---
title: "What is Cybercrime-as-a-Service or CaaS? | DuoCircle"
description: "What is Cybercrime-as-a-Service or CaaS?"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/"
---

Quick Answer

Cybercrime-as-a-Service (CaaS) is a subscription or pay-per-use model where threat actors sell hacking tools, malware, phishing kits, ransomware, DDoS booters, and stolen credentials to other criminals. It mirrors legitimate SaaS: dashboards, login portals, support, even tiered pricing. Examples: DDoS booters rent for around $60 per day or $400 per week; full ransomware kits run as high as $84,000\. Microsoft tracked a 38% rise in BEC tied to CaaS between 2019 and 2022 and took down 417,678 unique phishing URLs from May 2022 to April 2023\. The effect: people with no technical skill can launch attacks that previously required expert teams, which is why CaaS-driven volume keeps rising.

What is Cybercrime-as-a-Service or CaaS?

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/03/What-is-Cybercrime-as-a-Service-or-CaaS.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdata-privacy%2Fwhat-is-cybercrime-as-a-service-or-caas%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20is%20Cybercrime-as-a-Service%20or%20CaaS%3F&url=undefined%2Fblog%2Fdata-privacy%2Fwhat-is-cybercrime-as-a-service-or-caas%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdata-privacy%2Fwhat-is-cybercrime-as-a-service-or-caas%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdata-privacy%2Fwhat-is-cybercrime-as-a-service-or-caas%2F&title=What%20is%20Cybercrime-as-a-Service%20or%20CaaS%3F "Share on Reddit") [ ](mailto:?subject=What%20is%20Cybercrime-as-a-Service%20or%20CaaS%3F&body=Check out this article: undefined%2Fblog%2Fdata-privacy%2Fwhat-is-cybercrime-as-a-service-or-caas%2F "Share via Email") 

![CAAS](https://media.mailhop.org/duocircle/images/2024/03/windows-smtp-service.jpg) 

Don’t we all love it when tasks become easier for us? And by saying ‘all’ we unfortunately have to include cybercriminals as well. What we are talking about today is [cybercrime-as-a-service or CaaS](https://www.expresscomputer.in/news/fortiguard-labs-predicts-generative-ai-and-caas-operations-will-provide-easy-buttons-to-carry-out-cyberattacks/106275/), a model that has **democratized cybercrime** by allowing even budding malicious actors to wreak havoc with just a rudimentary understanding of cyber menaces, access to the internet, and some money. 

The [Microsoft Threat Intelligence-Cyber Signals Report 2023](https://news.microsoft.com/apac/2023/05/22/microsoft-cyber-signals-report-highlights-spike-in-cybercriminal-activity-around-business-email-compromise/) proved that the rising number of business email compromise or [BEC attacks](/email-hosting/how-organizations-can-defend-themselves-against-bec-scams-during-the-holiday-season/) are driven by CaaS by stating a 38% increase in these services between 2019 and 2022\. _Microsoft also took down **417,678 unique phishing URLs** between May 2022 to April 2023._ 

CaaS isn’t a very hot topic in the [cybersecurity](/) industry, and hence, we are sharing more about it. 

## Cybercrime-as-a-Service- Definition and Operating Style

_CaaS is a model where threat actors offer hacking and malicious services to individuals or groups in exchange for payment._ This concept borrows from the “**as a service**” model commonly seen in the legitimate IT industry, where services are offered on a subscription or [pay-as-you-go basis](https://www.chargebee.com/resources/glossaries/pay-as-you-go-pricing/), for example, software-as-a-service or SaaS.

In the context of cybersecurity, CaaS empowers **newbie bad actors** with limited technical skills or resources to get access to high-end hacking tools, [malware](/data-privacy/new-zero-click-hack-with-stealthy-root-privilege-malware-targets-ios-users/), [rootkits](https://en.wikipedia.org/wiki/Rootkit), etc., without having to develop any special skills or undergo any sort of training. 

