Stolen Credentials Selling on the Dark Web for Price of a Gallon of Gas

New HP Wolf Security report exposes ironic “honor among thieves” as cybercriminals rely on dispute resolution services, $3k vendor bonds and escrow payments to ensure “fair” dealings


PALO ALTO, Calif. , July 21, 2022 (GLOBE NEWSWIRE) -- HP Inc. (NYSE: HPQ) today released The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – an HP Wolf Security Report. The findings show cybercrime is being supercharged through “plug and play” malware kits that make it easier than ever to launch attacks. Cyber syndicates are collaborating with amateur attackers to target businesses, putting our online world at risk.

The HP Wolf Security threat team worked with Forensic Pathways, a leading group of global forensic professionals, on a three-month dark web investigation, scraping and analyzing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust, and build reputation.

Key findings include:

  • Malware is cheap and readily available – Over three quarters (76%) of malware advertisements listed, and 91% of exploits (i.e. code that gives attackers control over systems by taking advantage of software bugs), retail for under $10 USD. The average cost of compromised Remote Desktop Protocol credentials is just $5 USD. Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services reducing the need for technical skills and experience to conduct complex, targeted attacks – in fact, just 2-3% of threat actors today are advanced coders1.
  • The irony of ‘honor amongst cyber-thieves’ – Much like the legitimate online retail world, trust and reputation are ironically essential parts of cybercriminal commerce: 77% of cybercriminal marketplaces analyzed require a vendor bond – a license to sell – which can cost up to $3,000. 85% of these use escrow payments, and 92% have a third-party dispute resolution service. Every marketplace provides vendor feedback scores. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputation between websites – as the average lifespan of a dark net Tor website is only 55 days.
  • Popular software is giving cybercriminals a foot in the door – Cybercriminals are focusing on finding gaps in software that will allow them to get a foothold and take control of systems by targeting known bugs and vulnerabilities in popular software. Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers. Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000-$4,000 USD). Zero Days (vulnerabilities that are not yet publicly known) are retailing at 10s of thousands of dollars on dark web markets.

“Unfortunately, it’s never been easier to be a cybercriminal. Complex attacks previously required serious skills, knowledge and resource. Now the technology and training is available for the price of a gallons of gas. And whether it’s having your company ad customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cybercrime affects us all,” comments report author Alex Holland, Senior Malware Analyst at HP Inc.

“At the heart of this is ransomware, which has created a new cybercriminal ecosystem rewarding smaller players with a slice of the profits. This is creating a cybercrime factory line, churning out attacks that can be very hard to defend against and putting the businesses we all rely on in the crosshairs,” Holland adds.

HP consulted with a panel of experts from cybersecurity and academia – including ex-black hat hacker Michael ‘Mafia Boy’ Calce and authored criminologist, Dr. Mike McGuire – to understand how cybercrime has evolved and what businesses can do to better protect themselves against the threats of today and tomorrow. They warned that businesses should prepare for destructive data denial attacks, increasingly targeted cyber campaigns, and cybercriminals using emerging technologies like artificial intelligence to challenge organizations’ data integrity.

To protect against current and future threats, the report offers up the following advice for businesses:

Master the basics to reduce cybercriminals’ chances: Follow best practices, such as multi-factor authentication and patch management; reduce your attack surface from top attack vectors like email, web browsing and file downloads; and prioritize self-healing hardware to boost resilience.

Focus on winning the game: plan for the worst; limit risk posed by your people and partners by putting processes in place to vet supplier security and educate workforces on social engineering; and be process-oriented and rehearse responses to attacks so you can identify problems, make improvements and be better prepared.

Cybercrime is a team sport. Cybersecurity must be too: talk to your peers to share threat information and intelligence in real-time; use threat intelligence and be proactive in horizon scanning by monitoring open discussions on underground forums; and work with third-party security services to uncover weak spots and critical risks that need addressing.

“We all need to do more to fight the growing cybercrime machine,” says Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc. “For individuals, this means becoming cyber aware. Most attacks start with a click of a mouse, so thinking before you click is always important. But giving yourself a safety net by buying technology that can mitigate and recover from the impact of bad clicks is even better.”

“For businesses, it’s important to build resiliency and shut off as many common attack routes as possible,” Pratt continues. “For example, cybercriminals study patches on release to reverse engineer the vulnerability being patched and can rapidly create exploits to use before organizations have patched. So, speeding up patch management is important. Many of the most common categories of threat such as those delivered via email and the web can be fully neutralized through techniques such as threat containment and isolation, greatly reducing an organization’s attack surface regardless of whether the vulnerabilities are patched or not.”

You can read the full report here https://threatresearch.ext.hp.com/evolution-of-cybercrime-report/

Media contacts:
Vanessa Godsal / vgodsal@hp.com

About the research

The Evolution of Cybercrime – The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – an HP Wolf Security Report is based on findings from:

  1. An independent study carried out by dark web investigation firm Forensic Pathways and commissioned by HP Wolf Security. The firm collected dark web marketplace listings using their automated crawlers that monitor content on the Tor network. Their Dark Search Engine tool has an index consisting of >35 million URLs of scraped data. The collected data was examined and validated by Forensic Pathway’s analysts. This report analyzed approximately 33,000 active websites across the dark web, including 5,502 forums and 6,529 marketplaces. Between February and April 2022, Forensic Pathways identified 17 recently active cybercrime marketplaces across the Tor network and 16 hacking forums across the Tor network and the web containing relevant listings that comprise the data set.
  2. The report also includes threat telemetry from HP Wolf Security and research into the leaked communications of the Conti ransomware group.
  3. Interviews with and contributions from a panel of cybersecurity experts including:
    • Alex Holland, report author, Senior Malware Analyst at HP Inc.
    • Joanna Burkey, Chief Information Security Officer at HP Inc.
    • Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.
    • Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Labs, HP Inc.
    • Patrick Schlapfer, Malware Analyst at HP Inc.
    • Michael Calce, former black hat “MafiaBoy”, HP Security Advisory Board Chairman, CEO of decentraweb, and President of Optimal Secure.
    • Dr. Mike McGuire, senior lecturer of criminology at the University of Surrey, UK and authored expert on cybersecurity.
    • Robert Masse, HP Security Advisory Board member and Partner at Deloitte.
    • Justine Bone, HP Security Advisory Board member and CEO at Medsec.

About HP

HP Inc. is a technology company that believes one thoughtful idea has the power to change the world. Its product and service portfolio of personal systems, printers, and 3D printing solutions helps bring these ideas to life. Visit http://www.hp.com.

About HP Wolf Security

From the maker of the world’s most secure PCs2 and Printers3, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.

©Copyright 2022 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.


1 According to Michael Calce, former black hat “MafiaBoy”, HP Security Advisory Board Member, CEO of decentraweb, and President of Optimal Secure
2 Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher.
3 HP’s most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2021 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims.