Stolen credentials cost R85 on the dark Web

Malware for sale on the dark Web, is cheap and readily available. In fact, 76% of malware advertisements listed, and 91% of exploits retail for under R200.

The average cost of compromised remote desktop protocol credentials is just R85, the equivalent of just over three litres of petrol.

Dark Web vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services, meaning technical skills and experience are no longer needed to conduct complex, targeted attacks. Only 2 to 3% of threat actors today are advanced coders.

These were some of the findings of HP Wolf Security’s report, entitled: ‘The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back’.

The HP Wolf Security threat team worked with Forensic Pathways, a group of global forensic professionals, on a three-month dark Web investigation that scraped and analysed more than 35 million dark marketplaces and forum posts to understand how bad actors operate, gain trust, and build a reputation.

According to the report, cyber crime is being supercharged through “plug and play” malware kits that make it easier than ever to launch attacks. Underground, criminal syndicates are collaborating with amateur attackers to target organisations in every sector, putting the online world at risk.

Moreover, mirroring the legitimate economy, trust and reputation are ironically essential parts of cyber criminal commerce. More than three-quarters (77%) of dark marketplaces analysed require a vendor bond, or license to sell, which can cost up to R50 000.

In addition, a staggering 85% of these use escrow payments, and 92% have a third-party dispute resolution service. Every marketplace provides vendor feedback scores. Threat actors also try to stay a step ahead of law enforcement by transferring reputation between Web sites, as the average lifespan of a dark Net Tor Web site is only 55 days.

The research also revealed that popular software is giving attackers a toehold on corporate networks. Malefactors are concentrating on finding holes in software that will enable them to get a foothold and take control of systems by targeting known bugs and vulnerabilities in popular software.

Examples include the Windows operating system, Microsoft Office, web content management systems, and Web and mail servers. Kits that exploit vulnerabilities in niche systems ask the highest prices, which typically range from R16 000 toR70 000. Zero-day vulnerabilities which are not yet publicly disclosed, retail for tens of thousands of dollars on the dark market.

Alex Holland, a senior malware analyst at HP, says it’s never been easier to be a cyber crook. In the past, complex attacks required serious skills, knowledge, and resources. “Now the technology and training are available for the price of three litres of fuel. And whether it’s having your company and customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cybercrime affects us all.”

He says at the core of this is ransomware, which has fuelled a new attacker ecosystem rewarding smaller players with a slice of the profits. “This is creating a cyber crime factory line, churning out attacks that can be very hard to defend against and putting the businesses we all rely on in the crosshairs.”

Advice for protecting against current and future threats

To protect against current and future threats, HP's Wolf Security offers up the following advice for businesses:

• Master the basics to reduce cybercriminals’ chances
  Follow best practices, such as multi-factor authentication and patch management; reduce the attack surface from top attack vectors like email, web browsing, and file downloads; and prioritise self-healing hardware to boost resilience.
• Focus on winning the game"
  Plan for the worst; limit the risk posed by people and partners by putting processes in place to vet supplier security and educate workforces on social engineering; and be process-oriented and rehearse responses to attacks so problems can be identified, make improvements and be better prepared.
• Cyber crime is a team sport, so cyber security must be too
  Talk to your peers to share threat information and intelligence in real-time; use threat intelligence and be proactive in horizon scanning by monitoring open discussions on underground forums; and work with third-party security services to uncover weak spots and critical risks that need addressing.