Everything-as-a-service is a defining characteristic of our current corporate landscape. Perhaps it was inevitable that the concept eventually spread to the Internet’s darkest corners as crimeware-as-a-service (CaaS).
Today, skilled threat actors sell their cybercrime tools and services to networks of malicious actors. This enables the specialization and selling of criminal services in a manner mirroring that of the legitimate business world. The increasing sophistication of cyber criminals comes as no surprise given the growing profit potential of cyber attacks.
Unfortunately, the trend of CaaS will likely accelerate in the coming year as connectivity and new technologies expand the attack surface. In particular, ransomware-as-a-service (RaaS) is likely to proliferate and continue to target organizations and government agencies. The legacy nature of some industry and government data systems means the RaaS wave is still cresting and unlikely to break in 2020.