructure used to build or manage bulk spamming services through SMS and other mechanisms.
- Access-as-a-Service allows cybercriminals to access compromised accounts and systems in bulk via RDP and VPN credentials, web shells and exploitable vulnerabilities.
In addition, rising demand for credential theft and the evolving economics of cybercrime has driven the growth of ransomware and the “as-a-service” industry, Sophos indicated. Cybercriminals also are using myriad as-a-service options to gain access to organizations’ networks and steal end-users credentials.
Other Notable Cybercrime Trends
Along with the rising use of cybercrime-as-a-service, Sophos’s 2023 Threat Report highlighted the following themes:
- The Impact of the War in Ukraine on Global Cybercrime. There was an increase in financially motivated cyber scams following Russia’s invasion of Ukraine and a “shake-up” of criminal alliances between Russians and Ukrainians.
- Use of “Living Off the Land Binaries” (LOLBins). Cybercriminals exploited legitimate executables and used LOLBins to launch ransomware attacks and other types of cyberattacks. They also leveraged legitimate but vulnerable system drivers to initiate “bring-your-own-driver” attacks to try to shut down endpoint detection and response (EDR) software.
- Mobile Cybercrime and the Use of Fake Apps. Cybercriminals are using iOS and Android mobile devices and fake apps to initiate malware and spyware attacks, along with “pig butchering” cyber fraud schemes.
- Devaluation of Monero Leads to Decline in Cryptomining. Cybercriminals were less prone to crypto mining, as the value of the cryptocurrency Monero has declined. However, cybercriminals still utilized mining malware that spreads through automated “bots” on Windows and Linux systems.
There is no “sure defense” against today’s cyber threats, according to Sophos. To combat cybercrime, organizations must keep pace with current and emerging cyber threats. Furthermore, they can utilize managed security services to protect their networks against these threats.