https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Malware

Lucrative Malware as a Service Catches Fire for Malicious Hackers

  • Written by Brien Posey
  • May 12, 2020
Criminals with computer skills have plenty of incentive to offer their wares as a service.

During the last several years, software as a service (SaaS) has become the norm — and that goes for malware software, too. In fact, bad actors increasingly are using malware as a service.

When examined from an economic perspective, this trend makes perfect sense. Being able to lease malware gives wannabe malicious hackers a chance to make some money, even if they have almost no computer skills. They simply lease the malware from a cloud service, customize it, then set out to infect the world.

On the flip side, criminals with computer skills have plenty of incentive to offer their wares as a service.

This article originally appeared on Channel Futures’ sister site, IT Pro Today.

The most obvious incentive is that malware authors can potentially make more money through leasing their services to others rather than trying to spread an infection themselves. In most cases, malware authors simply take a cut from every ransom paid to someone who leases their service.

Leasing malware to others may also help to reduce the author’s risk of getting caught. Say a malware-as-a-service author poses as a legitimate security consultant and markets his or her wares as cybersecurity testing tools. That way, if authorities ever question the malware author, he or she has plausible deniability. After all, many vendors create security tools, and it’s not their fault if a customer uses a tool maliciously.

So if a cybercriminal has the computer skills to create an entire malware-as-a-service platform, why use those skills to develop malware? After all, there are plenty of other ways for a skilled software developer to make money.

Malware Pays Off

While some malware authors just want to watch the world burn, for most, it is a way to make money.  According to PayScale, the average software developer makes $71,150 per year.

Ransomware has the potential to be even more profitable. Consider, for example, that a 2019 ransomware attack against Virtual Care Providers demanded $14 million in bitcoin.. While this particular company did not pay the ransom, experts say the same Ryuk ransomware used in that attack earned about $3.7 million in the last five months of 2018.

Of course, if cybercriminals offer their ransomware as a service, then the original author is not collecting the full ransom. The customer leasing the ransomware presumably gets the lion’s share, while the author earns a small percentage as a commission.

So with that in mind, let’s pretend that one malware-as-a-service subscriber was responsible for collecting all $3.7 million in RYUK ransoms. Let’s also pretend that the person responsible for infecting all those systems had to pay a 10% commission to the ransomware author. That would mean the ransomware author would earn about $370,000 over five months.

This is far more money than the author could ever hope to make working a corporate job. In fact, $370,000 spread evenly over five months works out to $74,000 per month. That’s more than the entire average annual salary of a corporate software developer.

Of course, if someone has the skills necessary to build an entire malware-as-a-service platform, then that person is more than just a software developer. He or she also has a considerable amount of security knowledge. Even so, the person could probably make more money creating malware than working as a white hat security consultant.

Bug Bounties

In recent years, it has become fairly common for large tech companies to offer bug bounties. In other words, companies such as Microsoft and Facebook offer to pay hackers who can find security holes in their software. This gives the companies a chance to patch the holes before bad guys exploit them.

With that in mind, imagine that a gray hat hacker found a serious security flaw in a major online platform. While the tech company whose software is affected would likely be willing to pay for information about the vulnerability, the same information would probably be worth a lot more if sold to hackers on the black market.

Unfortunately, I don’t see the malware-as-a-service trend slowing down any time soon. Malware is just too financially rewarding for both the malware author and the wannabe hacker who subscribes to the service. The only good news is that companies are getting better at preventing infections since ransomware has become so prevalent.

Brien Posey is the vice president of research and development for Relevant Technologies. He writes technical content for a variety of publications and websites.

Tags: MSPs Cloud and Edge Endpoint MSSP Insider Network

Related


  • Zero Trust Security
    3 Strategies for Selling Zero Trust in the Channel
    Switching to a zero-trust security approach reduces exposure to potential data breaches and helps drive down fixed costs.
  • Malicious hacker group
    BlackBerry Research: MSSPs Increasingly Targeted by Hacker-for-Hire Groups
    The cybercrime industry has adapted to new digital habits.
  • Threats
    Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now
    “Look no further than the headlines,” says one vendor. “You owe it to your customers,” says another.
  • Spam
    Kaspersky Research: Russia Now No. 1 Global Source of Spam
    The most frequent targets of phishing attacks were online stores.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cybercriminals Now Targeting Unemployment Benefit Claims
  • How Ransomware Is Accelerating in the COVID-19 Era
  • Cowbell Cyber Debuts Partner Program to Manage Cyber Risk
  • Blame IT Pros for Data Privacy Failures?

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@okta acquiring rival @auth0 in $6.5 billion all-stock transaction. #security dlvr.it/Rtzwdp https://t.co/4LvHCJuwsR

March 4, 2021
ChannelFutures

.@MicrosoftTeams features are coming to @MSFTDynamics365, the company announced at @MS_Ignite. #MicrosoftIgnite… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@PreciselyData acquired by Clearlake Capital, @TAAssociates. #digitaltransformation dlvr.it/RtzbKg https://t.co/1rNYnTScxq

March 4, 2021
ChannelFutures

Thanks for attending #CPVirtual. Here's a Day 3 wrap and a look ahead to #CPExpo Homecoming in November!… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@Veeam announces six annual Impact Partner Awards, with @SHI_Intl, @LogicalisUS, more. #cloud… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

#XDR can improve operational efficiency for #MSPs. @TrendMicro #security #endpoint #AI #threatintelligence… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@IBM adds two senior execs to leadership team at infrastructure IT spinoff, NewCo. @IBMNews @IBMPartners… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

RT @ChannelEurope: Craving more #EMEA news? Get the latest headlines, insights and commentary in EMEA directly to your inbox. Subscribe to…

March 4, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X