Malware-as-a-Service (MaaS) is a cybersecurity term referring to malware that is offered by Malware authors and leased to a criminal customer base, generally on a subscription model. It may best be understood in comparison to its legitimate equivalent, software-as-a-service (SaaS), such as commonly used business services like Dropbox, Slack, or Salesforce.
Similar to how legitimate SaaS businesses offer subscription tiers through which their users can access different services and levels of support, MaaS providers also offer subscriptions through which their users can control attacks, download stolen private data, and even contact technical support networks provided by increasingly sophisticated organized crime elements.
How Malware-as-a-Service Works
The rise of malware-as-a-service has enabled organizations that were previously unable to launch cyberattacks now able to do so with little or no technical know-how. Cybercrime and MaaS networks have only grown as viable businesses in recent years, particularly in the developing world, where a combination of factors have made them appealing to a larger number of attackers.
First among these factors is the comparatively low overhead required to maintain a MaaS network, Indeed, requirements are simply a network connection and several computers. Another factor driving the increase in MaaS operations in developing countries is the reluctance of local law enforcement to target them as they tend not to create local victims. Finally, MaaS networks are also a source of foreign currency, which is often worth more than local currencies.
Furthermore, as demand for MaaS has grown, the criminal enterprises that offer them have increasingly mimicked the business practices of much larger, legitimate software companies. This mimicry sees MaaS providers rolling out early beta versions to test new functionalities, offering frequent updates and patches to their customer base, and even providing customer support, some offering 24/7 live support.
The various malware services offered by cybercriminal rings have also become increasingly easy to use, not just for their operators, but for their victims as well. Gandcrab ransomware, for example, was designed to be user-friendly in the hopes that victims would be more likely to pay swiftly for their data to be released.
