Welcome to the November 2022 issue of your Computing Security Newsletter.

The cyberthreat landscape has reached a new level of commercialisation and convenience for would-be attackers, with nearly all barriers to entry for committing cybercrime removed through the expansion of cybercrime-as-a-service.

The disturbing news comes in a 2023 Threat Reportrecently released by Sophos.

The report also addresses how ransomware remains one of the greatest cybercrime threats to organisations with operators innovating their extortion tactics, as well as how demand for stolen credentials continues to grow.

Criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services (‘malware-as-a-service’), as well as to sell stolen credentials and other data in bulk. Over the last decade, with the increasing popularity of ransomware, an entire ‘ransomware-as-a-service’ economy sprung up. Now, in 2022, this as-a-service model has expanded and nearly every aspect of the cybercrime toolkit—from initial infection to ways to avoid detection—is available for purchase.

"This isn't just the usual fare, such as malware, scamming and phishing kits for sale," says Sean Gallagher, principal threat researcher, Sophos. "Higher-rung cybercriminals are now selling tools and capabilities that once were solely in the hands of some of the most sophisticated attackers as services to other actors."

As if the security challenges already facing businesses were not enough, it would appear that 2023 is likely to see these become a great deal worse.

Brian Wall, Editor
Computing Security

To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.

Follow us :