[ad_1]
The famous “honor among thieves” appears to have survived the transition to digital, as a new report from HP Wolf Security. According to the researchers involved, cybercriminals make use of techniques commonly used in internet commerce such as reviews and scores, dispute resolution services, escrow and proof before purchase.
The world of cybercrime mirrors that of legal activities
There has long been what is called the “dark Web”, that is, a parallel network in which supply and demand for criminal activities meet. In this context, the sale of products and services useful for cybercrime activities also takes place, with real markets where advertisements are published. Precisely this greater opening of the criminal underground has allowed a notable growth in the phenomenon of cybercrime over the last 15 years.
One of the first data mentioned in the HP Wolf Security report is that of the (alarming) cost of exploits and stolen credentials on such sites: 76% of malware and 91% of exploits cost less than $ 10, while credentials to access a device via RDP often cost only $ 5. During a meeting with the press, experts pointed out that the price goes up dramatically when it comes to 0-day vulnerability, in particular when these concern the most popular operating systems (such as Windows); this happens because the possible damages are higher and, therefore, potentially also the gains.
A particularly interesting element is given by the fact that the world of cybercrime seems to perfectly reflect the “normal” one: 77% of the markets where criminals do business with each other requires a license which can cost up to $ 3,000 to protect buyers better. 85% of transactions go through guarantee deposits and 92% of the markets resort to dispute resolution services. It is often possible to have a “taste” of the good or service purchased, for example with the confirmation that the credentials of a server are valid sent by the server itself.
There are also almost always available systems for evaluating and reviewing criminal services and often, given the frequent interventions of the police forces that lead to the closure of these sites, there is also the possibility of transfer your scores (and its reputation) towards other shores. It is therefore quite ironic that criminals, even if they are criminals, create systems to verify the reliability of the services they offer.
Vendors often operate through packages: kits to build their own malware, malware as a service, tutorials and tutoring services. According to HP Wolf Security estimates, the vast majority of criminals he would not have the skills to conduct the attacks on his own and would rely on the services of experienced cybercriminals, who represent only 2-3% of the total, to learn how to conduct them with the illegal tools purchased. Precisely due to the fact that the latter offer their services for sale, however, there is a notable growth in criminal activity, because buying effective malware is pretty cheap and requires reduced skills.
It should also be noted that hacking was initially a somewhat positive activity, because it wanted to find the limits of attack capabilities or, vice versa, of the attacked systems with a view to improving and overcoming a challenge. Over the years, however, we have increasingly moved towards a model driven by pure greed and, at the same time, towards the intervention of States, increasingly active in attacks on opponents.
Therefore, companies will have to make further efforts to keep pace with attackers, reducing the attack surface as much as possible and adopting techniques to complicate attacks (such as, for example, two-factor authentication and architectures zero trust).
.
[ad_2]
Source link