The irony is that cybercriminals run even these illegitimate services in an organized and **legitimate-looking manner**. They offer a subscription model, where only the paid ‘services’ or ‘products’ are accessible through legit login credentials. 

The prices vary depending on the sophistication of the tool and how badly it can affect the target- so a [DDoS booter](https://www.bleepingcomputer.com/news/security/police-cracks-down-on-ddos-for-hire-service-active-since-2013/) can be rented for as little as $60 per day or around $400 per week. Although there are **ransomware kits** that can cost you as much as $84,000\. 

All **this is disturbing** to find out as now it means that virtually anyone with just a few dollars and base-level knowledge of running technical devices can play with your privacy. 

In fact, Assistant Director-General of the Australian Signals Directorate (ASD) Rita Erfurt has also raised her concerns and stated that the [country is observing](https://www.governmentnews.com.au/cyber-crime-as-a-service-adopts-modern-business-models/) many cases of **double extortions**, where victims’ networks are encrypted through ransomware, and their data is stolen to be used as an extra way to get money.

She also added how [CaaS-driven malicious actors](https://securityboulevard.com/2024/01/cybercrime-marketplaces-soar-in-2024-all-threats-now-available-as-a-service/) will let you know of their presence loud and proud as they are **financially motivated** and after a cashout.

[![Cyber Crime Statistics 2024](https://media.mailhop.org/duocircle/images/2024/03/cross-tenant-migration-office-365-2.jpg)](https://media.mailhop.org/duocircle/images/2024/03/cross-tenant-migration-office-365-2.jpg)

## Microsoft is on the Hunt

In 2023, [Microsoft obtained legal permissions](https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/) from the court from the Southern District of New York to dismantle **1152’s network**, a group that runs an extensive cybercrime-as-a-service network. Microsoft got permission to seize its US-based infrastructure, which involved shutting down its key websites, 750 million **fake Microsoft accounts**, illicit social media pages, YouTube tutorials teaching how to bypass security measures, etc. 

By far, Microsoft has identified three **Vietnam-based people** behind these operations: Duong Dinh Tu, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Tai Van Nguyen.

This group is especially a threat as it offers its unauthorized and [malicious services](https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html) openly rather than on the dark web. 

## Primary Activities in CaaS

This is how activities unfold in standard [CaaS-used cyberattacks](https://thehackernews.com/2022/02/trickbot-gang-likely-shifting.html)\-

### Vulnerability-Discovery-as-a-Service

The first thing a [threat actor](https://edition.cnn.com/2024/01/24/tech/hewlett-packard-enterprise-hack-russia-cozy-bear/index.html) does is spot a vulnerability so that they can plan to exploit it. **Vulnerability-discovery-as-a-service or VDaaS** is the subcategory of CaaS, where dealers on the dark web announce the services of cyberattack professionals or automated tools to find and evaluate [security loopholes in targets’ devices](https://vates.com/seven-it-system-loopholes-that-must-be-addressed-timely/), networks, or applications. 

### Exploitation-Development-as-a-Service

Up next comes the exploitation-as-a-service or EDaaS, where threat actors sell services that play with the [vulnerabilities](/email-security/two-zero-day-vulnerabilities-discovered-in-microsoft-exchange-server-patches-pending/) found in the above step. To drive such services, threat actors create or **customize codes** that are capable of taking down systems by manipulating security weaknesses.

They may also think of setting up [operational weaknesses](https://apc1040.com/operational-weaknesses/) like [fake wifi networks](https://cybernews.com/security/wifi-vulnerabilities-allow-attackers-overtake-networks/) or spyware to play with the **human link** before launching payload computers, networks, or applications.

