{"id":10340,"date":"2026-03-12T09:00:00","date_gmt":"2026-03-12T09:00:00","guid":{"rendered":"https:\/\/www.withsecure.com\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/"},"modified":"2026-03-12T09:00:00","modified_gmt":"2026-03-12T09:00:00","slug":"changing-economics-of-cybercrime-as-a-service","status":"publish","type":"lab_item","link":"https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/","title":{"rendered":"The Changing Economics of Cybercrime-as-a-Service: What Defenders Need to Know"},"content":{"rendered":"<section\n    class=\"wp-block-one-column-block edwp-block js-wp-block-one-column-block wp-block-one-column-block--content-1 wp-block-one-column-block--meta-sharing layout--spacing-xxxxl-top layout--spacing-xl-bottom\"\n    >\n    <div class=\"wp-block-one-column-block__container\">\n                                                                                                                            <div class='wp-block-one-column-block__meta-sharing-grid'><div class=\"wp-component-content wp-component-content--default wp-block-one-column-block__content fade-in\">\n            <h1 class=\"wp-component-heading text--h2 wp-component-content__title\">\n    The Changing Economics of Cybercrime-as-a-Service: What Defenders  <span class=\"blue-text\">Need to Know<\/span><\/h1>                    <div class=\"wp-component-content__inner\">\n                                                    <div class=\"wp-component-content__meta\">\n                                                                            <span class=\"wp-component-content__meta-categories\">\n                                                                    <span class=\"wp-component-content__meta-category\">\n                                        Network Security                                    <\/span>\n                                                                    <span class=\"wp-component-content__meta-category\">\n                                        Ransomware                                    <\/span>\n                                                            <\/span>\n                                                                                                    <span class=\"wp-component-content__meta-date\">\n                                12 3\u6708, 2026                            <\/span>\n                                                                    <\/div>\n                                            <\/div>\n                <\/div><section\n    class=\"wp-block-sharing-icons edwp-block wp-block-sharing-icons--disable-border wp-block-sharing-icons--content-1 wp-block-sharing-icons--disable-container wp-block-one-column-block__sharing fade-in wp-block-one-column-block__sharing fade-in\"\n    >\n    <div class=\"wp-block-sharing-icons__container\">\n        <div class=\"wp-block-sharing-icons__inner\">\n                            <p class=\"wp-block-sharing-icons__title fade-in\">\n                    \u30b7\u30a7\u30a2\u3059\u308b                <\/p>\n                        <div class=\"wp-component-socials wp-component-socials--dark-mode\">\n    \n            <a href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/&#038;title=The%20Changing%20Economics%20of%20Cybercrime-as-a-Service:%20What%20Defenders%20Need%20to%20Know\" target=\"_blank\" rel=\"noreferer noopener\" class=\"wp-component-socials__link\" title=\"Linkedin\u3067\u5171\u6709\u3059\u308b\">\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#linkedin'><\/use>\n            <\/svg>        <\/a>\n    \n            <a href=\"http:\/\/x.com\/share?text=The Changing Economics of Cybercrime-as-a-Service: What Defenders Need to Know&#038;url=https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/\" target=\"_blank\" rel=\"noreferer noopener\" class=\"wp-component-socials__link wp-component-socials__link--twitter\" title=\"\u30c4\u30a4\u30c3\u30bf\u30fc\u3067\u5171\u6709\">\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#x'><\/use>\n            <\/svg>        <\/a>\n    \n    \n    <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<\/div>                                                                            <div class=\"wp-component-image__wrapper wp-block-one-column-block__image fade-in\">\n                    <\/div>\n                                                                                <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-one-column-block edwp-block js-wp-block-one-column-block wp-block-one-column-block--content-1 layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-one-column-block__container\">\n                                                                                                                                    <div class=\"wp-component-image__wrapper wp-block-one-column-block__image fade-in\">\n                    <figure class=\"wp-component-image__figure\">\n                                            <img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"800\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research.jpg.webp\" class=\"wp-component-image\n                            wp-component-image--desktop\n                            wp-component-image--mobile\n                            wp-component-image--ratio-content-25-1 wp-component-image--fit-cover\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research.jpg.webp 1200w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research-300x200.