Ransomware has emerged as the most prevalent form of Malware-as-a-Service (MaaS) over the past seven years.
The data comes from a new report by the Kaspersky Digital Footprint Intelligence team, which analyzed 97 malware families distributed on the dark web and other resources between 2015 and 2022.
In particular, the study revealed that ransomware accounted for 58% of all malware families distributed under the MaaS model in the examined period.
Further, the research found that 24% of malware families sold as a service were infostealers – malware tools designed to allow threat actors to pilfer victims’ sensitive data such as credentials, passwords and banking information.
The remaining 18% consisted of botnets, loaders and backdoors, which are used to upload and run other malware on targeted devices.
“For instance, the price of loader Matanbuchus tends to vary over time,” said Alexander Zabrovsky, digital footprint analyst at Kaspersky.
“This type of malware is more expensive than infostealers; for example, the malicious code itself is more complex, and the operator provides all the infrastructure, meaning the partners don’t have to pay extra for bulletproof hosting services when they use Matanbuchus.”
The study also highlighted the hierarchical structure of the MaaS ecosystem, with cybercriminals working as “operators” and those purchasing the services referred to as “affiliates.”
Affiliates gain access to various components of MaaS, including command-and-control panels, builders and support, enabling them to control and coordinate attacks.
“Cybercriminals actively trade illicit goods and services, including malware and stolen data, over the shadow segments of the internet,” Zabrovsky added. “By understanding how this market is structured, companies can gain insights into the methods and motivations of potential attackers.”
To protect organizations from these threats, Kaspersky experts recommended keeping software updated to prevent exploitation of vulnerabilities, staying informed about current tactics used by threat actors and utilizing tools to identify potential attack vectors.
The Kaspersky report comes weeks after US authorities claimed to have dismantled a popular cybercrime service on the dark web dubbed “Card Checking.”