## Secondary Activities in CaaS

An ecosystem keeps all its elements intact and in sync with each other, ensuring a long-living cycle. Similarly, there is a CaaS ecosystem that revolves around building and expanding a marketplace, community, and an **extensive playground** so that threat actors get more area to work upon. This drill involves the [hacker community](https://www.bugcrowd.com/glossary/hacker-community/#:~:text=A%20hacker%20community%20is%20a,measures%20to%20achieve%20targeted%20outcomes.), marketing and delivery actions, and operations and lifecycle management. 

_Their overall agenda is to **decrease entry barriers** from fellow hackers and trade gains for money or assistance in cybercrimes._

## Defense is Challenging Yet Necessary

It’s challenging to [shield your businesses](/phishing-protection/how-to-be-cyber-smart-the-best-cybersecurity-tips-to-empower-your-team-this-cybersecurity-awareness-month/) and their reputation against CaaS-using cybercriminals due to the easy accessibility and availability of sophisticated tools and services for newbie [malicious actors](https://www.bbc.com/news/technology-67583486). However, it’s also absolutely necessary to put **preventive measures** in place because these services trigger and facilitate widespread threats.

[![email authentication](https://media.mailhop.org/duocircle/images/2024/03/SPF-record-checker-6812.jpg)](https://media.mailhop.org/duocircle/images/2024/03/SPF-record-checker-6812.jpg)

Thus, we strongly encourage using [email authentication](/resources/email-authentication) protocols like [SPF](/content/spf-record-check), [DKIM](/resources/what-is-dkim), [DMARC](/email/dmarc), and [BIMI](/resources/what-is-bimi), strong and unique passwords, [backup email](/content/backup-email) tools, **firewalls**, [intrusion detection systems](/msp-email-security/cybersecurity-best-practices-every-msp-must-adopt/), etc. We are available to help you stay safe from phishing-based cyber menaces- get in touch to know how.

## Topics

SecurityTrends 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Privacy 6m  AI Models Are Stealing Your Passwords By Listening To Your Keyboard  Oct 20, 2023 ](/blog/data-privacy/ai-models-are-stealing-your-passwords-by-listening-to-your-keyboard/)[  Privacy 3m  Check Point Research Q1 2024 Results- Microsoft, Google, and Linkedin Topped the List; Airbnb is a New Entry  Apr 18, 2024 ](/blog/data-privacy/check-point-research-q1-2024-microsoft-google-linkedin-lead-airbnb-joins/)[  Privacy 6m  Cyber Security vs Ethical Hacking: What’s the Difference?  Apr 10, 2024 ](/blog/data-privacy/cyber-security-vs-ethical-hacking-whats-the-difference/)[  Privacy 3m  Cybercrime Surge: The Automotive Sector Under Siege!  May 23, 2024 ](/blog/data-privacy/cybercrime-surge-the-automotive-sector-under-siege/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"What is Cybercrime-as-a-Service or CaaS?","description":"What is Cybercrime-as-a-Service or CaaS?","url":"https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/","datePublished":"2024-03-06T13:13:37.000Z","dateModified":"2025-08-28T11:23:42.000Z","dateCreated":"2024-03-06T13:13:37.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/"},"articleSection":"data-privacy","keywords":"Security, Trends","wordCount":860,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/03/windows-smtp-service.jpg","caption":"CAAS","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Privacy"},{"@type":"ListItem","position":3,"name":"What is Cybercrime-as-a-Service or CaaS?","item":"https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Privacy","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"What is Cybercrime-as-a-Service or CaaS?","item":"https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"What is Cybercrime-as-a-Service or CaaS?","description":"What is Cybercrime-as-a-Service or CaaS?","url":"https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/","datePublished":"2024-03-06T13:13:37.000Z","dateModified":"2025-08-28T11:23:42.000Z","dateCreated":"2024-03-06T13:13:37.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/data-privacy/what-is-cybercrime-as-a-service-or-caas/"},"articleSection":"data-privacy","keywords":"Security, Trends","wordCount":860,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/03/windows-smtp-service.jpg","caption":"CAAS","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```