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research-1024x683.jpg.webp 1024w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research-768x512.jpg.webp 768w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research-447x298.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_research-219x146.jpg.webp 219w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/>                                                    <\/figure>\n                    <\/div>\n                                                                                <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-two-column-block edwp-block js-wp-block-two-column-block wp-block-two-column-block--content-1 wp-block-two-column-block__left--align-y-top wp-block-two-column-block__right--align-y-top wp-block-two-column-block--split-sidebar layout--none-top layout--spacing-xxxl-bottom\"\n    data-block-id=\"block_089d6c6ad75cdd2daff5a6fd301af64f\"\n    >\n    <div class=\"wp-block-two-column-block__container row-load\">\n                                                        <div class=\"wp-block-two-column-block__left\">\n                                    <div class=\"wp-component-authors-list wp-block-two-column-block__authors\">\n                    <p class=\"wp-component-authors-list__title\">\n                Authors            <\/p>\n        \n        <div class=\"wp-component-authors-list__items\">\n                                                <div class=\"wp-component-author-card \">\n    <div class=\"wp-component-author-card__media\">\n                    <span class=\"wp-component-author-card__photo-placeholder\" aria-hidden=\"true\">\n                <svg viewBox=\"0 0 64 64\" role=\"presentation\" focusable=\"false\">\n                    <path d=\"M32 34c-8.1 0-14.7 6.6-14.7 14.7v3.5h29.4v-3.5C46.7 40.6 40.1 34 32 34z\"><\/path>\n                    <path d=\"M32 31.2c6 0 10.9-4.9 10.9-10.9S38 9.4 32 9.4s-10.9 4.9-10.9 10.9S26 31.2 32 31.2z\"><\/path>\n                <\/svg>\n            <\/span>\n            <\/div>\n    <div class=\"wp-component-author-card__content\">\n                    <h3 class=\"wp-component-author-card__name\">Neeraj Singh<\/h3>\n        \n                \n            <\/div>\n\n<\/div>\n\n                                    <\/div>\n\n            <\/div>\n<nav\n    class=\"wp-component-content-navigation wp-block-two-column-block__content-nav js-content-navigation\"\n    data-bem-base=\"wp-component-content-navigation\"\n    data-nav-column=\"left\"\n    data-nav-type=\"auto\"\n>\n            <p class=\"wp-component-content-navigation__title\">\n            Content        <\/p>\n    \n    <div class=\"wp-component-content-navigation__mobile\">\n        <label class=\"wp-component-content-navigation__mobile-label\">\n            <span class=\"wp-component-content-navigation__mobile-label-text\">\n                \u30b3\u30f3\u30c6\u30f3\u30c4\u30ca\u30d3\u30b2\u30fc\u30b7\u30e7\u30f3            <\/span>\n            <select class=\"wp-component-content-navigation__select js-content-navigation-select\">\n                <option value=\"\">\n                    \u30bb\u30af\u30b7\u30e7\u30f3\u3092\u9078\u629e                <\/option>\n                            <\/select>\n        <\/label>\n    <\/div>\n\n    <div class=\"wp-component-content-navigation__desktop\">\n        <div class=\"wp-component-content-navigation__list-wrapper\">\n            <span\n                class=\"wp-component-content-navigation__indicator js-content-navigation-indicator\"\n                aria-hidden=\"true\"\n            ><\/span>\n            <ul class=\"wp-component-content-navigation__list js-content-navigation-list\">\n                            <\/ul>\n        <\/div>\n    <\/div>\n<\/nav>\n<section\n    class=\"wp-block-sharing-icons edwp-block wp-block-sharing-icons--disable-border wp-block-sharing-icons--disable-container wp-block-two-column-block__share wp-block-two-column-block__hide-mobile wp-block-two-column-block__share wp-block-two-column-block__hide-mobile\"\n    >\n    <div class=\"wp-block-sharing-icons__container\">\n        <div class=\"wp-block-sharing-icons__inner\">\n                            <p class=\"wp-block-sharing-icons__title fade-in\">\n                    Share this story                <\/p>\n                        <div class=\"wp-component-socials wp-component-socials--dark-mode\">\n    \n            <a