• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Impacts to Enterprise Security: A Look at as-a-service Attacks

Impacts to Enterprise Security: A Look at as-a-service Attacks

  • Posted on:January 24, 2019
  • Posted in:Business, Ransomware, Security
  • Posted by:
    Trend Micro
0

Ever since certain solutions have begun being offered “as-a-service,” the market for this method of delivery has exploded. Now, elements like software-as-a-service, infrastructure-as-a-service and platform-as-a-service are key mainstay components of enterprise IT, with the market values to prove it.

According to MarketWatch, the global SaaS market is on track to expand by a more than 20 percent compound annual growth rate, reaching a value of $185.8 billion by 2024. Allied Market Research reported that the IaaS market will see an even larger CAGR of more than 25 percent through 2023, surpassing $92 million; and Market Research Future forecast that the PaaS sector will reach $12.12 billion through 2022 thanks to a 26 percent CAGR.

The as-a-service model comes with considerable benefits, including lower front-end investments and more consistent uptime and performance of key solutions. Understandably, enterprises of all sizes across industry sectors are now flocking to as-a-service models – and they aren’t the only ones.

Cybercriminals are also jumping on board, with as-a-service threats that make infiltration, data theft and malicious profit more accessible than ever before. Let’s examine the trend of as-a-service threats, and what this means for enterprise data security.

Ransomware-as-a-service

Currently, several different malware samples and threats are being made available in as-a-service capacities through underground marketplaces. However, one of the most formidable of these is ransomware-as-a-service.

Trend Micro reported on this growing trend when it was first emerging in 2016, explaining that samples including one called “Stampado” were being offered for sale in the Deep Web. Hackers were providing the sample alongside a “lifetime license,” costing only $39 at the time.

“This is exactly how ransomware as a service (RaaS) works – do-it-yourself (DIY) kits are sold in forums, making it incredibly easy even for nontechnical people to mount a ransomware operation of their own,” Trend Micro noted in its Security News blog.

Similar to other ransomware samples, this RaaS kit included a sample that encrypted files once executed on a victim’s machine, locking users out of data and displaying a warning notification demanding ransom payment for the decryption key. Instead of having to build this malicious ransomware code themselves, however, RaaS kits provide everything attackers needs to disperse a data-and-file-locking threat onto one or multiple victim systems.

And, as we’ve learned from past ransomware attack scopes, the more victims that can be infected, the higher potential for profit for hackers supporting the attacks. As Trend Micro pointed out in the Security News blog, infection and attack results also depend on the type of organization attacked, and the different kinds of data the ransomware is preventing access to.

Locking users out of highly sensitive data – particularly when no backups are in place – can boost the motivation to pay the ransom. And in some cases, the attack doesn’t end there – hackers have been known to demand a second ransom after successful payment of the first, maintaining the robust encryption preventing victims from accessing their data.

There are tricky ways hackers can exploit and hack brands today.

Combining threats: Ransomware and cryptocurrency mining malware

This year, the RaaS threat saw an upgrade with the discovery of an exploit kit that contained not only the GandCrab ransomware sample, but also a powerful cryptocurrency-mining malware. The so-called Rig exploit kit had been on the market since July 2018, but in August, researchers including Trend Micro’s Fraud Researcher Joseph Chen noticed a change – as opposed to delivering the GandCrab ransomware, the kit included a then unknown sample, which was subsequently identified by Trend Micro researchers as the Princess Evolution ransomware.

As Chen pointed out, this effective malware combo contained in the kit translated to a dangerous threat. And making matters worse is the fact that, based on activity within underground forums observed by Trend Micro researchers, hackers were providing this ransomware-and-cryptocurrency-mining kit in a ransomware-as-a-service capacity, and were on the hunt for supporters.

“[I]t appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates,” Chen wrote. “Even if users aren’t diverted to the exploit kit and infected with the ransomware, the cybercriminals can still earn illicit profit through cryptocurrency mining.”

The Princess Evolution/cryptocurrency mining exploit kit was far from the first time this kind of double-whammy threat emerged. As noted in an October, 2016 Security News blog, one of the very first well-known kits was the Blackhole Exploit Kit, which first came about back in 2013 and included the well-known CryptoLocker sample. Since then, other kits – like the Angler, Neutrino and Magnitude exploit kits – were made available.

This method of delivery became so popular that by Q4 of 2016, 18 percent of all ransomware families were arriving to victim systems through exploit kits. As activity has shown, hacker success with an exploit kit wasn’t too difficult to come by.

“What makes exploit kits an effective means of delivering a myriad of threats? They require less user action, for one, as they take advantage of unpatched vulnerabilities in the most popular software,” Trend Micro pointed out. “At any given time, networks will always have vulnerabilities, especially if they use legacy systems or software.”

What’s more, while activity connected with the likes of the Angler exploit kit has considerably slowed since it first emerged, there is always the next big power combo of threats to take its place. For example, just as Angler began dying down, infections at the hands of Neutrino exploit kit rose sharply.

The danger of as-a-service attacks

No matter what threats a robust exploit kit or ransomware-as-a-service system might include, the bottom line is that these represent a significant and particularly dangerous threat to enterprise security. Overall, as-a-service and other exploit kits are coming up for sale much more often on the Dark Web and underground marketplaces, and as Trend Micro pointed out, they are considerably affordable.

This means that even those without malicious (or any) technical experience can buy up an as-a-service sample or exploit kit for a cost-efficient price, and launch attacks on targets at will. In the case of exploits kits, which often leverage a zero-day threat to support successful intrusion, the risk increases.

“As cybercriminals continue to use the deadly exploit-kit-ransomware combination, enterprises must contend with the risks of infection, along with any other new-fangled malware exploit kit operators decide to deliver,” Trend Micro noted it its Executive Series guide on Exploits-as-a-Service.

Check out Trend Micro’s guide, and reach out to one of our expert security advisors today to learn more.

Related posts:

  1. Protecting Your Enterprise against a New Generation of Cybercriminals
  2. Exploits as a Service: How the Exploit Kit + Ransomware Tandem Affects a Company’s Bottom Line
  3. Outsourcing crime: How Ransomware-as-a-Service works
  4. The implications of malware-as-a-service for enterprise IT

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.