Business, News, Security

Cybercriminals could buy your login details for as little as R85

Brendyn Lotz

25th July 2022

On Friday HP released a report which detailed how freely available credentials, plug and play malware and exploits are on the dark web.

The report is the product of the HP Wolf Security threat team and Forensic Pathways. It comes after a three month investigation which involved scraping and analysing 35 million cybercriminal marketplaces.

What the report reveals is a remarkable ecosystem where cybercriminals make use of escrow payment systems, dispute resolution services and even require that vendors acquire licenses to sell malware.

The report found that as many as 77 percent of marketplaces analysed required vendors pay up to R50 000 to acquire a vendor bond. Escrow payment systems are employed by 85 percent of these marketplaces but we don’t see this as especially weird as Silk Road infamously used a similar system.

“Every marketplace provides vendor feedback scores,” HP explained in a press release. “Cybercriminals also try to stay a step ahead of law enforcement by transferring reputation between websites – as the average lifespan of a dark net Tor website is only 55 days.”

Exploits for popular software are incredibly popular as they allow a criminal to establish a foothold on a target but vulnerabilities for niche software is where they money is. HP reports that zero-day exploits can retail for tens of thousands of dollars on dark web markets while niche software exploits can fetch as much as R70 000.

Perhaps more worrying is how affordable plug and play malware kits are. These kits cost under R200 while Remote Desktop Protocol credentials can cost as little as R85.

“Unfortunately, it’s never been easier to be a cybercriminal. Complex attacks previously required serious skills, knowledge and resource. Now the technology and training is available for the price of 3 litres of fuel. And whether it’s having your company and customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cybercrime affects us all,” explains senior malware analyst at HP, Alex Holland.

Businesses are advised to follow cybersecurity best practices including making use of multi-factor authentication, patching regularly and having processes in place which vet outside entities before doing business with them.

One of the most important things a business can do is share threat intelligence with others.

“We all need to do more to fight the growing cybercrime machine,” explains global head of security for personal systems at HP, Dr Ian Pratt.

“For businesses, it’s important to build resiliency and shut off as many common attack routes as possible. For example, cybercriminals study patches on release to reverse engineer the vulnerability being patched and can rapidly create exploits to use before organisations have patched. So, speeding up patch management is important. Many of the most common categories of threat such as those delivered via email and the web can be fully neutralised through techniques such as threat containment and isolation, greatly reducing an organisation’s attack surface regardless of whether the vulnerabilities are patched or not,” concludes Pratt.

[Image – CC 0 Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.