Protection matters

Democratization of cybercrime: Understanding MaaS and Infostealers

6 Minutes reading

The rise of Malware as a Service (MaaS) has lowered the entry barrier for cybercriminals, enabling even those without technical expertise to wreak havoc on unsuspecting victims. But what exactly is MaaS? And how can you protect yourself and your organization against such threats? Let's delve into this topic and explore some proactive measures to strengthen your defenses.

The dark side of "as a service" business model 

In recent years, acronyms ending with “aaS” have become increasingly prevalent, not only in the realm of cybersecurity, but also across various other domains. Some of those we have already written about, including Software as a Service (SaaS) and Platform as a Service (PaaS), or Ransomware as a Service (RaaS) and Phishing as a Service (PhaaS).

Malware as a Service (MaaS) falls under the broader umbrella of Cybercrime as a Service (CaaS) and represents a disconcerting trend in which malicious software is readily available for purchase or to lease, making it possible for virtually anyone to execute a successful cyberattack.

All the “Somethings as a Service”

  • XaaS – Anything as a Service
  • SaaS – Software as a Service
  • HaaS – Hardware as a Service
  • PaaS – Platform as a Service
  • IaaS – Infrastructure as a Service
  • DBaaS – Database as a Service
  • NaaS – Network as a Service
  • STaaS – Storage as a Service
  • CaaS – Cybercrime as a Service
  • RaaS – Ransomware as a Service
  • PhaaS – Phishing as a Service
  • MaaS – Malware as a Service
  • SECaaS – Security as a Service
  • DRaaS – Disaster Recovery as a Service

MaaS operates within a complex ecosystem. At its core, there are the developers, tasked with creating malware that can avoid standard defenses and is easy to deploy. These tools are then peddled by distributors who offer comprehensive packages including certain services, software updates, and support. Finally, there are the customers – a diverse clientele ranging from aspiring criminals to experienced criminal entities.

Popular for ease of deployment and effectiveness: Infostealers

Among the many MaaS types, one category stands out: infostealers. These malicious programs specialize in infiltrating systems and harvesting sensitive data, serving as potent tools for cybercriminals worldwide. In the past few years, infostealers have been gradually becoming more popular among cybercriminals – possibly because they are a simpler weapon than, for instance, ransomware, and can silently exfiltrate valuable information without arousing any suspicion. Likewise, infostealer components can also stand at the core of larger malware threats, such as banking Trojans.

Threats like banking Trojans specifically seek to obtain financial information such as credentials, credit card details, and cryptocurrency wallets. With access to this sensitive data, cybercriminals can engage in a range of illicit activities, including financial fraud, identity theft, and extortion. Banking Trojans are particularly concerning due to their ability to circumvent traditional security measures to directly compromise banking systems, posing significant risks to both individuals and financial institutions.

According to ESET telemetry, cryptostealers grew by more than 68% in H2 2023, due to the rise of a MaaS infostealer called Lumma Stealer.

Infostealers are commonly tailored to attack personal devices of individuals, but that doesn't mean that some threat actors aren't targeting businesses as well. In addition, with hybrid work and bring-your-own-device (BYOD) options available in many companies, the line between personal and work devices – and therefore data – can become blurred.

Being a cybercriminal is affordable – unfortunately

Infostealers are often marketed on underground forums or messaging platforms such as Telegram – and they are surprisingly affordable. The fee can range between $100 and $200 per month or $1,000 for a lifetime subscription. But there are also more expensive varieties. In early 2023, Techradar reported that a new Mac infostealer called Atomic or Amos was being sold online for $1,000 a month. What makes it pricy? It can steal data from over 50 cryptocurrency browser extensions and comes with a MetaMask brute-forcer, a cryptocurrency checker, a dmg installer, and the ability to receive stolen logs on Telegram. This is a clear indication that there is a large market for MaaS, which only motivates the developers to continuously perfect their malicious products.

How can you stay protected?

To mitigate the risks posed by MaaS and infostealers, organizations should adopt a multi-faceted approach to cybersecurity. User education plays a pivotal role in empowering employees to recognize and report suspicious activities while cultivating a culture of cyber-awareness. Education should not be a one-time event but a systematic effort – in the end, it should always pay off, lowering the chance of an incident taking place.

Additionally, regular system updates and robust backups are measures that can help safeguard your data. The consistent application of regular system updates not only ensures that your software remains equipped with the latest security patches and defenses against emerging threats but also bolsters the overall resilience of your digital infrastructure. Similarly, establishing robust backup protocols provides an essential safety net, allowing you to restore critical data in the event of a cyber-incident or system failure, thereby safeguarding against potential data loss and minimizing downtime.

Finally, the deployment of reputable endpoint protection and anti-malware solutions is essential. ESET PROTECT can be your trusted ally in the process of keeping your company safe. Among other assets, this automated all-in-one defense platform provides modern endpoint protection, advanced threat defense, and vulnerability and patch management, focusing not only on solving cyber-threats but also on preventing them from affecting your company in the first place.

In conclusion, the proliferation of MaaS poses a significant challenge to cybersecurity and underscores the importance of proactive prevention and preparedness. Only by understanding the dynamics of cybercrime, staying informed about emerging threats, and implementing effective preventive and defense strategies can organizations navigate the digital landscape with utmost confidence.