skip to Main Content

Malware-as-a-Service creating a new cybercrime ecosystem

This week, HP released its report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Backexploring how cybercriminals are increasingly operating in a near-professional manner, with malware and ransomware attacks being offered on a ‘software as a service’ basis.

The report’s findings show how cybercrime is being supercharged by “plug and play” malware kits that are easier than ever to launch attacks. Additionally, cyber syndicates are now collaborating with amateur attackers to target businesses, endangering the online world and its users.

The report’s methodology allowed the HP Wolf Security team to work in tandem with a dark web investigation company Forensic pathways to scrape and analyze over 35 million cybercriminal marketplaces and forum posts between February and March 2022, the survey helping to better understand how cybercriminals operate, gain trust and build reputations. Its main findings include:

  • Malware is cheap and readily available: over three-quarters (76%) of malware advertisements listed and 91% of exploits (i.e. code that allows attackers to control systems by taking advantage of software bugs) sell for less than $10.
  • Trust and reputation are ironically essential elements of the cybercriminal business: more than three-quarters (77%) of the cybercriminal markets analyzed require a vendor bond – a license to sell – which can cost up to $3,000. Of these, 92% have a third-party dispute resolution service.
  • Popular software gives cybercriminals a foot in the door – Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000 to $4,000, while zero days sell for tens of thousands of pounds on dark web markets.

HP consulted with a panel of cybersecurity and academic experts, including a former black hat hacker Michael ‘Mafia Boy’ Calce and criminologist author Dr. Mike McGuire – understand how cybercrime has evolved and what businesses can do to better protect themselves against the threats of today and tomorrow. They warned that companies should prepare for destructive data denial attacks, increasingly targeted cyber campaigns, and cybercriminals using emerging technologies like artificial intelligence to challenge the integrity of organizations’ data.

Commenting on the report, author Alex Holland, Senior Malware Analyst at HP, said: “Unfortunately, it has never been easier to be a cybercriminal. Complex attacks previously required serious skills, knowledge and resources. Now technology and training are available for the price of a gallon of gas. »

Holland added: “At the heart of this is ransomware, which has created a new cybercriminal ecosystem rewarding small players with a share of the profits. This creates a cybercrime factory line, producing attacks that can be very difficult to defend against and putting the businesses we all rely on in the crosshairs.

Back To Top