Cover Image for 4 Ways Threat Actors Monetize Malicious Code and How to Respond

4 Ways Threat Actors Monetize Malicious Code and How to Respond

01.10.23 | By Ascent

It’s January: time for that reading and research you set aside during the holidays. We did the leg work though, combing all 114 pages of Microsoft’s Digital Defense Report for 2022 so you can take action in the new year.

Our Central Take-Away from Microsoft’s Digital Defense Report

Hackers have bosses and budgets too. And the dark web operates in tandem with fresh attack vectors and tools to sell. The MDDR points out defending organizations have shifted from passive to proactive, so threat actors respond in kind,operat[ing] sophisticated profit enterprises, offering cybercrime, ransomware, phishing, and malware-as-a-service.”

Cybercriminals continue to create fresh tools for breach, specifically creating vendor offerings similar to the cybersecurity industry. Software with malicious purposes makes hacking accessible across skill levels—all the threat actor needs is money and position to operate dangerous tools against vulnerable organizations. Microsoft analysts note the mass production and user focus of the cybercrime market “allows greater flexibility in launching widespread attacks on a higher number of targets.”

Pre-packaged tools allow attackers to spend more energy on trojan horse methods—breaching a trusted network from which to launch targeted attacks.

Experienced attackers employing the Cybercrime-as-a-service (CaaS) approach across the dark web is not only financially lucrative but also provides access to pre-packaged tools allowing attackers of all experience levels access to compromised business networks and to some of the most sophisticated ransomware, malware, and phishing campaigns – while ensuring a level of anonymity, culpability, and plausible deniability.

4 Black-Market Monetization Methods According to the MDDR

Microsoft analysts outline four central methods used in hacker monetization:

Cybercrime as a service (CaaS): The Microsoft Digital Crimes Unit (DCU) observed continued growth of the CaaS ecosystem with an increasing number of online services facilitating various cybercrimes, including Business Email Compromise (BEC) and human-operated ransomware.

Ransomware as a Service (RaaS): Ransomware is now a sophisticated industry with threat actors using double or triple extortion tactics to extract a pay out and developers offering ransomware as a service (RaaS).

Phishing as a service (PhaaS): PhaaS is one example of an end-to-end cybercrime service. PhaaS is an evolution of prior services known as fully undetectable services and is offered on a subscription basis.

Malware as a Service (MaaS): MaaS has moved into large scale operations against civil infrastructure and utilities (including hospitals, oil and gas, electrical grids, transportation services, and other critical infrastructure) as well as corporate networks. Significant research efforts are required by threat actors to uncover and exploit the configuration of operating environments and embedded internet of things (IoT) and operational technology (OT) devices.

Factors for Breach Success

According to Microsoft, almost 92% of impacted organizations they assisted did not implement effective data loss preventions. It is crucial for all organizations to deploy the right data protection processes, remain vigilant of trending attacker techniques, tactics, procedures, and publicly announced common vulnerabilities and exposures (CVE) from software vendors, developing situational awareness of your organizational exposure on both the clear/dark web, and assessing the risks that each of these considerations will likely pose towards your organization’s current security posture.

What Makes an Organization Resilient?

As Microsoft tracked, many cyberattacks are successful simply because basic security hygiene has not been followed. In fact, cyber hygiene still protects against 98% of all attacks.

So how should organizations improve cyber hygiene and prepare for breaches? We would recommend IT leadership communicate how cybersecurity supports and meets business goals. Instead of just promoting the latest ransomware statistics, highlight how proper procedures protect critical business processes and supply chain fulfillment.

When’s the last time your organization had a life-like breach response test? In order to expect basic cyber measures to be taken, leadership should practice regular tabletop exercises. Attackers are always going to have the advantage of timing—they decide when the attack is going to happen. Our advantage is hardwiring enterprise infrastructure against vulnerabilities and creating a culture of cyber-aware individuals.

Take Cyber Hygiene to the Next Level

Microsoft’s Digital Defense Report is a crucial knowledge base for cyber defenders, ready to be implemented by a trusted partner. We’re passionate about holistic digital resiliency—for the security and freedom of the people who support your organization and for a fair and equitable digital economy. For more information on digital hygiene and how we leverage the full Microsoft security and office suite, reach out to

Share this Post
Whether you’re starting your cybersecurity journey or you’re improving your security posture, our team is passionate about protecting your people and business.
Ascent Solutions recognized as a Microsoft Security Excellence Awards winner for Security Customer Champion  

May 8, 2024 – Ascent is recognized as the 2024 MISA Security Customer Champion award winner.

How to Improve the Economics of Your Security Strategy

April 30, 2024 – IT and cybersecurity are tightly linked to budgets, but not all costs are quantified in dollars.

Right-sized Security: Choosing Managed Services for Your Business

April 17, 2024 – Managed security is cost effective, but sometimes the range of services offered feels overwhelming. Read on for a right-sized approach.