Feature Some of the world's most notorious ransomware and malware-as-a-service (RaaS/MaaS) operators have closed shop in the past 12 months thanks to international law enforcement efforts, but only because household names like Conti, LockBit and ALPHV /BlackCat are on the ropes, that doesn't mean we're free from the threat of malware.

That's not to say that disrupting key RaaS and MaaS operators isn't an integral part of global efforts to stem the tide of such criminal behavior—it's just that the big gangs are only a small part of the overall cybercrime economy.

While there may be a gang running a criminal infrastructure and providing the code, each of these also comes with countless affiliates who treat their illegal kit like any other piece of enterprise or SMB software. A recent Europol report suggests that these affiliates are increasingly turning to smaller operators, or going it alone, to avoid digital dragnets.

So, how do the good guys get the upper hand? It's about understanding how the shadow economy that has grown up around commodity malware works and destroying its weakest and most essential link: Trust between malware operators and affiliates.