Malware is widely available in an "as-a-service" model on the cybercriminal underground to anyone with criminal intent and a bit of money, says John Shier, senior security adviser at Sophos, who explains exactly how the model works.
"You don't need a lot of know-how, and many of these kits are available with easy-to-use graphical user interfaces or single-line command line scripts, which can be stitched together to launch a cyberattack," he says in an in-depth interview with Information Security Media Group (see: Ransomware Tips: Fighting the Epidemic).
"Malware-as-a-service is a catch-all term for any kind of kit that you can buy that either allows you to create malware or help you deliver malware," Shier says. Some examples are exploit-as-a-service, ransomware-as-a-service and phishing services, among many others (see: Compromised RDP Server Tally From xDedic May Be Higher).
Malware is big business, and the authors have realized they stand to make more money by commoditizing the infrastructure, tools and services, and through affiliate programs, than if they went it alone. The economics of the cybercriminal underground is driving the increasing organization, maturity and collaboration of threat actors, Shier says (see: Fighting 'Cybercrime as a Service').
In this interview (see audio player link below image), Shier provides a detailed rundown of how the malware-as-a-service commodity market works and what practitioners need to know to better protect themselves against this evolving threat (see: The Ransomware Threat After WannaCry and NotPetya). He speaks in detail about:
- How the components of a commoditized malware attack chain work;
- How the cybercriminal underground mimics other business models;
- What practitioners can do to counter the level of maturity and organization of the attackers;
- The evolving trends from the dark web cybercrime market.
Shier is a senior security adviser at Sophos, providing insights into the latest threats as well as advice for how security and IT professionals can best protect their businesses in today's threat landscape. He is a frequent contributing columnist to Naked Security. For the last 15 years, Shier has been a presenter at many security events.