Cybercrime-as-a-Service (CaaS)
What is Cybercrime-as-a-Service (CaaS)?
Cybercrime-as-a-Service (CaaS)An underground service model in which specialised criminal vendors sell tooling, infrastructure, or expertise so customers can run cyber attacks without building capabilities themselves.
Cybercrime-as-a-Service (CaaS) refers to the wider economy that has industrialised attacks. Sub-categories include Ransomware-as-a-Service (RaaS), Phishing-as-a-Service, Malware-as-a-Service, DDoS booters and stressers, Initial Access Brokers, infostealer log marketplaces (Genesis Market, RussianMarket, 2easy), bulletproof hosting, residential proxy networks, money muling, and cash-out services. Payment is usually in cryptocurrency, and many services adopt SaaS-like features such as web dashboards, support tickets, and revenue sharing. CaaS lowers the technical barrier for low-skill actors and gives experienced groups specialisation gains. Disruption relies on coordinated law-enforcement actions, sanctions, infrastructure takedowns, and cryptocurrency tracing.
● Examples
- 01
LockBit operated a RaaS panel allowing affiliates to build encryptors and manage victim negotiations.
- 02
Genesis Market sold infostealer-based browser fingerprints until its 2023 takedown by international law enforcement.
● Frequently asked questions
What is Cybercrime-as-a-Service (CaaS)?
An underground service model in which specialised criminal vendors sell tooling, infrastructure, or expertise so customers can run cyber attacks without building capabilities themselves. It belongs to the Defense & Operations category of cybersecurity.
What does Cybercrime-as-a-Service (CaaS) mean?
An underground service model in which specialised criminal vendors sell tooling, infrastructure, or expertise so customers can run cyber attacks without building capabilities themselves.
How does Cybercrime-as-a-Service (CaaS) work?
Cybercrime-as-a-Service (CaaS) refers to the wider economy that has industrialised attacks. Sub-categories include Ransomware-as-a-Service (RaaS), Phishing-as-a-Service, Malware-as-a-Service, DDoS booters and stressers, Initial Access Brokers, infostealer log marketplaces (Genesis Market, RussianMarket, 2easy), bulletproof hosting, residential proxy networks, money muling, and cash-out services. Payment is usually in cryptocurrency, and many services adopt SaaS-like features such as web dashboards, support tickets, and revenue sharing. CaaS lowers the technical barrier for low-skill actors and gives experienced groups specialisation gains. Disruption relies on coordinated law-enforcement actions, sanctions, infrastructure takedowns, and cryptocurrency tracing.
How do you defend against Cybercrime-as-a-Service (CaaS)?
Defences for Cybercrime-as-a-Service (CaaS) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cybercrime-as-a-Service (CaaS)?
Common alternative names include: CaaS, Crime-as-a-Service.
● Related terms
- malware№ 902
Ransomware-as-a-Service (RaaS)
A criminal business model in which ransomware operators rent their malware and infrastructure to affiliates who carry out attacks and share the proceeds.
- defense-ops№ 901
Ransomware Gang
A financially motivated cybercriminal group that develops, operates, or distributes ransomware to extort organisations through file encryption and data leak threats.
- defense-ops№ 536
Initial Access Broker (IAB)
A cybercrime specialist who obtains unauthorised access to corporate networks and sells that access to other criminals, especially ransomware affiliates.
- malware№ 531
Info Stealer
Malware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- defense-ops№ 1145
Threat Actor
An individual or group that intentionally causes or attempts to cause harm to information systems, organisations, or people through cyber operations.
● See also
- № 098Black Hat Hacker