How Cybercrime-as-a-Service is a Growing Enterprise Threat

Cyber threats are becoming increasingly sophisticated and complex to defend against, with new data from Darktrace’s 2024 Annual Threat Report revealing that Malware-as-a-Service (MaaS) is now responsible for 57% of all cyber threats to organisations. 

Darktrace says this trend highlights the rapid growth of Cybercrime-as-a-Service (CaaS) models, which are making it easier for even low-skilled or less experienced attackers to launch disruptive attacks against businesses.

The report is based on observations by Darktrace’s Threat Research Team across nearly 10,000 customers spanning all major industries globally. It highlights a shifting and quickly evolving threat landscape that continues to grow in complexity and the sophistication of common security threats. 

The persistence of Cybercrime-as-a-Service

The evolution of CaaS, particularly Ransomware-as-a-Service (RaaS) and MaaS, has allowed cybercriminals to gain access to sophisticated attack tools without requiring advanced technical skills. 

Darktrace finds that MaaS-driven attacks increased by 17% in the latter half of 2024, rising from 40% to 57% of total campaign activity.

Remote Access Trojans (RATs) have also surged, accounting for 46% of campaign activity in the second half of the year compared to just 12% earlier. RATs provide attackers with remote control over infected devices, enabling data theft, credential harvesting and surveillance.

Darktrace’s Threat Research team identified multiple ransomware groups, including both new and re-emerging threats such as Lynx, Akira, RansomHub, Black Basta, Fog and Qilin. 

While phishing remains a common attack vector, Darktrace says that cybercriminals are now employing more sophisticated techniques, including using legitimate software like AnyDesk and Atera to evade detection, as well as employing Living-Off-The-Land (LOTL) tactics to move laterally within networks undetected.

Phishing: the gateway to cyber attacks

Phishing continues to be one of the most effective attack methods against organisations and businesses, with over 30.4 million phishing emails detected across Darktrace’s customer base between December 2023 and December 2024. 

However, attackers are continuously refining their methods to make phishing campaigns more convincing and difficult to detect. Key findings from the report include:

• 38% of phishing attempts were spear phishing attacks targeting high-value individuals.
• 32% leveraged advanced social engineering techniques, including AI-generated text designed to bypass traditional security filters.
• 70% successfully passed DMARC authentication, evading common email security measures.
• 55% bypassed all existing security layers before being detected by Darktrace.
• Over 940,000 malicious QR codes were identified.

Attackers are also increasingly exploiting trusted third-party services commonly used within the enterprise such as Zoom Docs, QuickBooks, HelloSign, Adobe and Microsoft SharePoint to distribute phishing emails. This increases the success rates of their campaigns and bypasses traditional security filters.

Nathaniel Jones, VP of Threat Research at Darktrace, explains: “Email is at the forefront of the evolving threats we’re seeing across the threat landscape. 

“Ransomware-as-a-Service tools, combined with the growing use of AI, are allowing even low-skilled attackers to engineer convincing, targeted email attacks at scale, making it harder than ever for traditional security measures to keep up.”

Exploiting edge device vulnerabilities

Rather than causing immediate disruption, many attackers are focusing on stealthily gaining access to networks through vulnerabilities in edge devices such as firewalls and VPNs - in 2024, 40% of all campaign activity involved exploiting internet-facing devices. 

Additionally, attackers are increasingly using stolen credentials to access remote network solutions like VPNs. Once inside, they leverage legitimate tools already present in the network to remain undetected while carrying out their attacks.

Traditional security tools struggle to differentiate between legitimate administrative activity and malicious use of system tools. This challenge is not limited to nation-state actors, says Darktrace. Smaller cybercriminal groups are also adopting these tactics to avoid the need for custom malware development, which can be easily detected once threat intelligence indicators are published.

Building cyber resilience: a c-Level imperative

For business leaders, Darktrace says this more complex landscape means taking a proactive approach to cybersecurity, with several core areas of focus:

• Enhancing email security through AI-driven solutions that detect sophisticated phishing attempts before they reach employees.
• Strengthening edge defences to close vulnerabilities.
• Improving access management through multi-factor authentication and monitoring.
• Investing in AI-driven threat detection, including self-learning AI systems that can establish a baseline of normal network activity and flag anomalies in real time.

“The combination of Cybercrime-as-a-Service, automation, and AI is increasing the sophistication and diversity of attack techniques faster than ever—from AI-enhanced phishing campaigns to evolving ransomware strains,” says Nathaniel. 

“Detecting and responding to threats in progress is no longer sufficient. Organisations must prioritise cyber resilience by proactively addressing weaknesses across systems, people and data before attackers can exploit them.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand