How Crime-As-A-Service Has Turned Hacking Into A Subscription Business

A.R. Perez, Netlok, June 17, 2025

The pace of technological change is accelerating crime. For example, cybercrime has undergone a fundamental transformation over the past two decades, evolving from isolated hackers operating in basements to sophisticated criminal enterprises that mirror legitimate business models 1, 2. What was once the domain of technically skilled individuals driven by prestige and ideology has become a $1.5 trillion in cybercriminal revenue/earnings that operates with the professionalism and structure of Fortune 500 companies 3, 2. In this article, we will examine how cybercrime has evolved into a modern business model that is profitable and built to attack you, your family, and business.

The Evolution from Individual Hackers to Criminal Enterprises

Early Days: Prestige Over Profit

The first phase of cybercrime, roughly spanning from 1990 to 2006, was characterized by hackers motivated primarily by personal prestige and technical challenge rather than financial gain 4. These early cybercriminals operated as lone wolves, requiring extensive technical knowledge and specialized skills to execute attacks 4. The underground economy was fragmented, with limited collaboration between different criminal actors5.

The Dotcom Realization

The dotcom boom fundamentally shifted the cybercrime paradigm by demonstrating the immense financial potential of internet-based activities 4. Criminals began to recognize that the same digital infrastructure powering legitimate e-commerce could be exploited for illicit profit 4. This realization marked the beginning of cybercrime’s transformation into a business-driven enterprise 4.

The Birth of Crime-As-A-Service

Defining the CaaS Model

Crime-as-a-Service (CaaS) represents a business model where cybercriminals provide various hacking and cybercrime services to other individuals or groups, typically for financial gain 6. This model essentially commodifies and commercializes cybercriminal activities, allowing even those with little technical expertise to engage in sophisticated cyberattacks 6. The CaaS framework mirrors legitimate Software-as-a-Service (SaaS) business models, transforming hacking into a subscription service available to individuals, groups, and even nation-states 1.

The Democratization of Cybercrime

The emergence of CaaS has fundamentally democratized cybercrime by lowering the barriers to entry 7, 5. Previously, successful cyberattacks required exceptional technical abilities that were limited to a small group of highly skilled individuals 5. Today, budding cybercriminals need only a rudimentary understanding of cybersecurity, internet access, and a few dollars in cryptocurrency to initiate sophisticated attacks 6, 7.

This democratization is exemplified by cases like the infamous Lapsus$ hacking group, where several members were renegade teenagers who managed to breach tech giants like Microsoft and Nvidia, with the group’s former leader being a 16-year-old living at his mother’s home in the English countryside1.

Business Models and Revenue Structures

Subscription-Based Pricing Models

The CaaS ecosystem employs various pricing models that mirror legitimate business practices 8, 9. The most common revenue structures include:

Monthly Subscriptions: Many cybercrime services operate on recurring monthly fees, similar to legitimate SaaS platforms 8. These subscriptions often range from tens to thousands of dollars, depending on the sophistication of the service 10.

Commission-Based Models: In ransomware-as-a-service operations, developers typically receive a 20-30% cut while affiliates retain 70-80% of ransom payments 9. This revenue-sharing model incentivizes both development and deployment of criminal tools 9.

One-Time Purchases: Some services offer single-payment options for specific tools or access credentials 8. For example, corporate login credentials can sell for several thousand dollars 11.

Hybrid Models: Many providers combine subscription fees with performance-based commissions, maximizing revenue from multiple streams 8, 9.

Market Maturation and Pricing Evolution

The cybercrime marketplace has demonstrated remarkable price evolution as competition has intensified 4. The Zeus malware, which originally cost $8,000, saw its price drop to around $500 due to competition from SpyEye 4. By 2011, when the Zeus source code was leaked, it effectively became free, demonstrating how market forces operate even in illegal sectors 4.

