Cybercrime-as-a-service (CaaS): A Growing Threat in the Digital Landscape

In recent years, the threat of cyberattacks has become increasingly sophisticated as defenders strive to make attacks more difficult to succeed. However, with this growing complexity comes a new and evolving business model: Cybercrime-as-a-Service (CaaS). This model offers attackers a subscription-based service that provides them with access to hacking tools, infrastructure, and support needed to execute cybercrime operations.

The concept of CaaS is similar to that of Software as a Service (SaaS), where users can access software applications over the internet instead of installing them locally. In the same way, CaaS makes cybercrime tools accessible through subscriptions, offering attackers the economies of scale they need to increase their chances of success.

According to security vendor Darktrace, malware-as-a-service affected up to 57% of all detected cybercrime campaign activity in the second half of 2024. This alarming statistic highlights the growing prevalence of CaaS operations and the sophistication of modern cyberattacks.

Cybercrime-as-a-Service (CaaS) offers a range of components that can be used to execute cybercrime, including hacking tools that enable attackers to exploit users, infrastructure, and support for successful execution. While traditional CaaS operations are deployed on dark web platforms, some use legitimate cloud services, often using cryptocurrency as payment.

There are various types of CaaS offerings, each with its unique features and functionalities. Some of the most common include:

  • Triple-extortion ransomware: A sophisticated cyberattack that adds a third layer of extortion to traditional ransomware tactics.
  • Supply chain attacks: Attackers target suppliers or third-party vendors to gain access to larger organizations, exploiting weaknesses in the supply chain to cause data breaches.

So why are CaaS operations becoming more prevalent? Several trends are shaping the future of cybercrime, presenting new challenges for cybersecurity professionals. These include:

  • The use of AI in various ways: Cybercriminals are leveraging AI to make attacks more successful, such as through the development of sophisticated ransomware and the exploitation of weaknesses in supply chains.

While CaaS operations do not necessarily present new threats to individuals and organizations, they do represent a significantly increased scale of attacks on existing threat vectors such as DDoS, malware, and social engineering. To combat this growing threat, governments and law enforcement agencies are taking action to disrupt and dismantle CaaS operations.

Key measures include:

  • Collaboration between law enforcement: Working together worldwide is critical in identifying and disrupting CaaS operations.
  • Disrupting cryptocurrency exchanges: Ransomware payments often rely on known cryptocurrency exchanges, which can be tracked and shut down by law enforcement.
  • Enacting policies and regulations: Governments are implementing policies and regulations to limit the profitability of CaaS operations, such as the U.S. CIRCIA Act (2024), which prohibits critical infrastructure operators from paying ransoms.

While there is no single solution to combat the growing threat of cybercrime-as-a-service, understanding this business model and its implications can help individuals and organizations take steps to limit their risk. By staying informed about emerging trends and best practices for cybersecurity, we can all play a role in protecting ourselves and our organizations from these increasingly sophisticated threats.