October 24, 2023

     Share this article:

Cybercrime Evolution: HP Wolf Security Report

A 2022 report produced by HP Wolf Security in collaboration with Forensic Pathways – and alongside security experts in both industry and academia – has identified how cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a “Software as a Service” basis. As a result, even people with rudimentary IT skills are now able to launch cyberattacks at targets of their choosing.  

“Digital transformation has supercharged both sides of the attack-defense divide – shown, for instance, by the increasing popularity of ‘as a service’ offerings. This has democratized malicious activity to the point where complex attacks requiring high levels of knowledge and resources – once the preserve of advanced persistent threat (APT) groups – are now far more accessible to a wider group of threat actors,” says Alex Holland, Senior Malware Analyst at HP Wolf Security’s Threat Research team – and author of the report.

By the mid-1990s, a thriving hacker subculture was communicating globally over Internet Relay Chat (IRC). Initially, hackers sought to score bragging rights for their technical skills. But with the dotcom boom, many realized there might be serious money to be made.

The launch of malware kits began to lower the skills levels needed. But these “sole trader” fraudsters had little power to scale their operations until they started collaborating and pooling skills. This led to hackers specializing in perfecting different parts of the attack chain – whether penetrating systems, developing malware or laundering stolen money and cryptocurrency.

Initially, ransomware variants like CryptoLocker relied on opportunistic attacks by targeting systems already infected by the ZeuS variant Gameover ZeuS, demanding a $700 ransom or the equivalent in Bitcoin to decrypt an infected machine’s data. Attacks like WannaCry and NotPetya took this to the next level by using destructive methods to cripple critical infrastructure.

Since 2018 cybercrime has continued its move towards service and platform business models, with threat actors tapping into complex supply chains to launch attacks using specialist “plug and play” components. It has also become more organized and targeted. Criminals are taking much more time to understand a target’s infrastructure to maximize their impact, whether that’s achieving a bigger ransom or disabling a more critical piece of infrastructure. 

“In the last century, the economy shifted from sole traders to mass production, to service models, to platforms like Amazon,” says Dr. Mike McGuire, Senior Lecturer in Criminology, University of Surrey, UK. “The cybercrime economy did this in less than 25 years.”

 

Reference: HP-Wolf-Security-Evolution-of-Cybercrime-Report

For further information on ASI’s products and solutions, you may call or visit our social media accounts:

     Share this article:

More Updates