href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/&#038;title=The%20Changing%20Economics%20of%20Cybercrime-as-a-Service:%20What%20Defenders%20Need%20to%20Know\" target=\"_blank\" rel=\"noreferer noopener\" class=\"wp-component-socials__link\" title=\"Linkedin\u3067\u5171\u6709\u3059\u308b\">\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#linkedin'><\/use>\n            <\/svg>        <\/a>\n    \n            <a href=\"http:\/\/x.com\/share?text=The Changing Economics of Cybercrime-as-a-Service: What Defenders Need to Know&#038;url=https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/\" target=\"_blank\" rel=\"noreferer noopener\" class=\"wp-component-socials__link wp-component-socials__link--twitter\" title=\"\u30c4\u30a4\u30c3\u30bf\u30fc\u3067\u5171\u6709\">\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#x'><\/use>\n            <\/svg>        <\/a>\n    \n    \n    <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n                <\/div>\n                                                <div class=\"wp-block-two-column-block__right\">\n                                <div class=\"wp-component-paragraph wp-block-two-column-block__paragraph \">\n    <p>Back in 2023, when we last wrote about <a href=\"https:\/\/www.withsecure.com\/content\/dam\/with-secure\/en\/resources\/WS_Professionalisation_of_CyberCrime_EN.pdf\">Cybercrime-as-a-Service<\/a>, we described cybercrime as an economy that had figured out how to scale. Ransomware-as-a-Service affiliates, Initial Access Brokers, Crypter-as-a-Service providers, Malware-as-a-Service developers &#8211; each of them owning a role in the kill chain and each handoff between them monetized.<\/p>\n<p>It looked like a trend back then. Now it looks like the baseline, the foundation on which everything else is getting built.<\/p>\n<h2>How initial access has shifted<\/h2>\n<p>Initial Access Brokers (IAB) were already monetizing footholds and lowering the technical bar for operators who simply did not want to deal with the hard part of gaining initial access. What has changed is what the foothold often looks like. Across recent incident response investigations, we are increasingly seeing cases where IABs are not just trading stolen passwords. They are selling session tokens and cookie-backed authenticated login states, which means live, ready-to-use access where authentication has already happened.<\/p>\n<p>Infostealers played a big role behind this shift. Deployed at scale across endpoints, they harvest active sessions from browsers, endpoint credential stores, and enterprise SSO environments. The resulting access sells fast because it is immediately actionable. It eliminates noisy behaviour that defenders used to detect, such as failed logins, brute forcing, MFA prompt flooding, and in some cases removes the need for privilege escalation steps, depending on what permissions the harvested session already carries.<\/p>\n<p>This has downstream consequences that defenders are still adjusting to. The dwell time that defenders previously relied upon to detect intrusions before they escalated has shortened. It also changes what response playbook must look like. Password rotation is no longer sufficient when the active threat is a live session that survives credential changes. Defenders need to revoke sessions, invalidate tokens, and treat persistence in identity systems with the same urgency they apply to persistence on endpoints.<\/p>\n<h2>Artificial Intelligence is entering the attack chain<\/h2>\n<p>The window for treating AI in cybercrime as a future concern has closed. CERT-UA\u2019s analysis of <a href=\"https:\/\/cert.gov.ua\/article\/6284730\" target=\"_blank\" rel=\"noopener\">LAMEHUG<\/a>, a python-based malware provides example of LLM integration inside an active attack chain. LAMEHUG calls the API at runtime, querying the model to dynamically generate system commands based on natural language descriptions, then execute those commands directly on compromised host. This is not a proof-of-concept or research finding. The campaign was directed at Ukrainian executive government authorities during an active conflict.<\/p>\n<p>Malware capable of generating malicious code dynamically through API calls, instead of using a fixed payload, has also been detected. Signature-based detection, and even many behaviour-based detections, are built on the assumption that a payload has a consistent, identifiable structure. A payload that rewrites itself breaks that assumption.<\/p>\n<p>In operational contexts, threat actors have been observed using generative AI to produce bespoke command-and-control scripts and custom malware on demand, reducing the time between gaining initial access and achieving their objectives. AI is also being used to automate earlier stages of the attack chain entirely, including reconnaissance, vulnerability scanning across target infrastructure, and deployment staging. These tools are now available commercially on underground forums with subscription pricing models and tiered features.