As we step over the cybersecurity threshold from 2022 to 2023 and look down range, we can expect the bad guys to continue to become more aggressive and efficient at their profession. One primary area of their expansion and continuous improvement will be “cybercrime as-a-service.” This ecosystem is flourishing and has lowered the barriers of entry for would-be cybercriminals. Anticipate that more miscreants will join their malevolent cohorts. The following are some areas of expected growth and evolution in the “as-a-service” cybercrime industry:

Ransomware aaS: A business model between ransomware operators and affiliates in which affiliates pay operators to launch ransomware attacks.

Malware aaS: This service distributes malware within specific regions and industry sectors.

Access aaS: The selling of access to compromised accounts and systems.

Phishing aaS: End-to-end service for phishing campaigns.

Vishing aaS: The renting of voice systems to send and receive calls that use voice bots to mimic humans in a native language using AI technology.

Scanning aaS: Access to legitimate commercial tools, including Metasploit, Burp Suite, and Cobalt Strike, to find and exploit vulnerabilities.

Spamming aaS: Bulk spamming through a medley of means, including SMS and email.

OPSEC aaS: Operational security to minimize the risk of detection and attribution.

The assault infrastructure expansion and attack execution of threat actors mean teams responsible for cybersecurity within their respective organizations must pursue cyber resiliency by creating a culture of intent, and response readiness, reducing dwell time, turning dysfunction into function, and committing to improving overall cyber posture.

Contact us to learn more about how we can help your team with its cyber resiliency and response preparation and succeed in hybrid or surge-ops mode in the cyber fight against the bad guys!