Report Provides Rare Glimpse Into Industrialized World of Cybercriminals
HP, Inc. today published a report that revealed most cyberattacks are now being launched by individuals with limited technical expertise as the cybercriminal underworld becomes more industrialized.
The report’s author, Alex Holland, senior malware analyst at HP Inc., said it’s also become apparent that cybercriminals are democratizing cyberattacks by making it easier to launch these attacks. In fact, the HP report noted that only two to three percent of threat actors today are advanced coders.
Most attacks are launched by cyberattackers that rely on inexpensive tools developed by someone else. More than three-quarters (76%) of malware advertisements listed and 91% of exploits are essentially commodities that retail for less than $10, the report noted. Providers of these tools even bundled these offerings with plug-and-play malware kits, access to malware-as-a-service platforms, tutorials and mentoring services. More than three-quarters of cybercriminal marketplaces analyzed (77%) require a license that can cost up to $3,000.
The report also found that most cybercriminals are targeting applications and platforms with known vulnerabilities, such as Windows, Microsoft Office, web content management systems and web and mail servers because they are inexpensive to attack. Kits that exploit vulnerabilities in niche systems command higher prices—ranging from $1,000 to $4,000. An exploit that targets a zero-day vulnerability costs tens of thousands of dollars, according to the report.
Finally, the report also noted that cybercriminals are also shifting their online presence frequently. The average lifespan of a dark net Tor website is only 55 days, which makes taking down a cybercriminal gang challenging.
Over the last several years, cybercriminal gangs have isolated themselves from compromised credential providers that enable them to gain access to a wide variety of applications and systems. Now, however, they are using the same basic model to enable others to launch attacks in ways that make it more difficult for law enforcement agencies to attribute specific breaches to one particular cybercriminal gang. In fact, one reason for the low cost of exploits is that cybercriminal gangs are now competing with one another to provide exploits to “customers” that launch those attacks, noted Holland.
Unlike a traditional crime organization or family—in which lower-level members of a criminal organization can be turned into informants once caught—most of the perpetrators of attacks have no idea who is behind the malware they are using to launch a cyberattack, Holland said. More troubling still, as the global economy continues to contract, the number of individuals willing to launch these attacks for financial reasons only increases, Holland added.
Cybercriminals are also getting savvier about timing the launch of attacks to achieve maximum disruption, said Holland. For example, agricultural companies are being targeted more aggressively during harvest seasons, he noted.
There is no silver bullet solution to the cybersecurity challenges every organization routinely faces. However, the more effort organizations put into following cybersecurity best practices—such as using multifactor authentication (MFA) and making sure applications are consistently patched—the less likely it is they will be victimized. The issue, of course, is that cybercriminals generally need to only get lucky once while cybersecurity teams need to be right all the time.