<\/p>\n<p>For defenders, the implication is to defend against faster attacks. When a single operator can automate reconnaissance, generate custom malware, and move through the entire kill chain with fewer external dependencies, there are fewer transaction traces, fewer inter-group communication patterns, and less time between access and impact.<\/p>\n<h2>The boundary between cybercriminal and state-aligned activity is narrowing<\/h2>\n<p>Earlier, state-aligned threat actors using criminal underground infrastructure to purchase access was described as an emerging and somewhat exceptional overlap. State actors hiding within the noise of commodity criminal tooling to maintain plausible deniability was a trend worth monitoring. That framing is no longer accurate for describing current trends.<\/p>\n<p>We now routinely encounter operations where the same IAB infrastructure and relay networks appear in what could be classified as either a criminal extortion operation or a state-aligned espionage campaign. The early stages of the attack chain are often operationally indistinguishable. The same access and infrastructure can serve both criminal and state-aligned objectives, with different end goals emerging from the same initial footprint.<\/p>\n<h2>The shift from encryption to exfiltration as primary leverage<\/h2>\n<p>Ransomware has been the profit engine driving the professionalization of the criminal ecosystem for several years, but the mechanics of leverage have been shifting away from encryption and toward data theft. Organization-wide encryption is a slow, operationally complex process that generates significant noise across a network and regularly triggers alerts during execution. Some operators are skipping it as data theft alone achieves the same leverage faster and with less operational risk.<\/p>\n<p>The logic from an attacker&#8217;s perspective is straightforward. Steal sensitive data, threaten publication, and collect payment. There is no decryption key to manage, no negotiation complexity around proving that the decryptor actually works, and no risk that security software blocks the encryption process. For defenders, data staging, anomalous access to sensitive repositories and files, and exfiltration related traffic are now the indicators that should be triggering the same response priority as a ransomware alert.<\/p>\n<h2>Disrupting the infrastructure of trust<\/h2>\n<p>Two recent law enforcement operations gave us an insightful look at what it actually costs to attack the shared infrastructure layer of the cybercrime ecosystem rather than individual actors. <a href=\"https:\/\/www.europol.europa.eu\/operations-services-and-innovation\/operations\/operation-endgame\" target=\"_blank\" rel=\"noopener\">Operation Endgame<\/a> targeted dropper and loader ecosystems specifically, going after the distribution infrastructure used to deliver malware payloads at scale, infrastructure that was being shared across multiple operators from different threat groups simultaneously. <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/law-enforcement-disrupt-worlds-biggest-ransomware-operation\" target=\"_blank\" rel=\"noopener\">Operation Cronos<\/a> targeted LockBit directly, compromising the platform itself and taking down servers across multiple countries.<\/p>\n<p>Neither operation ended the cybercrime economy, but what they demonstrated is that attacking shared services infrastructure creates multiplier effects, hitting multiple operators at once rather than taking down one group at a time. Moreover, they established that trust itself is a legitimate target. When operators cannot rely on the infrastructure they depend on, the cost-benefit calculation of participation changes.<\/p>\n<h2>Where most organisations are still behind<\/h2>\n<p>Many organizations still think that an intrusion is the work of a single unified group performing an attack;in a pre-defined technique. This produces defensive failures of detecting late, responding under pressure, and discovering during the incident that the attack involved multiple specialized operators each performing their role. If you want to reduce damage, you cannot start when the ransom note appears. You need to act earlier.<\/p>\n<p>At the same time, defenders are also getting better at working together. Public-private partnerships are improving. Government agencies and security vendors are producing more operationally useful guidance. Law enforcement coordinates across countries more than before. The information sharing problem is not fully solved though. Legal constraints, conflicting disclosure policies, incompatible sharing formats, and institutional reluctance all of them slow down the sharing of threat intelligence between organizations. Threat actors do not carry these burdens. Cybercrime-as-a-service moves fast because it is built for profit, not compliance. Defenders are improving but often slower than the threat is growing.