Security News > 2022 > July > Cybercrime goods and services are cheap and plentiful
Cybercrime is being supercharged through "Plug and play" malware kits that make it easier than ever to launch attacks.
The HP Wolf Security threat team worked with Forensic Pathways, a leading group of global forensic professionals, on a three-month dark web investigation, scraping and analyzing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust, and build reputation.
76% of malware advertisements listed, and 91% of exploits, retail for under $10. The average cost of compromised Remote Desktop Protocol credentials is just $5. Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services reducing the need for technical skills and experience to conduct complex, targeted attacks - in fact, just 2-3% of threat actors today are advanced coders.
Master the basics to reduce cybercriminals' chances: Follow best practices, such as multi-factor authentication and patch management; reduce your attack surface from top attack vectors like email, web browsing and file downloads; and prioritize self-healing hardware to boost resilience.
"We all need to do more to fight the growing cybercrime machine," says Dr. Ian Pratt, Global Head of Security for Personal Systems at HP. "For individuals, this means becoming cyber aware. Most attacks start with a click of a mouse, so thinking before you click is always important. But giving yourself a safety net by buying technology that can mitigate and recover from the impact of bad clicks is even better."
Cybercriminals study patches on release to reverse engineer the vulnerability being patched and can rapidly create exploits to use before organizations have patched. So, speeding up patch management is important. Many of the most common categories of threat such as those delivered via email and the web can be fully neutralized through techniques such as threat containment and isolation, greatly reducing an organization's attack surface regardless of whether the vulnerabilities are patched or not."
News URL
https://www.helpnetsecurity.com/2022/07/27/cybercrime-goods-and-services-hp-research/