HP Wolf Security report reveals ironic 'honesty among thieves' as cybercriminals rely on dispute resolution services to ensure 'fair' transactions
HP Inc. released the HP Wolf Security report “The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back”. The findings show that cybercrime is supercharged through plug and play malware that makes it easier than ever to secure attacks. Cyber syndicates work with amateur attackers to target businesses, putting our online world at risk.
HP's Wolf Security team partnered with Forensic Pathways, a leading group of global forensics professionals, on a three-month investigation into the dark web, researching and analyzing more than 35 million cybercriminal purchases and forum posts to understand how they operate, how they gain trust and how they build reputation.
Key findings include:
• Malware is cheap and readily available – Over three-quarters (76%) of reported malware ads and 91% of exploits (ie code that gives attackers control of systems by exploiting software bugs), are sold with retail price less than €10. The average cost of compromised Remote Desktop Protocol credentials is just €5. Vendors sell products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials and mentoring services that reduce the need for technical skills and experience to conduct complex, targeted attacks – in fact, just 2-3% of threats today are advanced coders.
• The irony of “honesty among cyberthieves” – Like the legitimate world of online retail, trust and reputation are key parts of the cybercrime trade: 77% of cybercrime markets analyzed require a seller bond – a license to sell – something which can cost up to $3.000. 85% of them use cash guarantees and 92% have a third-party dispute resolution service. Each marketplace provides vendor feedback ratings. Cybercriminals also try to stay one step ahead of the law by transferring reputation between sites – as the average lifetime of a Tor dark net site is only 55 days.
• Popular software gives cybercriminals easier access – Cybercriminals focus on finding loopholes in software that will allow them to gain access to take control of systems by targeting known bugs and vulnerabilities in popular software. Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers. Kits that exploit vulnerabilities in specialized systems command the highest prices (typically ranging from $1.000 – $4.000). Zero Days (vulnerabilities not yet publicly known) sell for $10.000 on dark web markets.
“Unfortunately, it has never been easier to be a cybercriminal. Complex attacks previously required serious skills, knowledge and resources. Now technology and education are available for the price of a pack of cigarettes. And whether it's exposing your company's customer data, delaying deliveries or canceling hospital appointments, the explosion in cybercrime affects us all," said report author Alex Holland, Senior Malware Analyst at HP Inc.
HP consulted a panel of experts from cyber security and academia – including former hacker Michael 'Mafia Boy' Calce and criminology author Dr. Mike McGuire – to understand how cybercrime has evolved and what businesses can do to better protect themselves against the threats of today and tomorrow.
They warned that businesses should prepare for devastating data denial/hostage attacks, increasingly targeted cyber campaigns and cybercriminals using emerging technologies such as artificial intelligence to challenge the integrity of organizations' data.
To protect against current and future threats, the report provides the following advice for businesses:
Implement the basics to reduce cybercriminals' chances: Follow best practices such as multi-factor authentication and patch management, reduce your exposure to top attack vectors such as email, web browsing and file downloads, and prioritize in self-healing hardware to enhance resilience.
Focus on achieving the goal: Plan for the worst, limit the risk to your people and partners by implementing processes to audit supplier security and train the workforce in social engineering, be process-oriented and do attack response exercises so you can identify problems, make improvements and be better prepared.
Cybercrime is a team sport. Cybersecurity too: Talk to your partners to share threat intelligence and real-time intelligence, use threat intelligence and be proactive by monitoring open forum discussions, and work with third-party security services to discover vulnerabilities and critical risks that need addressing.
"We all need to do more to combat the growing cybercrime machine," says Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc. Most attacks start with a click of the mouse, so it's always important to think before you click, and giving yourself a safety net by purchasing technology that can mitigate and recover from the impact of bad clicks is even better.”
"For businesses, it's important to build resilience and close as many attack paths as possible," Pratt continues. “For example, cybercriminals study patches and reverse-engineer logic to reverse the vulnerability and exploit the security hole before it closes. So speeding up patch management is important. Many of the most common categories of threats, such as those delivered via email and the web, can be completely neutralized through techniques such as threat containment and isolation, significantly reducing the size of an attack on an organization, regardless of whether vulnerabilities have corrected or not".