insider threats

Malware-as-a-Service: How to Keep Your Business Safe


You have probably heard of—and most likely used—at least one technology solution delivered through the Software-as-a-Service (SaaS) model. SaaS means that the service “lives” in the cloud instead of your company’s servers, and all you need to do is “plug into” the cloud to use it. SaaS usually has an associated subscription fee which is how SaaS providers earn their revenue. Ease of access, lower cost, endless scalability, instant updates, and increased security are the main selling points of SaaS—and the reason more and more technology mastodons are shifting to this delivery model and more and more business owners are choosing it. Adobe Cloud, Microsoft 365, Salesforce, Shopify and many others are all examples of SaaS where instead of owning a copy of a program you tap into everything it has to offer through the cloud. 


Well, on the dark side of the Internet, a different “aaS” rules them all: Malware-as-a-Service (MaaS). 


What is MaaS? 

Malware-as-a-Service, or MaaS, takes the idea of SaaS and brings it to the “dark side.” When a cybercriminal or a digital profeteer with solid coding skills creates a MaaS solution, he or she can then lease this malicious software endlessly to hackers to execute massive-scale attacks without pouring their own sweat into the deal. As long as they can pay a licensing fee, they can keep hacking. 


MaaS clients get the same pleasant perks most SaaS clients receive: terms of service, a visually pleasant personal dashboard, a secure login, and technical support. “The biggest cybercrime operations are essentially computer software and services companies, albeit illicit ones,” says the 2016 Trustwave Global Security Report.


Top Exploits Targeted by MaaS

MaaS software uses various tactics to achieve the desired result and hack a business or individual. The most popular, as we discuss elsewhere on the blog, are ransomware, malware, and phishing.  


Earlier this year, the Joint Cybersecurity Advisory made up of the US FBI and CIA, the Australian CSC, and the UK’s NCSC has released the list of the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by hackers. Because MaaS is not a unique cyber threat but rather a more aggressive delivery method, these CVEs are worth paying close attention to minimize the risks. The vulnerabilities primarily reside in the software products from Microsoft, Citrix, Pulse, and more. The most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies, according to the report. The full list of CVEs is available on the agency site.    


How to Protect Business from MaaS?

The following actions will reduce the risk of a MaaS attack and help protect your business: 

  1. Keep your software up-to-date by installing new patches as soon as they are released. A hands-off solution but busy business owners is centralized patching via an MSP. 
  2. Enable automatic software updates. 
  3. If it is impossible to keep all software up-to-date, focus on known CVEs and remote-facing applications and devices. 
  4. Implement managed EDR for advance threat protection. 
  5. Implement the Zero Trust framework.
  6. Train your staff on all levers in cybersecurity and threat detection. 3nom’s Free Security Webinars are a great place to start.  


To give yourself a better view of how much a cyber attack may cost your business, fill out our Cyber Attack Cost Calculator form.  


The more advanced cyber threats become, the more important it becomes to have a cybersecurity expert on call and monitoring your systems 24/7. 3nom is the leading East Coast IT expert with over 30 years of experience, ready to develop a customized and comprehensive cybersecurity strategy for your business that fits your goals and budget. Schedule your free 30-minute cybersecurity consultation to get started today.    




Improve Your Productivity

Subscribe to learn more