HP Wolf SecurityHP’s only cybersecurity company, released the report today “The Evolution of Cybercrime“. A report that focuses on the threat posed by the Dark Webdove hacker even without experience they can purchase personal credentials e malware for a few dollars. Ready-to-use solutions to become cybercriminals, paying less than ten dollars.
On the dark web, credentials and malware are for sale for a few dollars
The full report is called: “The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – an HP Wolf Security Report”. And the title reads precisely the fundamental point that emerged from the investigation, conducted by analyzing over 35 million cybercriminal marketplaces. Accessing the dark web is simple and inexpensive: threats multiply precisely because it takes very little to become cybercriminals.
According to the HP Wolf investigation, in fact, the 76% of malware for sale in the darkest areas of the web and 91% of exploits costs less than 10 US dollars. Whether it’s with malware created by some hacker or by exploiting an unresolved software vulnerability, it doesn’t take much to attack others online. And access is also not a problem: on average the Compromised remote access credentials cost about $ 5.
So much so that in the dark web markets hackers sell these products from criminals in bundles. Whole malware kits that you just have to download and send by email or other means. And if you are unable to use these resources, you can take advantage of “malware-as-a-service“Or real courses and services of mentoring for budding young cybercriminals. And you can also request precise attacks on a target you want to rob or harass.
The drama of these data is that it makes cybercrime accessible to all, without the need for preparation and therefore expanding the number of attackers. It is estimated that only 2-3% of cybercriminals have advanced coding skills.
Honor among thieves in the online black market
The HP Wolf Security report also highlights how reputation and trust are essential in the dark web, as is the case in a traditional online retailer. In fact the 77% of cybercriminal marketplaces require a licensea to sell online, which costs up to $ 3,000 for merchants. 85% require a deposit for payments and even 92% have a third-party service to resolve payment disputes.
Additionally, each marketplace shows i seller feedback, as if they were the stars on Amazon. A reputation they build and then transfer from site to site to avoid being found by law enforcement. On average, a Tor site on the dark web lasts no more than 55 days.
Ease of purchase on the dark web and ease of malware execution
According to research from HP Wolf Security, hackers often focus on finding vulnerabilities in popular software products, such as the Microsoft app, systems for managing web content, email servers. More niche services usually have higher costs (from one thousand to four thousand dollars) and the Zero Days (newly discovered) also cost tens of thousands of dollars.
But most cybercriminals use simpler attack vectors while spending little. Alex Holland Senior Malware Analyst of HP Inc. explains that “Unfortunately, it has never been easier to be a cybercriminal. Complex attacks required skills, knowledge, resources. Now the technology and training are available online for the price of one liter of petrol. And whether it’s because they expose your company’s personal data, delay deliveries or even cancel a hospital appointment, the explosion of cybercrime affects us all ”.
He also explains that “at the heart of this is ransomware, which has created a new criminal ecosystem that rewards petty cybercriminals with a small slice of profits. This is creating a cybercrime production line that creates attacks that are really hard to defend against ”.
How to protect yourself
At the presentation event for this report, HP asked for the former hacker to intervene Michael ‘Mafia Boy’ Calce and criminologist Dr. Mike McGuire to understand how to protect yourself from this rapidly changing ecosystem.
The first step is to do “Pay attention to the basics”. Then activate themulti-factor authentication, quickly manage patches, reduce the attack surface: email, browser and file downloads. The usual attentions that we should know by now (and on which companies should train all staff).
Companies should also be careful to limit problems, planning for the worst: being ready to respond can make a difference. Finally, we recommend that you monitor the cybercrime environment and test your corporate security with specialized companies.
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc. explains: “We all need to do more to counter the cybercrime machine. For individuals it means becoming aware. Most attacks start with the click of a mouse, then thinking before clicking is important. But build yourself a safety net that can mitigating and recovering from the impact of a wrong click is even better ”.
You can read the entire report here.