A new HP Wolf Security report says cybercrime is being supercharged by “plug and play” malware kits that make it easier than ever to launch attacks. Cybercriminals are focusing on known bugs and vulnerabilities in popular software.

malware menotiring system.png 
       Malware mentoring system for sale online

“Cyber syndicates are collaborating with amateur attackers to target businesses, putting our online world at risk,” according to HP's Wolf Security Report ‘The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back.’

The Wolf Security threat team worked with Forensic Pathways, a group of global forensic professionals, on a three-month dark web investigation, analysing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate.

Key findings:

Malware is cheap and readily available – Over three quarters (76%) of malware advertisements listed, and 91% of exploits (i.e., code that gives attackers control over systems by taking advantage of software bugs), retail for under $10 USD. The average cost of compromised Remote Desktop Protocol credentials is just $5 USD. Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services reducing the need for technical skills and experience to conduct complex, targeted attacks – in fact, just 2-3% of threat actors today are advanced coders.

The irony of ‘honour amongst cyber-thieves’  Much like the legitimate online retail world, trust and reputation are ironically essential parts of cybercriminal commerce: 77% of cybercriminal marketplaces analysed require a vendor bond – a license to sell – which can cost up to $3,000. 85% of these use escrow payments, and 92% have a third-party dispute resolution service. Every marketplace provides vendor feedback scores. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputation between websites – as the average lifespan of a dark net Tor website is only 55 days.

Popular software is giving cybercriminals a foot in the door – Cybercriminals are focusing on finding gaps in software that will allow them to get a foothold and take control of systems by targeting known bugs and vulnerabilities in popular software. Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers. Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000-$4,000 USD). Zero Days (vulnerabilities that are not yet publicly known) are retailing at 10s of thousands of dollars on dark web markets.Malware PC

“Unfortunately, it’s never been easier to be a cybercriminal,” said report author Alex Holland, senior malware analyst at HP Inc. “Complex attacks previously required serious skills, knowledge and resource. Now the technology and training is available for the price of a gallons of gas. And whether it’s having your company ad customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cybercrime affects us all.

“At the heart of this is ransomware, which has created a new cybercriminal ecosystem rewarding smaller players with a slice of the profits. This is creating a cybercrime factory line, churning out attacks that can be very hard to defend against and putting the businesses we all rely on in the crosshairs.”

The report offers the following advice for businesses:

Master the basics to reduce cybercriminals’ chances: Follow best practices, such as multi-factor authentication and patch management; reduce your attack surface from top attack vectors like email, web browsing and file downloads; and prioritize self-healing hardware to boost resilience.

Limit risk posed by your people and partners by putting processes in place to vet supplier security and educate workforces on social engineering; and be process-oriented and rehearse responses to attacks so you can identify problems, make improvements and be better prepared.

Cybercrime is a team sport. Cybersecurity must be too: talk to your peers to share threat information and intelligence in real-time; use threat intelligence and be proactive in horizon scanning by monitoring open discussions on underground forums; and work with third-party security services to uncover weak spots and critical risks that need addressing.

“We all need to do more to fight the growing cybercrime machine,” says Dr. Ian Pratt, global head of security for personal systems at HP Inc. “For individuals, this means becoming cyber aware. Most attacks start with a click of a mouse, so thinking before you click is always important. But giving yourself a safety net by buying technology that can mitigate and recover from the impact of bad clicks is even better.”

Read the full report here https://threatresearch.ext.hp.com/evolution-of-cybercrime-report/

 

Pin It