View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Malware-as-a-Service enabling novice threat actors to attack

Exploit kits readily available.

By Vinod

Malware-on-sale is assisting even novices in carrying out cyber attacks, while advanced tools are making the hackers remain anonymous by circumventing the attribution chain.

According to the Websense Security Labs 2015 Threat Report, MaaS (Malware-as-a-Service) is enabling even entry level threat actors to successfully create and launch data theft.

Availability of exploit kits on sale, rent, or subcontract, together with a combination of old techniques with newer ones, is resulting in attacks which are difficult to track back to the source.

The Websense report said that the old threats are being ‘recycled’ into new threats, launched through email and web channels and ‘challenging the most robust defensive postures’.

In 2014, 99.3% of malicious files used a Command & Control (C&C) URL that has been previously used by one or more other malware samples; 98.2% malware authors used C&C found in five other types of malware, the Websense report found.

One of the oldest vectors of attack, email, is still a potent attack launcher in spite of the evolution of the web.

Over 80% of 2014 emails scanned by Websense were found to be malicious, up by 25% from the previous year.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websense security research vice-president Charles Renert said: "Cyber threats in 2014 combined new techniques with the old, resulting in highly evasive attacks that posed a significant risk for data theft."

In spite of easier availability of malware, attackers are focusing on the quality of attack rather than on quantity.

According to the Websense report, security threats in 2014 decreased by over 5% in 2014 to 3.96 billion, but the targets of numerous attacks have been high profile organisations with huge security investments.

Adding to the troubles of cyber security are the new ways to erase the trail of attackers using cutting-edge tools.

Hackers are able to spoof information, circumvent logging and tracking or remain anonymous by using redirect chains, code recycling and several other techniques.

"In a time when Malware-as-a-Service means more threat actors than ever have the tools and techniques at hand to breach a company’s defenses, real-time detection across the Kill Chain is a necessity," Renert added.

Websense’s report cautions that insider threats, such as accidental or malicious actions by employees, will continue to be among the risk factors for data theft.

The emergence of Internet of Things (IoT) will increase security vulnerabilities as it grows to an estimated range of 20-50 billion connected devices by 2020.

"IoT offers previously unimaginable connectivity and applications, yet ease of deployment and the desire to innovate often override security concerns," the report observed.

Photo: courtesy of Pat138241 /

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.