<\/p>\n<h2>How defensive priorities need to shift<\/h2>\n<p>Identity infrastructure is not just a supporting concern anymore. The shift toward session and token trading means endpoint security and perimeter controls are not enough if identities are not monitored. The ability to revoke sessions, detect abnormal authentication behaviour, invalidating tokens and killing persistence in identity layers quickly is now as important as the ability to isolate an endpoint.<\/p>\n<p>Detection and response investment for many organizations has been inclined toward preventing malware from executing. Data staging activity, anomalous access patterns against sensitive repositories, and unusual outbound traffic are the signals that should be generating the same response urgency as a malware alert.<\/p>\n<p>Third-party and supplier access needs to be treated in scope for review. Knowing exactly which suppliers hold privileged access to your environment, auditing that access on a regular basis, and being able to revoke it quickly when something looks wrong is no longer optional.<\/p>\n<p>Continuous exposure management, keeping internet-facing asset patched, securing new SaaS adoptions means you are reducing the available entry points before any attacker has a chance to find them. IABs are running their own automated scanning continuously, so an exposed service that appears today can be listed for sale within days. When you can revoke access quickly, block lateral movement, and remove persistence fast, transferring the responsibility to new operators fail. Measure your response speed and treat it as a priority, not just a technical goal.<\/p>\n<h2>How the Cybercrime-as-a-Service is likely to develop<\/h2>\n<p>The service model will keep getting more modular because it&#8217;s easier for new operators to join and the whole system becomes harder to take down. Operators who lack the technical depth or financial resources to build capability in-house will keep subscribing to these services. Through 2025, dozens of new ransomware and extortion groups emerged alongside hundreds of new ransomware variants.<\/p>\n<p>AI is creating a different pathway. For operators with more technical capability or resources, AI tooling is reducing external dependencies. Generating obfuscated malware variants, automating reconnaissance, handling negotiation steps &#8211; these are capabilities that can now be built in-house using commercially available AI tooling without buying them from an underground marketplace. This is not the end of the service model though. What it is creating is different models where lower-capability operators who remain dependent on the marketplace and more sophisticated operators who are moving selected capabilities in-house to reduce their operational exposure. The underground marketplace for AI-enabled offensive tooling is also maturing with tiered pricing and features, leading to in-house capability getting commoditized at the tooling layer differently than traditional underground services.<\/p>\n<p>The cybercrime economy has been refined, accelerated, and partially automated. The service model is still running. It has gotten faster, quieter, and more entangled with operators whose motivations extend well beyond financial gain.<\/p>\n<\/div>\n<section\n    class=\"wp-block-sharing-icons edwp-block wp-block-sharing-icons--disable-border wp-block-sharing-icons--disable-container wp-block-two-column-block__share wp-block-two-column-block__mobile-after-right wp-block-two-column-block__share wp-block-two-column-block__mobile-after-right\"\n    >\n    <div class=\"wp-block-sharing-icons__container\">\n        <div class=\"wp-block-sharing-icons__inner\">\n                            <p class=\"wp-block-sharing-icons__title fade-in\">\n                    Share this story                <\/p>\n                        <div class=\"wp-component-socials wp-component-socials--dark-mode\">\n    \n            <a href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/&#038;title=The%20Changing%20Economics%20of%20Cybercrime-as-a-Service:%20What%20Defenders%20Need%20to%20Know\" target=\"_blank\" rel=\"noreferer noopener\" class=\"wp-component-socials__link\" title=\"Linkedin\u3067\u5171\u6709\u3059\u308b\">\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#linkedin'><\/use>\n            <\/svg>        <\/a>\n    \n            <a href=\"http:\/\/x.com\/share?text=The Changing Economics of Cybercrime-as-a-Service: What Defenders Need to Know&#038;url=https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/\" target=\"_blank\" rel=\"noreferer noopener\" class=\"wp-component-socials__link wp-component-socials__link--twitter\" title=\"\u30c4\u30a4\u30c3\u30bf\u30fc\u3067\u5171\u6709\">\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#x'><\/use>\n            <\/svg>        <\/a>\n    \n    \n    <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n                <\/div>\n                        <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-cta-banner edwp-block js-wp-block-cta-banner wp-block-cta-banner--style-icon wp-block-cta-banner--no-image layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-cta-banner__container\">\n        <div class=\"wp-block-cta-banner__box row-load\">\n            <div class=\"wp-component-content wp-component-content--help-text wp-component-content--dark wp-block-cta-banner__content\">\n                        <div class=\"wp-component-content__inner\">\n                <h2 class=\"wp-component-heading text--h2 wp-component-heading--dark wp-component-content__title\">\n    What <span class=\"blue-text\">next?<\/span><\/h2>                                    <div class=\"wp-component-content__content wysiwyg wysiwyg--dark\">\n                        <div class=\"wp-component-paragraph wp-component-paragraph--dark\">\n    <p class=\"text--p-medium\">Discover WithSecure\u2122 Elements Exposure Management.<br \/>\n&#8211; No credit card required. No obligations.No complexity.<\/p>\n<\/div>\n                    <\/div>\n                            <\/div>\n                            <div class=\"wp-component-content__buttons\">\n                <a class=\"wp-component-button btn btn--primary btn--dark\" href=\"https:\/\/www.withsecure.com\/en\/contact-us\/\">Contact us<\/a>            <\/div>\n                <\/div>                    <\/div>\n    <\/div>\n<\/section>\n\n\n\n\n<section\n    class=\"wp-block-cards edwp-block wp-block-cards--col-3 js-wp-block-cards wp-block-cards--show-overflow wp-block-cards--auto-slides-per-view layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-cards__container\">\n        <div class=\"wp-component-content wp-component-content--default wp-block-cards__content\">\n            <h2 class=\"wp-component-heading text--h2 wp-component-content__title\">\n    Related <span class=\"blue-text\">Labs content<\/span><\/h2>                    <div class=\"wp-component-content__inner\">\n                                    <div class=\"wp-component-content__content wysiwyg\">\n                        <div class=\"wp-component-paragraph \">\n    <p class=\"text--p-medium\"><span data-teams=\"true\">Find related content relating to this topic.<\/span><\/p>\n<\/div>\n                    <\/div>\n                                                            <\/div>\n                <\/div>                            <div\n                class=\"swiper wp-block-cards__swiper js-wp-block-cards-swiper\"\n                data-slides-per-view-desktop=\"auto\"\n                data-slides-per-view-tablet=\"auto\"\n                data-slides-per-view-mobile=\"auto\"\n            >\n                <div class=\"swiper-wrapper wp-block-cards__swiper-wrapper row-load\">\n                                            <div class=\"swiper-slide wp-block-cards__slide\">\n                            <div class=\"wp-component-card-insight wp-block-cards__card wp-component-card-insight--highlighted\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp\" class=\"wp-component-card-insight__image\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp 618w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-300x214.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-447x318.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-205x146.jpg.webp 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/\u30e9\u30dc<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">Attack Detection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Threat intelligence<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">DarkGate Rises: New version of DarkGate malware hunts like a Duck but bites like a RAT<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">Source: https:\/\/labs.withsecure.com\/publications\/darkgate-rises<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary btn--dark wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/darkgate-rises\/\">\u3082\u3063\u3068\u8aad\u3080<\/a>            <\/div>\n            <\/div>\n<\/div>                        <\/div>\n                                            <div class=\"swiper-slide wp-block-cards__slide\">\n                            <div class=\"wp-component-card-insight wp-block-cards__card\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp\" class=\"wp-component-card-insight__image\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp 618w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-300x214.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-447x318.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-205x146.jpg.webp 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/\u30e9\u30dc<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">Attack Detection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Threat intelligence<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">Reverse engineering a Lumma infection<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">Lumma is an information stealer that the WithSecure Detection and Response Team (DRT) have encountered several times. It has seen wider use over the past couple of years, and makes for an interesting threat to monitor.