Cybercrime is booming. Between 2008 and 2021, the FBI recorded a 207% increase in cybercrime reports, with losses hitting almost $7bn last year. This is being driven by an increasingly professionalized, specialized and collaborative underground supply chain that is harming individuals and businesses alike. Our latest HP Wolf Security report – The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – traces the key cybercrime moments and trends over the last 30 years, detailing the dynamics of underground markets today and where they might be headed, and what organizations can do to bolster their defenses.
- Cybercrime goods and services are cheap and plentiful – Over three-quarters of advertisements (76%) for malware and 91% for exploits are listed for under $10. The average cost of compromised Remote Desktop Protocol credentials is just $5. Vendors are selling products in bundles, with “plug and play” malware kits, malware as a service, tutorials and mentoring services all reducing the need for technical skills and experience to conduct attacks – in fact, few threat actors today are advanced coders.
- The irony of ‘honor amongst cyber-thieves’ – Much like the legitimate online retail world, trust underpins cybercriminal commerce between buyers and sellers. 77% of cybercriminal marketplaces analyzed require a vendor bond – a license to sell – which can cost up to $3,000. 85% of these marketplaces use escrow payments, and 92% offer dispute resolution services. Every marketplace analyzed provide vendor feedback scores. Given the risk of law enforcement takedowns and disruption by rivals, cybercriminals can stay a step ahead by transferring reputation between marketplaces – as the average lifespan of a dark web website is only 55 days.
- Vulnerabilities in popular software are giving cybercriminals a foot in the door – Cybercriminals are focusing on exploiting known bugs in popular software that will allow them to get a foothold and take control of systems. Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers. Niche exploits of specialized systems command higher prices (typically from $1,000-$4,000) on markets. Zero days (vulnerabilities that are not yet publicly known) are retailing at 10s of thousands of dollars on markets, but much of the trade of high-end exploits occurs in private channels on the ‘invisible net’.
Through an expert panel, the report considers how cybercrime might evolve in the next five to ten years and what threats organizations should prepare for:
- Destructive attacks could become even more damaging – As organizations embrace digital transformation and IoT, attackers will likely take advantage of the attack surface these create. We could see a growth in extortion attacks using the threat of data destruction against sectors that depend on IoT devices, particularly against those who rely on infrastructure in time-sensitive and critical ways.
- Intrusions to become more professionalized and targeted – To maximize the value of their intrusions, cybercriminals will continue to adopt the tactics of APTs, such as spending longer on target reconnaissance and establishing long-term access within networks.
- Emerging technologies to be both weapon and shield – Technologies currently in their infancy, such as Web3, could open new opportunities to create reputation systems that support the cybercrime economy, which may be harder for the authorities to take down. Quantum computing could be deployed to supercharge decryption efforts.
- Attackers to focus on making attacks more efficient – As cybercrime is reduced into repeatable, procedural steps, there are opportunities for automation and efficiency. Cybercriminals may use AI to automate their post-exploitation activities, for example, the selection of targets from a victim’s address book and the construction of persuasive spear-phishing attacks based on previous communication.
MASTERING THE BASICS, PLANNING AND COLLABORATION KEYS TO BUILDING RESILIENCE AGAINST CYBERCRIME
The report details steps organizations can take to defend against this growing cybercrime machine. For employees, this means becoming more cyber aware. For organizations, there is a need to focus on mastering the basics, planning for resilience, and collaborating to reduce risk. Mastering the basics by following best practices for multi-factor authentication, IT asset discovery and management, and vulnerability management will go far to minimize organizations’ attack surface. But it also extends to becoming more resilient in case of a breach—achievable by putting in place the people, processes, and technology to detect, prevent and recover from attacks. This means planning for the worst-case scenario, implementing processes to limit supply chain and insider risk, and practicing incident response plans. In addition, organizations must shut off common attack routes, such as those delivered via email and the web, which could be neutralized through technologies such as threat containment and isolation. Finally, remember security is a team sport. Collaborate with peers, invest in third-party security assessments and penetration testing, and gather and share threat intelligence with industry peers—to see what’s happening now and what might be around the corner.
ABOUT THE RESEARCH
The report is based on findings from:
- An independent study carried out by the dark web investigation firm Forensic Pathways and commissioned by HP Wolf Security. The firm collected dark web marketplace listings using their automated crawlers that monitor content on the Tor network. Their Dark Search Engine tool has an index of >35 million URLs of scraped data. The collected data was examined and validated by Forensic Pathway’s analysts. This report analyzed approximately 33,000 active websites across the dark web, including 5,502 forums and 6,529 marketplaces. Between February and April 2022, Forensic Pathways identified 17 recently active cybercrime marketplaces across the Tor network and 16 hacking forums across the Tor network and the web containing relevant listings that comprise the data set.
- The report also includes threat telemetry from HP Wolf Security and research into the leaked communications of the Conti ransomware group.
- Interviews with and contributions from a panel of cybersecurity experts, including:
- Alex Holland, report author, Senior Malware Analyst at HP Inc.
- Joanna Burkey, Chief Information Security Officer at HP Inc.
- Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.
- Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Labs, HP Inc.
- Patrick Schläpfer, Malware Analyst at HP Inc.
- Michael Calce, former black hat “MafiaBoy”, HP Security Advisory Board Chairman, CEO of decentraweb, and President of Optimal Secure.
- Dr. Mike McGuire, senior lecturer of criminology at the University of Surrey, UK, and authored cybersecurity expert.
- Robert Masse, HP Security Advisory Board member and Partner at Deloitte.
- Justine Bone, HP Security Advisory Board member and CEO at Medsec.