An underground economy that mirrors its legitimate eCommerce counterpart is supercharging online criminal behavior.
According to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Software-as-a-service (SaaS) is giving cybercriminals footing to operate professionally with easy-to-launch malware and ransomware.
In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10.
A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and cryptos for $1.
Underground Markets Resemble Legitimate economy
As the underground economy has become more like an above-board economy, it’s hard to grapple with trust. We’re seeing a lot of mechanisms that the operators of underground markets have come up with to encourage fair dealings between buyers and sellers.
Clarified, Alex Holland, a senior malware analyst at HP Wolf and author of the report, also spoke at the fireside chat. Those mechanisms include vendor feedback scores—all cybercriminal marketplaces include those, according to the report.
In addition, 92% of the marketplaces have some kind of third-party service for resolving disputes. 85% have escrow services, and 77% require vendor bonds, which must be paid before anyone can start selling in the marketplace.
Vendor bonds discourage short-term scammers, Holland said. To sell on an underground market, you need to reach a certain threshold of revenue. If you’re a scammer, you’re never going to meet that threshold.
Nation-states see Cybercrime as a way of Generating GDP
Looking ahead, the report identified four trends security pros should be aware of, such as an increase in destructive data denial attacks.
We can expect to see extortion attacks using the threat of data destruction against sectors that depend on IoT devices and data in time-sensitive and critical ways, the report predicted.
The report also warned of threat actors using leading-edge technologies to power their malicious activities. Deep fakes could be used to power data integrity attacks, for example, and cloud cracking could become catastrophic if powered by a quantum computer.
In the future, attackers will focus less on new vulnerabilities and more on efficiently exploiting old ones, the report added.We are likely to see attackers using AI and machine learning techniques to enable targeted spear-phishing attacks at scale.
