"The Rise of Plug and Play"
This is just one of the countless examples of the burgeoning cybercrime economy uncovered by HP Wolf Security, the HP Wolf Security team. HP's Endpoint Security Services today released the findings of its three-month-long report, "Why the Dark Web is Fueling the Threat Landscape and How to Fight Back," in The Evolution of Cybercrime.
The report's harshest conclusion is that cybercriminals are operating in an almost professional manner, delivering easy-to-launch, plug-and-play malware and ransomware attacks as software-as-a-service. This allows those with even the most basic skills to launch cyber attacks.
Unfortunately, becoming a cybercriminal has never been easier," said Alex Holland, author of the report and senior malware analyst at HP. Now, the skills and training are available for the price of a gallon of gas."
A walk on the dark side
The HP Wolf Security threat intelligence team led the study in partnership with dark web investigators Forensic Pathways and numerous experts from the cybersecurity and academic communities. These cybersecurity experts included former black hat Michael "MafiaBoy" Calce, who hacked the FBI in high school, and Dr. Mike McGuire, a criminologist and dark web expert at the University of Surrey.
The investigation involved the analysis of more than 35 million cybercrime marketplaces and forum posts, including 33,000 active dark web sites, 5,502 forums and 6,529 marketplaces. It also looked at leaked communications from the Conti ransomware organization.
Most notably, the findings show the explosive growth of cheap and easily available "plug-and-play" malware kits. Vendors bundle malware with malware-as-a-service, tutorials and guidance services - 76 percent of malware and 91 percent of such exploits retail for less than $10. As a result, only 2-3% of today's cybercriminals are advanced programmers.
Popular software also provides an easy entry point for cybercriminals. vulnerabilities in Windows operating systems, Microsoft Office and other Web content management systems are frequently discussed.
"It's amazing how cheap and plentiful unauthorized access is," Holland said. "You don't have to be a competent threat attacker, and you don't have to have many of the skills and resources available. With bundling, you can get your foot in the door of the cybercrime world."
The survey also found the following.
77 percent of cybercrime marketplaces require a vendor deposit (or sales license) that can cost up to $3,000.
Eighty-five percent of marketplaces use escrow payments, 92 percent have third-party dispute resolution services, and all offer some form of censorship service.
In addition, since the average lifespan of a dark web Tor site is only 55 days, cybercriminals have developed mechanisms to transfer their reputation between sites. One such example provides the cybercriminal's username, primary role, when they were last active, positive and negative feedback, and star ratings.
As Holland points out, this reveals an "honor among thieves" mentality, where cybercriminals want to ensure a "fair deal" because they have no other legal recourse. Ransomware creates a "new cybercrime ecosystem" that rewards smaller players and ultimately creates a "cybercrime factory line," Holland said.
Increasingly sophisticated cybercriminals
Since the early 1990s, when amateurs began gathering in Internet chat rooms and collaborating via Internet Relay Chat (IRC), the cybercrime field has evolved into today's DIY cybercrime and the commoditization of malware kits.
Today, the FBI estimates that cybercrime costs the world trillions of dollars annually. In 2021 alone, cybercrime losses in the United States reach approximately $6.9 billion.
The future will bring more sophisticated attacks, but cybercrime will also become more efficient, procedural, replicable and "more boring and mundane," Holland said. He predicts that more disruptive data denial attacks and increasing specialization will drive more targeted attacks. Attackers will also focus on increasing efficiency to improve ROI, and emerging technologies such as Web3 will become "weapons and shields. Likewise, the Internet of Things will become a bigger target.
Holland said, "Cybercriminals are increasingly adopting nation-state attack procedures." He noted that many have abandoned the "smash-and-grab" approach. Instead, they are doing more reconnaissance of their targets before breaking into their networks, ultimately spending more time in the compromised environment.
Mastering the basics
There is no doubt that cybercriminals are often outpacing the speed of an organization's own security protections. Cyberattacks are on the rise, and tools and techniques are evolving.
You have to accept that because unauthorized access is so cheap," Holland says. You can't have the mindset that it's never going to happen to you."
He emphasized that despite this, there is hope and a great opportunity for companies to prepare and protect themselves. Critical attack vectors remain relatively constant, providing defenders with "the opportunity to challenge all types of threats and increase resilience.
Enterprises should be prepared for disruptive data denial attacks, increasingly targeted cyber campaigns, and cybercriminals who are using emerging technologies, including artificial intelligence, that will eventually challenge data integrity.
As Holland puts it, it comes down to "getting the basics right":
Adopt best practices such as multi-factor authentication and patch management.
Reduce the attack surface from key attack vectors such as email, Web browsing and file downloads by developing response plans.
Prioritize self-healing hardware to increase resiliency.
Limit the risk posed by personnel and partners by developing processes to review procedures for vendor security and educate employees on social engineering.
Plan for worst-case scenarios by identifying problems, making improvements and being better prepared through drills.
"Think of it like a fire drill - you have to really practice, practice, practice." Holland said.
Cybersecurity as a team sport
There are opportunities for peers to "share threat intelligence in more real time," Holland said.
For example, companies can use threat intelligence to proactively conduct horizontal scans by monitoring public discussions in underground dark Web forums. They can also work with third-party security services to identify weaknesses and critical risks that need to be addressed.
Dr. Ian Pratt, global head of personal systems security at Hewlett-Packard, said that because most attacks start with a "click of the mouse," everyone must be "cybersecurity aware" at the individual level.
At the enterprise level, he said, he stressed the importance of building resilience and shutting down as many common routes of attack as possible. For example, cybercriminals will study patches as they are released to reverse engineer vulnerabilities and quickly create exploits before other enterprises need them. Therefore, it is critical to speed up patch management.
At the same time, many of the most common threat categories - such as those delivered via email and the Web - can be completely eliminated through techniques such as threat containment and isolation. This can significantly reduce an organization's exposure to attack, whether or not vulnerabilities are patched.
As Pratt says, "We all need to do more to combat the growing cybercrime machine."
Holland agrees, saying, "Cybercrime is a team sport, and so must be cybersecurity protection."