An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.
It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.
“As we got into the 2010s, we started to see a really big push toward commoditization,” said Michael Calce, a former hacker known as “MafiaBoy” and chairman of HP Wolf Security Advisory Board, speaking at an online “fireside chat” on the report. “These communities and hackers are looking to push these exploits out at a cheaper price. Why? Because there’s competition involved now.”
Underground markets resemble legitimate economy
As the underground economy became more like the above-board economy, it’s had to grapple with trust. “We’re seeing a lot of mechanisms that the operators of underground markets have come up with to encourage fair dealings between buyers and sellers,” explained Alex Holland, a senior malware analyst at HP Wolf and author of the report, also speaking at the fireside chat.
Those mechanisms include vendor feedback scores—all cybercriminal marketplaces include those, according to the report. In addition, 92% of the marketplaces have some kind of third-party service for resolving disputes, 85% have escrow services, and 77% require “vendor bonds,” which must be paid before anyone can start selling in the marketplace.
“Vendor bonds discourage short-term scammers,” Holland said. “In order to sell on an underground market, you need to reach a certain threshold of revenue. If you’re a scammer, you’re never going to meet that threshold.”
Nation-states see cybercrime as a way of generating GDP
Looking ahead, the report identified four trends security pros should be aware of, such as an increase in destructive data denial attacks. “We can expect to see extortion attacks using the threat of data destruction against sectors that depend on IoT devices and data in time-sensitive and critical ways,” the report predicted.
Another trend identified in the report is a continuation of the blurring of lines between criminals and nation-state threat actors, with criminals adopting techniques that require human-operated attacks harnessing a deep understanding of victims’ networks.
Meanwhile, nation-states will show a greater interest in monetizing their activity. “Nation-states not only see the internet and cybercrime as strategic tools, but also to use cybercrime as a way of generating GDP,” said Mike McGuire, a senior lecturer in criminology at the University of Surrey in the UK, speaking at the fireside chat.
The report also warned of threat actors using leading-edge technologies to power their malicious activities. Deep fakes could be used to power data integrity attacks, for example, and “cloud cracking” could become catastrophic if powered by a quantum computer.
In the future, attackers will focus less on new vulnerabilities and more on efficiently exploiting old ones, the report added. “We are likely to see attackers using AI and machine learning techniques to enable targeted spear-phishing attacks at scale.”
A world rife with cyber threats is the reality everyone has to live in, Calce observed. “We’ve decided to surround ourselves with technology,” he says. “We did not make security the core feature of this technology. Now we’re paying the price.”
Copyright © 2022 IDG Communications, Inc.