<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/reverse-engineering-a-lumma-infection\/\">\u3082\u3063\u3068\u8aad\u3080<\/a>            <\/div>\n            <\/div>\n<\/div>                        <\/div>\n                                            <div class=\"swiper-slide wp-block-cards__slide\">\n                            <div class=\"wp-component-card-insight wp-block-cards__card\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp\" class=\"wp-component-card-insight__image\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp 618w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-300x214.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-447x318.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-205x146.jpg.webp 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/\u30e9\u30dc<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">AI security<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Attack Detection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">Machine learning-driven malware analysis<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">With the rapid emergence of new malware variants, accurately classifying and attributing malware samples has become more challenging than ever<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/machine-learning-driven-malware-analysis\/\">\u3082\u3063\u3068\u8aad\u3080<\/a>            <\/div>\n            <\/div>\n<\/div>                        <\/div>\n                                    <\/div>\n                <div class=\"wp-block-cards__nav fade-in\">\n                    <div class=\"wp-block-cards__pagination js-wp-block-cards-pagination\">\n                    <\/div>\n                    <div class=\"wp-block-cards__nav-arrow js-wp-block-cards-nav-prev\">\n                        <svg class='edwp-icon edwp-icon--reg js-icon ' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                    <\/div>\n                    <div class=\"wp-block-cards__nav-arrow js-wp-block-cards-nav-next\">\n                        <svg class='edwp-icon edwp-icon--reg js-icon ' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                    <\/div>\n                <\/div>\n            <\/div>\n                                    <\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Back in 2023, when we last wrote about Cybercrime-as-a-Service, we described cybercrime as an economy that had figured out how to scale<\/p>\n","protected":false},"author":3,"featured_media":0,"template":"","categories":[345,216],"labs_content_type":[317,333],"class_list":["post-10340","lab_item","type-lab_item","status-publish","hentry","category-network-security","category-ransomware"],"acf":[],"card":"<div class=\"wp-component-card-insight js-card-link wp-component-card-insight--highlighted\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder.jpg\" class=\"wp-component-card-insight__image\" alt=\"\" decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder.jpg 618w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-300x214.jpg 300w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-447x318.jpg 447w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-205x146.jpg 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/\u30e9\u30dc<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">Network Security<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Ransomware<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">The Changing Economics of Cybercrime-as-a-Service: What Defenders Need to Know<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">Back in 2023, when we last wrote about Cybercrime-as-a-Service, we described cybercrime as an economy that had figured out how to scale<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary btn--dark wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/changing-economics-of-cybercrime-as-a-service\/\">\u3082\u3063\u3068\u8aad\u3080<\/a>            <\/div>\n            <\/div>\n<\/div>","_links":{"self":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/lab_item\/10340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/lab_item"}],"about":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/types\/lab_item"}],"author":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/users\/3"}],"wp:attachment":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/media?parent=10340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/categories?post=10340"},{"taxonomy":"labs_content_type","embeddable":true,"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/labs_content_type?post=10340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}