This study systematically investigates the current state, evolutionary trends, and potential implications of Crime-as-a-Service (CaaS) for cybersecurity and real-world criminal activity. Employing a scoping review methodology, it integrates 195 academic and grey literature sources for the first time and applies qualitative content analysis to delineate CaaS service typologies and prevailing research paradigms. The findings reveal that the commercialization of CaaS substantially lowers barriers to entry for cybercrime, increases attack sophistication, and enhances the resilience of criminal ecosystems. These dynamics render CaaS particularly susceptible to exploitation by organized crime groups and extremist actors, thereby accelerating the convergence of online and offline criminal activities and posing significant challenges for law enforcement. This work provides a systematic evidence base and theoretical framework for understanding emerging cybercrime models.

Cloud computing has drastically altered the ways in which it is possible to deliver information technologies in a service-led structure, however, this has also been reflected in the cybercrime domain. Cybercrime as a Service is an economic model where a technically skilled actor offers a given cyberattack as an end-to-end service to non-technical actors who pay a subscription fee for said service. The services, which can vary in scope, targets, and delivery modes, include everything from the vulnerability discoveries, delivery of the attack, and the attack itself to financial rewards to the subscriber. In this scoping literature review, we analysed 195 articles from both academic and grey literature with a view of investigating the services articles studied, the methodological approach the how the CaaS model is predicted to develop in the future. Our review indicates that with further commercialisation of the model will further lower the barrier of entry to the cybercrime realm, increase sophistication of the attacks and increase resilience of the service providers and their ecosystem which will result in harder shutdowns of services by the authorities. Furthermore, as the model becomes more accessible, groups such as organised crime groups, extremist actors may use them as well, which may have implications for criminal activity in both cyber and physical domains.