The Worrying Growth of Cybercrime as a Service

Read More

Software as a Service (SaaS)…

Platform as a Service (PaaS)…

Infrastructure as a Service (IaaS)…

and now even…

Anything as a Service (XaaS)!

Then why not Cybercrime as a Service (CCaaS)?!

Cybercrime as a Service (CCaaS) is already a big problem for organizations and governments worldwide. Here’s what you should know about CCaaS, whether you’re an individual, business owner, company manager, or cybersecurity professional.

What is Cybercrime as a Service?

CCaaS describes an organized business model where cybercriminals, malware developers, and other threat actors sell their cybercrime services to potential customers. 

Virtually anyone can now launch a cyberattack or participate in some kind of cybercrime because CCaaS makes it easy for them to access the services, expertise or tools of an expert cybercriminal. The “customer” does not need to have any technical knowledge or coding skills, because their CCaaS vendor does all the groundwork that’s required to quickly launch a successful cyberattack with very little effort. Due to its shady and illegal nature, CaaS only operates on the dark web.

How CCaaS Works

Ironically, CCaaS vendors are organized like legitimate businesses. They have developers and engineers to manage the technical aspects of their offerings. Many also hire tech support representatives to resolve customer queries.

Almost all CCaaS vendors also have money mules to launder illegally acquired payments. Some also offer bulletproof hosting services, meaning they will look the other way if their services or hardware are used to launch a cyberattack.

Why Everyone Should Worry about the Growth of CCaaS

CCaaS makes it possible to both commercialize and scale cybercrime. A cybercriminal who can easily buy a CaaS subscription can also easily perpetrate any kind of attack on their chosen victim. Thus, with the help of CCaaS, a threat actor could:

  • Launch a malware attack

  • Engage in cyber extortion

  • Launch distributed denial-of-service (DDoS) attacks

  • Send phishing emails

  • Install keyloggers on victims’ devices

  • Steal money from digital currency wallets, bank ATMs, etc.

Further, the CCaaS landscape is constantly growing, with a whole host of businesses operating under its umbrella, including:

Ransomware as a Service (RaaS)

RaaS is a subscription-based model that allows a wannabe ransomware attacker to purchase ready-to-use ransomware toolkits to attack their victims quickly, easily, and without any technical or coding skills

Shadow broker services

They provide a monthly data dump so customers can access exploits, hacking tools and zero days.

Exploit kit makers

They’re often sold in underground forums, and enable cybercriminals to launch malware campaigns, install malvertisements, and launch watering-hole attacks and targeted attacks.

Botnets for rent

Cybercriminals use botnet rental services to access a network of infected computers and leverage it to distribute spam or launch DDoS attacks.

Modular malware

Vendors create customized modular malware that can selectively launch different payloads, and is more evasive and dangerous than typical document- or web-based malware.

Phishing as a Service

This CaaS offering allows attackers to easily deploy phishing campaigns to sensitive data like credentials – cheaply, and at scale.

The prices of each offering vary, depending on its sophistication, purpose, and intended attack scale. So while low-end malware kits may cost just $100, a Neutrino Exploit Kit can cost $7000 or more.

From a few lone hackers to hundreds of professionally-run businesses, the CCaaS market has matured rapidly in just a few years. It will continue to do so in future, making it even easier for cybercriminals to attack even more victims.


As the CCaaS economy matures and the supply chain becomes more professional, cybercrime will become even more consumerized. Luckily, there’s some good news. Many cyber criminals use the same CCaaS tools. Threat researchers are already studying these tools and looking for ways to detect and mitigate attacks launched with them.

But organizations should not rely on threat researchers – or law enforcement – to protect themselves. Rather, they should proactively assess their own cybersecurity to understand the cybercriminal mindset and act to strengthen their IT infrastructure. Penetration testing is one powerful way to do this.

Packetlabs provides cutting-edge pen testing services to help organizations mitigate the risks of Cybercrime as a Service. Contact us to know how we can add value to your cybersecurity ecosystem with pen testing.

Featured Posts

See All

- Blog

London Drugs Gets Cracked By LockBit: Sensitive Employee Data Taken

In April 2024, London Drugs faced a ransomware crisis at the hands of LockBit hackers, resulting in theft of corporate files and employee records, and causing operational shutdowns across Canada.

- Blog

Q-Day And Harvest-Now-Decrypt-Later (HNDL) Attacks

Prime your knowledge about post-quantum encryption and risks it creates today via Harvest-Now-Decrypt-Later (HNDL) attacks.

- Blog

The Price vs. Cost of Dark Web Monitoring

Learn more about the price vs. cost of Dark Web Monitoring in 2024, as well as the launch of Packetlabs' Dark Web Investigators.