The Scale of the Criminal Economy

Revenue and Economic Impact

The cybercrime economy has reached staggering proportions, with research estimating total annual revenues at $1.5 trillion 3. This massive figure breaks down across various criminal activities:

• $860 billion from illicit markets
• $500 billion from trade secret theft
• $160 billion from data trading
• $1.6 billion from crimeware services
• $1 billion from ransomware operations 3

Cybersecurity Ventures projects that the total economic damage to victims will reach $10.5 trillion annually by 2025, representing a 15% annual growth rate 12. If cybercrime were measured as a country, it would rank as the world’s third-largest economy, behind only the United States and China 13, 12.

Service Diversification

The CaaS ecosystem now encompasses nearly every aspect of cybercrime 14, 15. Beyond traditional malware and phishing kits, the marketplace now offers:

Advanced Specialized Services:

• OPSEC-as-a-Service to help attackers hide infections
• Scanning-as-a-Service providing access to legitimate commercial tools like Metasploit
• DDoS-as-a-Service for distributed denial of service attacks
• Botnet-for-hire services 6, 14

Professional Support Services:

• Technical support and customer service
• Step-by-step instructions and training materials
• 24/7 helpdesk operations
• Private forums for information exchange 8, 16

Organizational Structure and Professionalization

Corporate-Style Operations

Modern cybercrime organizations have adopted sophisticated business structures that mirror legitimate enterprises 14, 15. These criminal enterprises now feature:

Hierarchical Management: Clear organizational charts with specialized roles including developers, distributors, and end-users 17. Developers create malicious software, distributors act as intermediaries assembling attack teams, and end-users execute attacks with minimal knowledge of the larger operation 17.

Human Resources Functions: Cybercrime marketplaces now feature dedicated help-wanted pages and recruiting staff 14, 15. Criminal job seekers post summaries of their skills and qualifications, while employers advertise positions with competitive salaries, performance bonuses, and even paid time off 10.

Research and Development: Criminal organizations invest heavily in innovation, constantly developing new attack methods and improving existing tools to evade detection 5, 11.

Professional Customer Experience

The professionalization of cybercrime extends to customer service and user experience 11. Criminal service providers now offer:

• Demo sites showcasing their malware capabilities
• Comprehensive user guides and documentation
• Online training and technical support
• Regular software updates and patches
• Money-back guarantees and service level agreements 16, 11

Ransomware-as-a-Service: The Premium Model

The RaaS Business Model

Ransomware-as-a-Service (RaaS) represents perhaps the most sophisticated evolution of the CaaS model 8. RaaS providers lease out compiled ransomware, source code, and complete infrastructure packages to affiliates 8. These services include:

• Customization tools for targeting specific operating systems
• Infrastructure for managing ransomware campaigns
• Control panels for monitoring attacks
• Technical support and negotiation assistance 8

Major RaaS Operations

Prominent RaaS groups like Conti, REvil (Sodinokibi), DarkSide, and LockBit have established themselves as major players in the criminal marketplace 8. LockBit 3.0, for instance, operates as a full-service RaaS platform where affiliates share a percentage of profits with operators as commission 18.

These organizations have demonstrated remarkable resilience and adaptability 18. When law enforcement disrupts one operation, others quickly emerge to fill the market gap, suggesting a mature and self-sustaining ecosystem 11.

Market Infrastructure and Payment Systems

Dark Web Marketplaces

The CaaS economy operates primarily through dark web marketplaces that provide anonymity and security for both buyers and sellers 19. These platforms have evolved sophisticated features including:

Payment Systems: Bitcoin and Monero are the primary cryptocurrencies used, with many marketplaces implementing mixing services for additional anonymity 19.

Escrow Services: Sophisticated escrow mechanisms protect both buyers and sellers, with funds held until services are delivered satisfactorily 19.

Multi-signature Security: Advanced marketplaces use multi-signature wallets requiring authorization from two of three parties (buyer, seller, marketplace) to complete transactions 19.

Auto-finalize Features: Automatic fund release mechanisms ensure vendors receive payment even if buyers don’t confirm receipt 19.

