Cybercrime is an extremely lucrative business for threat actors, as we have already seen. A report by HP Wolf Security delineates how that has come to be by tracing cyber events from the past 30 years.
Diving into details
- Cybercrime resources are cheap and abundant. Over 91% of exploits and 76% of malware ads are listed for under $10. The average cost for RDP credentials is $5.
- Products are sold in bundles, including plug-n-play malware kits, MaaS, and mentoring services, diminishing the need for experience and technical skills to conduct successful attacks.
- Threat actors are capitalizing on disclosed vulnerabilities in popular software, which allows them to gain a foothold in the target network. Some examples include the ShadowCoerce vulnerability in Windows and critical vulnerabilities in Confluence servers.
- However, flaws in niche systems went for higher prices, while zero-day vulnerabilities are sold for tens of thousands of dollars.
Low barrier to entry
The availability of every hacking resource imaginable at one’s behest has lowered the barrier to entry in the cybercrime business. The researchers found that only 2–3% of threat actors are advanced coders. Furthermore, new ways of making money have emerged - renting the attack software and sharing a percentage of the revenue made.
The bottom line
As organizations increasingly adopt IoT and digital transformation, attackers will keep targeting the new attack surfaces created. The key is to be more cyber aware by planning for cyber resilience, threat response, vulnerability management, and other key areas to manage attack surfaces. Moreover, organizations should close common attack routes, such as phishing emails and vulnerability exploitation.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_385174099.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_134399564.jpg)
