There has been a significant increase in the frequency and sophistication of cyber crime activity, and it is only going to get worse, according to a new report.
The latest global Threat Insights Report from HP found the use of hacking tools downloaded from underground forums and file sharing websites increased by 65% s from H2 2020 to H1 2021.
The report said the increase may indicate a boost in attacker intent — the desire to perform attacks and the expectation they will succeed. It also points to the widespread availability of hacking tools within the cyber crime ecosystem.
The report added that a big driver of why hacking tools are so easy to obtain is widespread malware piracy or “cracking.” This enables anyone to use tools without payment — even if developers intended otherwise.
Researchers said hacking tools in wide circulation were surprisingly capable. One example of this was a hacking tool to solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), to perform credential stuffing attacks against websites.
The report said cyber crime is more organized than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques, and procedures.
“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” says Dr. Ian Pratt, global head of security, personal systems, HP Inc. “Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximizing business protection and resilience.”
The report also found cyber criminals are collaborating more to launch bigger attacks on victims. Dridex affiliates are selling access to breached organizations to other threat actors so they can distribute ransomware. The drop in Emotet activity in Q1 2021 has led to Dridex becoming the top malware family, the report said.
Information stealers have also launched nastier malware. CryptBot malware – originally used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers – is also being used to deliver DanaBot – a banking trojan operated by organized crime groups.
“The cyber crime ecosystem continues to develop and transform, with more opportunities for petty cyber criminals to connect with bigger players within organized crime, and download advanced tools that can bypass defenses and breach systems,” observed Alex Holland, senior malware analyst, HP Inc.
“We’re seeing hackers adapt their techniques to drive greater monetization, selling access on to organized criminal groups so they can launch more sophisticated attacks against organizations. Malware strains like CryptBot previously would have been a danger to users who use their PCs to store cryptocurrency wallets, but now they also pose a threat to businesses. We see infostealers distributing malware operated by organized criminal groups – who tend to favor ransomware to monetize their access.”
