https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Malware

Lucrative Malware as a Service Catches Fire for Malicious Hackers

  • Written by Brien Posey
  • May 12, 2020
Criminals with computer skills have plenty of incentive to offer their wares as a service.

During the last several years, software as a service (SaaS) has become the norm — and that goes for malware software, too. In fact, bad actors increasingly are using malware as a service.

When examined from an economic perspective, this trend makes perfect sense. Being able to lease malware gives wannabe malicious hackers a chance to make some money, even if they have almost no computer skills. They simply lease the malware from a cloud service, customize it, then set out to infect the world.

On the flip side, criminals with computer skills have plenty of incentive to offer their wares as a service.

This article originally appeared on Channel Futures’ sister site, IT Pro Today.

The most obvious incentive is that malware authors can potentially make more money through leasing their services to others rather than trying to spread an infection themselves. In most cases, malware authors simply take a cut from every ransom paid to someone who leases their service.

Leasing malware to others may also help to reduce the author’s risk of getting caught. Say a malware-as-a-service author poses as a legitimate security consultant and markets his or her wares as cybersecurity testing tools. That way, if authorities ever question the malware author, he or she has plausible deniability. After all, many vendors create security tools, and it’s not their fault if a customer uses a tool maliciously.

So if a cybercriminal has the computer skills to create an entire malware-as-a-service platform, why use those skills to develop malware? After all, there are plenty of other ways for a skilled software developer to make money.

Malware Pays Off

While some malware authors just want to watch the world burn, for most, it is a way to make money.  According to PayScale, the average software developer makes $71,150 per year.

Ransomware has the potential to be even more profitable. Consider, for example, that a 2019 ransomware attack against Virtual Care Providers demanded $14 million in bitcoin.. While this particular company did not pay the ransom, experts say the same Ryuk ransomware used in that attack earned about $3.7 million in the last five months of 2018.

Of course, if cybercriminals offer their ransomware as a service, then the original author is not collecting the full ransom. The customer leasing the ransomware presumably gets the lion’s share, while the author earns a small percentage as a commission.

So with that in mind, let’s pretend that one malware-as-a-service subscriber was responsible for collecting all $3.7 million in RYUK ransoms. Let’s also pretend that the person responsible for infecting all those systems had to pay a 10% commission to the ransomware author. That would mean the ransomware author would earn about $370,000 over five months.

This is far more money than the author could ever hope to make working a corporate job. In fact, $370,000 spread evenly over five months works out to $74,000 per month. That’s more than the entire average annual salary of a corporate software developer.

Of course, if someone has the skills necessary to build an entire malware-as-a-service platform, then that person is more than just a software developer. He or she also has a considerable amount of security knowledge. Even so, the person could probably make more money creating malware than working as a white hat security consultant.

Bug Bounties

In recent years, it has become fairly common for large tech companies to offer bug bounties. In other words, companies such as Microsoft and Facebook offer to pay hackers who can find security holes in their software. This gives the companies a chance to patch the holes before bad guys exploit them.

With that in mind, imagine that a gray hat hacker found a serious security flaw in a major online platform. While the tech company whose software is affected would likely be willing to pay for information about the vulnerability, the same information would probably be worth a lot more if sold to hackers on the black market.

Unfortunately, I don’t see the malware-as-a-service trend slowing down any time soon. Malware is just too financially rewarding for both the malware author and the wannabe hacker who subscribes to the service. The only good news is that companies are getting better at preventing infections since ransomware has become so prevalent.

Brien Posey is the vice president of research and development for Relevant Technologies. He writes technical content for a variety of publications and websites.

Tags: MSPs MSSP Insider Cloud and Edge Endpoint Network Security

Most Recent


  • Making Waves
    7 Channel People Making Waves This Week at AWS, Cisco, Snyk, CrowdStrike, More
    Earlier this year, ServiceNow made a $25 million strategic investment in Snyk. This followed Snyk closing a $196.5 million funding round.
  • AppDirect-TBI, latest channel M&A
    Latest Channel M&A: ReliaQuest, IBM, Broadcom, Amplix, More
    Absolute Software, Procure IT and Qlik were among other companies wheeling and dealing in May.
  • CwCJ with Palo Alto Networks
    Coffee with Craig and James Episode 124: Palo Alto Networks
    Cybersecurity is on the agenda, as we talk threats, channel program and more.
  • Choice of direction for Cisco partners
    Opportunities, Challenges Facing Cisco Partners
    Cisco Live was this week's event headliner. Reps from Computacenter, Molaprise, NTT and WWT weigh in on their experiences.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • zero trust security
    Leveraging Partner Expertise to Build a Zero-Trust Strategy
  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office
  • Threats
    Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here
  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration

Upcoming Events

View all

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Galleries

View all

7 Channel People Making Waves This Week at AWS, Cisco, Snyk, CrowdStrike, More

June 9, 2023

Latest Channel M&A: ReliaQuest, IBM, Broadcom, Amplix, More

June 9, 2023

Images: Channel Partners Conference & Expo Best in Show Awards

June 9, 2023

Industry Perspectives

View all

Identity Is Increasingly Valuable – and Targeted

May 18, 2023

Gaining a Competitive Advantage through AV Managed Services

May 10, 2023

How to Build an Organization That Attracts and Retains Talent

May 1, 2023

Webinars

View all

From Problem to Profit: Mastering the Science of Selling Using Business Outcomes

May 9, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 124: Palo Alto Networks

Motus: Partners Grasping Mobile Workforce Management Opportunity

June 9, 2023

Coffee with Craig and James Episode No. 123: MartinWolf M&A Advisors, CP Expo Preview

April 24, 2023

UScellular Takes On Rivals with Partner Program Simplicity

April 21, 2023

Twitter

ChannelFutures

Channel people making waves include @mnair1, @George_Kurtz, @mike_at_vulcan, @jzoblin, @jpatel41 and more.… twitter.com/i/web/status/1…

June 9, 2023
ChannelFutures

.@motusdotcom wraps its #CPExpo experience, talks mobile workforce management opportunity in the channel.… twitter.com/i/web/status/1…

June 9, 2023
ChannelFutures

Find out why #companyculture is significant when planning a merger or #acquisition. dlvr.it/SqR4ks https://t.co/gAUxiEW4yE

June 9, 2023
ChannelFutures

Great conversation with @Tom_D_Evans of @PaloAltoNtwks talking #cybersecurity, channel, more.… twitter.com/i/web/status/1…

June 9, 2023
ChannelFutures

The latest channel M&A includes @ReliaQuest, @IBM, @Broadcom, @AmpliXIT and more. dlvr.it/SqQntD https://t.co/DektC1Xmz9

June 9, 2023
ChannelFutures

Find out why everyone is talking about generative AI and cloud in this exciting new article >>… twitter.com/i/web/status/1…

June 9, 2023
ChannelFutures

In just 4 days, #ChannelPartners will come together in #London for #ChannelEurope. Professionals from the IT & Tele… twitter.com/i/web/status/1…

June 9, 2023
ChannelFutures

Kicking off a multi-part series, get the inside scoop on what changes are taking pace in the channel. In this galle… twitter.com/i/web/status/1…

June 8, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X