- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Crimeware as a service
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Crimeware as a service
criminals work with independent contractors, freelancers and affiliates is one that doesn’t seem to be going away anytime soon.
It can be helpful to think of malware makers as a form of software startup. Scrappy at first, the successful makers eventually earn a loyal following. And there can be just as many business models for malicious software as there are for legitimate software. The term “crimeware” is intentionally broad; some creators of malware, or of the tools that enable malware to be delivered with ease or to enhance it with new features, don’t sell their product outright, but license it as you might buy a one-year license for the Adobe Creative Suite. We’ve called this class of business model “crimeware-as-a-service,” (CaaS) and it seems poised to be the new normal. One of the more notorious examples of a CaaS malware is Emotet. The spam-delivered trojan has been around for years, and seems to be centered around a smooth experience for the would-be criminal. Emotet is one of a class of malware collectively referred to by security researchers as loaders. Emotet exists primarily to deliver other malware to a target’s computer. It accomplishes this job with a sophisticated network that distributes weaponized spam emails to large volumes of targets.
Emotet, however, has gone through two dark periods so far this year. The malware remained in communication with its C2 servers over a nearly five-month period in which the spam emails that normally deliver attacks evaporated completely. Spam emails delivering Emotet mysteriously resumed in July. Dharma ransomware is another CaaS malware of note. Unlike its pricier relations, Dharma maintains a fixed, small ransom. The reason comes down to Dharma’s business model: It’s the ransomware with training wheels on, for aspiring criminals who need to learn the ropes. Those criminals pay essentially a subscription fee to obtain payloads from the Dharma creators, and split the proceeds of any attacks with them. As attackers branch out into specialties and sub-specialties, it seems the business model in which criminals work with independent contractors, freelancers and affiliates is one that doesn’t seem to be going away anytime soon.