Cybercrime Goes Saas: Renting Tools, Access, And Infrastructure

These days, the cybercrime ecosystem functions more and more like a subscription-based technology sector. Similar to the "as-a-service" model of legitimate cloud services, crime-as-a-service (CaaS) solutions allow inexperienced attackers to rent the resources and access they need to carry out attacks.

Cybercrime networks advertise scalable, on-demand services and pay-per-use models.

Although affiliate programs (RaaS) have long been used by ransomware gangs, nearly every aspect of online crime is now offered for a fee. In this blog, we discuss five ways cybercrime has shifted to a subscription-based business model, with notable differences from earlier practices.

Phishing-as-a-service (PhaaS) has transformed email scams from DIY operations into polished subscription services. Traditionally, a cybercriminal needed to assemble phishing pages, mailer scripts, and mailing lists by themselves or buy a one-time phishing kit.

Today, there are turnkey phishing platforms that handle everything from creating convincing pages to sending bulk emails, all for a recurring fee. Some underground developers even integrate AI to supercharge phishing.

For example, SpamGPT is an AI-powered spam-as-a-service tool that automates the production of phishing emails, cracking of email accounts, and maximization of delivery rates, essentially offering marketing-grade campaign tools to criminals. This means a would-be phisher can launch a professional-looking campaign with minimal effort.

Another innovation is the rise of malicious document builders like MatrixPDF, which turn ordinary PDFs into weaponized lures (adding fake login overlays, redirects, etc.) to slip past email filters. Criminal groups are selling these services and kits on subscription, complete with user guides and even customer support.

Our team analyzed data from 1,000 real-world IT environments and found that no organization was breach-proof.

In fact, 99% of organizations have exposed sensitive data that can easily be surfaced by AI.

Encrypted messaging platforms like Telegram have become hotbeds for cybercrime services, effectively leveraging Telegram’s API as the backbone for subscription-based criminal tools. One example is the proliferation of one-time password (OTP) bots.

Source: BleepingComputer