top of page

Cyber criminals are getting more 'innovative'

The cyber threat landscape has reached a new level of commercialization and convenience for would-be attackers, with nearly all barriers to entry for committing cyber crime removed through the expansion of cyber crime-as-a-service according to Sophos' 2023 Threat Report.

The report details how ransomware remains one of the greatest cyber crime threats to organizations with operators innovating their extortion tactics, as well as how demand for stolen credentials continues to grow.

Criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services (malware-as-a-service), as well as to sell stolen credentials and other data in bulk.

Sophos principal threat researcher Sean Gallagher said, “This isn’t just the usual fare, such as malware, scamming and phishing kits for sale. Higher rung cyber criminals are now selling tools and capabilities that once were solely in the hands of some of the most sophisticated attackers as services to other actors.

“The commoditization of nearly every component of cyber crime is impacting the threat landscape and opening up opportunities for any type of attacker with any type of skill level.”

With the expansion of the as-a-service economy, underground cyber criminal marketplaces are also becoming increasingly commodified and are operating like mainstream businesses. Cyber crime sellers are not just advertising their services but are also listing job offers to recruit attackers with distinct skills. Some marketplaces now have dedicated help-wanted pages and recruiting staff, while job seekers are posting summaries of their skills and qualifications.

Indeed, as the cyber crime infrastructure has expanded, ransomware has remained highly popular—and highly profitable.



bottom of page