Such is the amount of data stolen on the dark web that compromised credentials are being sold for less than $5, the report said.
Cybercriminal organizations have become so professional that they are now selling malware kits for less than $10 and compromised system credentials for less than $5 to amateur hackers, according to a new security report released Thursday.
In “The Evolution of Cybercrime,” HP Wolf Security, HP Inc.’s new security platform arm, says that a team of its investigators, along with researchers from Forensic Pathways, spent more than three months investigating the dark web and the cybercriminals lurking there.
Researchers said they analyzed more than 35 million cybercriminal marketplaces and forum posts to “better understand how cybercriminals operate, earn trust, and build reputation,” HP said in a press release.
[RELATED STORY: THE 10 BIGGEST DATA BREACHES OF 2022 (SO FAR)]
In general, the researchers found what others have also discovered: cybercriminal organizations are becoming increasingly professional and business-like in the way they conduct their illicit businesses, such as actually promoting stolen data and other illicitly acquired materials on the dark web.
However, HP researchers said they are surprised at how sophisticated cybercriminal organizations have become, such as setting up entire vendor platforms or marketplaces to sell a range of “products” such as malware kits, sensitive stolen data, compromised system credentials and other items .
The world of cybercriminals has become so competitive among sellers with more and more stolen data and information that some prices have dropped to bargain-basement levels, researchers say.
Researchers found that 76 percent of the listed malware ads and 91 percent of the exploits (ie code that gives attackers control of systems by exploiting software flaws) are available on the dark web for less than $10.
The average price for compromised Remote Desktop Protocol credentials is just under $5. That’s less than what many Americans pay for a gallon of gasoline today, HP said in its press release.
The vast majority of these products are sold to amateur hackers who do not have advanced programming skills, according to the report.
“Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services that reduce the need for technical skills and experience to execute complex, targeted attacks,” said the company in statement.
In a video conference with journalists and others on Thursday, Alex Holland, HP’s senior malware analyst, said the low prices being charged for stolen digital items had stunned researchers. “It’s really incredible,” he said.
The low prices initially confused researchers, he said. But then they realized that it all boils down to the old-fashioned supply-and-demand principle of economics: the sheer number of sellers and the vast amounts of data for sale on the dark web have prices for some, if not some all, pressed down. Article.
“It’s about the supply – plenty of supply,” Holland said.
Another finding of the report is that there appears to be a sort of “honor among cyber thieves” approach to doing business on the dark web.
“Similar to the legitimate online retail world, ironically, trust and reputation are essential components of cybercriminal trading,” the HP statement reads.
The report found that 77 percent of the cybercriminal marketplaces analyzed required a so-called “vendor bond” or sales license, which can cost up to $3,000.
And most marketplaces offer “third party dispute resolution services” and even vendor feedback reviews.
The researchers also found that cyberhackers also target popular software such as the Windows operating system and Microsoft Office to “get a foothold and take control of systems.”
dr Mike McGuire, a lecturer at the University of Surrey who has studied cybercrime and took part in the HP study, told HP’s video conference on Thursday that cybercriminals could advertise their ill-gotten digital gains on the dark web.
However, he said most key negotiations between cybercriminal buyers and sellers are conducted “behind the scenes” on what he calls the “invisible web,” such as through private and encrypted messaging services.