According to a report from Darktrace [2], Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools have become the most commonly used malicious tools by attackers [2]. This report highlights the dominance of as-a-Service attacks, particularly MaaS infections, in the threat landscape during the second half of 2023.


The threat landscape in the second half of 2023 was dominated by as-a-Service attacks, with MaaS infections identified as the biggest threat to organizations [1] [3], according to a Darktrace report [1] [3]. These infections combine malware loaders, such as remote access trojans (RATs) [1] [3], with information-stealing malware [1] [2] [3] [4], making them more dangerous [1] [3]. Notable examples of this combination include ViperSoftX, an information stealer and RAT malware that targets privileged information like cryptocurrency wallet addresses and passwords [3], and the Black Basta ransomware [1] [3], which spreads the Qbot banking trojan for credential theft [1] [2] [3]. The report also mentions the dismantling of Hive ransomware, leading to the emergence of new threats like ScamClub and AsyncRAT [4]. Additionally, the report emphasizes the evolving nature of malware and ransomware threats, as well as the changing tactics and techniques employed by attackers. It notes that attackers are utilizing generative AI tools to create more convincing phishing campaigns, effectively bypassing organizations’ defenses [3]. The report does not provide specific details on the most commonly observed MaaS tools during the investigated period [1].


The study reveals that malware loaders make up 77% of investigated threats [2], followed by cryptominers at 52% and botnets at 39% [2]. Information-stealing malware accounts for 36% of threats [2], while proxy botnets make up 15% [2]. Darktrace has identified Hive ransomware as a major RaaS attack in early 2023 [2], but with its dismantling [2] [4], other threats like ScamClub and AsyncRAT have emerged [2]. A new trend is the development of multi-functional malware that combines capabilities to maximize damage [2]. The recent Black Basta ransomware [2], for example [1] [2] [3], also spreads the Qbot banking trojan for credential theft [1] [2] [3]. These multi-tasking malware allow attackers to monetize infections on a larger scale [2]. It is crucial for organizations to be aware of these evolving threats and employ effective defenses to mitigate the risks posed by as-a-Service attacks and the changing tactics of attackers.