Honor among cyber-thieves: a criminal career based on trust


Cybercrime is a growth ‘industry’ and this is partly being driven by a code of trust between buyer and seller, with digital crooks required to have a ‘license’ on three-quarters of dark web platforms, says research by HP’s threat research blog.

“Much like the legitimate online retail world, trust underpins cybercriminal commerce between buyers and sellers,” said HP, adding that 77% of cybercriminal forums required threat actors to hold a “vendor bond” or “license to sell” costing up to $3,000.

ADVERTISEMENT

Moreover, 85% of such criminal spaces use escrow payments – transactions that only go through once a specific condition has been met – while 92% offer dispute resolution services.

“Every marketplace analyzed provides vendor feedback scores,” said HP. “Given the risk of law enforcement takedowns and disruption by rivals, cybercriminals can stay a step ahead by transferring reputation between marketplaces – as the average lifespan of a dark website is only 55 days.”

Pile it high, sell it cheap

But if vendors are expected to invest a tidy sum to set up shop, buyers can enjoy services on the cheap – over three quarters of advertisements for malware and nine in ten exploits are sold for less than $10. The average asking price for a set of stolen remote desktop protocol credentials is just half that.

This is facilitating an ‘off-the-shelf’ criminal culture, in which crooks with few coding skills can purchase ready-made equipment and try their luck at cybercrime.

“Vendors are selling products in bundles, with ‘plug and play’ malware kits, malware as a service, and tutorials and mentoring services all reducing the need for technical skills and experience to conduct attacks – in fact, few threat actors today are advanced coders,” said HP.

But access to potentially more lucrative targets such as Microsoft commands a much higher price on average.

“Cybercriminals are focusing on exploiting known bugs in popular software that will allow them to get a foothold and take control of systems,” said HP. “Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers.”

ADVERTISEMENT

A foot in the door with these kinds of targets can cost anywhere between $1,000 and $4,000, while a zero-day exploit – a vulnerability not yet publicly known – stretches into the tens of thousands. Much of this trade in “high-end exploits” occurs in private channels on what HP calls the “invisible net.”

Cybercrime is booming

Citing the FBI, HP said cybercrime reports had increased steadily between 2008 and last year, for which the estimated total cost weighed in at just under $7 billion.

“Cybercrime is booming,” it said. “This is being driven by an increasingly professionalized, specialized, and collaborative underground supply chain that is harming individuals and businesses alike.”

And it warned this trend will likely continue over the next five to ten years. “As organizations embrace digital transformation and IoT [the internet of things, arising from the proliferation of web-connected gadgets], attackers will likely take advantage of the attack surface these create. We could see a growth in extortion attacks using the threat of data destruction against sectors that depend on IoT devices, particularly against those who rely on infrastructure in time-sensitive and critical ways.”

HP is urging organizations to focus on “mastering the basics” including adopting multifactor authentication and ensuring their employees become more “cyber-aware.” It also emphasized the importance of resilience and teamwork in the face of adversity, for instance drilling staff with worst-case scenarios, conducting penetration tests using authorized or white-hat hackers, and gathering and sharing threat intelligence with industry peers.