Trust and Reputation Systems

Criminal marketplaces have developed comprehensive trust and reputation systems that parallel legitimate e-commerce platforms 10. Vendors with proven track records of delivering working malware and maintaining operational security can command premium prices 10. Some ransomware groups have built such strong reputations for reliability that they leverage their “brand recognition” to charge higher fees 10.

The Future of Criminal Innovation

Continuous Evolution

The CaaS ecosystem continues to evolve rapidly, driven by the same market forces that shape legitimate business 11. As cybersecurity defenses improve, criminal services adapt by offering more sophisticated tools and techniques 14, 15. The commoditization of nearly every component of cybercrime has created opportunities for attackers of any skill level to participate in this underground economy 14, 15.

Economic Incentives

The massive financial incentives driving the CaaS ecosystem show no signs of diminishing3. With annual revenues exceeding $1.5 trillion and growth rates of 15% per year, the criminal economy has established itself as a self-sustaining and continuously expanding sector 1, 23.

Conclusion

The transformation of cybercrime from individual hacking activities to a subscription-based service economy represents one of the most significant developments in modern criminal enterprise 17. By adopting legitimate business models, implementing professional operational structures, and creating user-friendly service offerings, cybercriminals have successfully democratized access to sophisticated attack capabilities 6, 14.

This evolution has fundamentally altered the threat landscape, making advanced cyberattacks accessible to anyone with modest financial resources and basic internet access 7 16. The CaaS model’s success demonstrates how criminal organizations can adapt and thrive by mimicking the very business innovations they seek to exploit 4, 11.

As the cybercrime economy continues to mature and expand, reaching projected revenues of $10.5 trillion by 2025, it presents an unprecedented challenge to cybersecurity professionals and law enforcement agencies worldwide 12. The subscription-based nature of modern cybercrime has created a resilient, scalable, and increasingly sophisticated threat that mirrors the digital transformation occurring in legitimate business sectors 1, 15.

1. https://register.bank/insights/cybercrime-as-a-service-overview/
2. https://arcticwolf.com/resources/blog/decade-of-cybercrime/
3. https://www.linkedin.com/pulse/dark-web-economics-understanding-business-models-cybercrime-baek-wtpoc
4. https://www.securityweek.com/understanding-evolution-cybercrime-predict-its-future/
5. https://www.europol.europa.eu/iocta/2014/chap-3-1-view1.html
6. https://cpl.thalesgroup.com/blog/encryption/cybercrime-as-a-service-caas-explaned
7. https://fieldeffect.com/blog/cybercrime-as-a-service
8. https://encyclopedia.kaspersky.com/glossary/ransomware-as-a-service-raas/
9. https://www.bleepingcomputer.com/news/security/dozens-of-ransomware-gangs-partner-with-hackers-to-extort-victims/
10. https://www.linkedin.com/pulse/inside-ransomware-economy-dark-web-markets-pricing-tactics-baek-qxunc
11. https://knowledge.insead.edu/operations/professionalisation-cyber-criminals
12. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
13. https://www.criticalstart.com/cybercrime-the-worlds-3rd-largest-economy/
14. https://digitalisationworld.com/news/64595/cybercrime-reaches-new-levels-of-commercialisation
15. https://www.msp-channel.com/news/64595/cybercrime-reaches-new-levels-of-commercialisation
16. https://www.kiwitech.com/blog/malware-as-a-service-how-cybercrime-has-become-a-business-model/
17. https://cointelegraph.com/explained/crimeware-as-a-service-a-new-threat-to-crypto-users
18. https://www.cyber.gov.au/sites/default/files/2023-06/acsc-ransomware-profile-lockbit-3.0-june-2023.pdf
19. https://docs.apwg.org/ecrimeresearch/2021/ecrime2021-paper55.pdf
20. https://www.techtarget.com/whatis/feature/Cybercrime-as-a-service-explained-What-you-need-to-know
21. https://sac.media/2024/10/03/opinion-the-subscription-business-model-needs-to-stop/
22. https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy
23. https://www.businessofgovernment.org/sites/default/files/Viewpoint%20Strickland%20et%20al.pdf