Malware-as-a-Service Creating New Cybercrime Ecosystem

This week HP released theirs report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Backexploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis.

The report’s findings showed how cybercrime is being supercharged through “plug and play” malware kits that are easier than ever to launch attacks. Additionally, cyber syndicates are now collaborating with amateur attackers to target businesses, putting the online world and its users at risk.

The report’s methodology saw HP’s Wolf Security threat team work in tandem with dark-web investigation firm Forensic Pathways to scrape and analyze over 35 million cyber-criminal marketplaces and forum posts between February and March 2022, with the investigation helping to gain a deeper understanding of how cybercriminals operate, gain trust, and build reputation. Its key findings include:

  • Malware is cheap and readily available: Over three-quarters (76%) of malware advertisements listed, and 91% of exploits (ie code that gives attackers control over systems by taking advantage of software bugs), retail for under $10.
  • Trust and reputation are ironically essential parts of cyber-criminal commerce: Over three-quarters (77%) of cyber-criminal marketplaces analyzed require a vendor bond – a license to sell – which can cost up to $3000. Of these, 92% have a third-party dispute resolution service.
  • Popular software is giving cyber-criminals a foot in the door – Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000-$4,000, while zero days are retailing at 10s of thousands of pounds on dark web markets.

HP consulted with a panel of experts from cybersecurity and academia – including ex-black hat hacker Michael ‘Mafia Boy’ Calce and authored criminologist Dr. Mike McGuire – to understand how cybercrime has evolved and what businesses can do to better protect themselves against the threats of today and tomorrow. They warned that businesses should prepare for destructive data denial attacks, increasingly targeted cyber campaigns, and cyber-criminals using emerging technologies like artificial intelligence to challenge organizations’ data integrity.

Commenting on the report, author Alex Holland, senior malware analyst at HP, said: “Unfortunately, it’s never been easier to be a cyber-criminal. Complex attacks previously required serious skills, knowledge and resources. Now the technology and training are available for the price of a gallon of gas.”

Holland added: “At the heart of this is ransomware, which has created a new cyber-criminal ecosystem rewarding smaller players with a slice of the profits. This is creating a cybercrime factory line, churning out attacks that can be very hard to defend against and putting the businesses we all rely on in the crosshairs.”

Source

This week HP released theirs report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Backexploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis.

The report’s findings showed how cybercrime is being supercharged through “plug and play” malware kits that are easier than ever to launch attacks. Additionally, cyber syndicates are now collaborating with amateur attackers to target businesses, putting the online world and its users at risk.

The report’s methodology saw HP’s Wolf Security threat team work in tandem with dark-web investigation firm Forensic Pathways to scrape and analyze over 35 million cyber-criminal marketplaces and forum posts between February and March 2022, with the investigation helping to gain a deeper understanding of how cybercriminals operate, gain trust, and build reputation. Its key findings include:

  • Malware is cheap and readily available: Over three-quarters (76%) of malware advertisements listed, and 91% of exploits (ie code that gives attackers control over systems by taking advantage of software bugs), retail for under $10.
  • Trust and reputation are ironically essential parts of cyber-criminal commerce: Over three-quarters (77%) of cyber-criminal marketplaces analyzed require a vendor bond – a license to sell – which can cost up to $3000. Of these, 92% have a third-party dispute resolution service.
  • Popular software is giving cyber-criminals a foot in the door – Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000-$4,000, while zero days are retailing at 10s of thousands of pounds on dark web markets.

HP consulted with a panel of experts from cybersecurity and academia – including ex-black hat hacker Michael ‘Mafia Boy’ Calce and authored criminologist Dr. Mike McGuire – to understand how cybercrime has evolved and what businesses can do to better protect themselves against the threats of today and tomorrow. They warned that businesses should prepare for destructive data denial attacks, increasingly targeted cyber campaigns, and cyber-criminals using emerging technologies like artificial intelligence to challenge organizations’ data integrity.

Commenting on the report, author Alex Holland, senior malware analyst at HP, said: “Unfortunately, it’s never been easier to be a cyber-criminal. Complex attacks previously required serious skills, knowledge and resources. Now the technology and training are available for the price of a gallon of gas.”

Holland added: “At the heart of this is ransomware, which has created a new cyber-criminal ecosystem rewarding smaller players with a slice of the profits. This is creating a cybercrime factory line, churning out attacks that can be very hard to defend against and putting the businesses we all rely on in the crosshairs.”

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Vicarius vsociety enables peer-to-peer networking and open-source collaboration on vulnerability research

Vicarius announced at the Black Hat USA 2022 conference the release of vsociety, a social community...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!