Stolen credentials sold on the Dark Web for the price of one

PALO ALTO, Calif., July 21, 2022 (GLOBE NEWSWIRE) — HP Inc. (NYSE: HPQ) today released The Evolution of Cybercrime: Why the Dark Web is Amplifying the Threat Landscape and How to Fight Back – An HP Wolf Security Report. The findings show that cybercrime is being supercharged by “plug and play” malware kits that make it easier than ever to launch attacks. Cyber ​​syndicates collaborate with amateur attackers to target businesses, putting our online world at risk.

The HP Wolf Security Threat team worked with Forensic Pathways, a world-leading group of forensic professionals, on a three-month dark web investigation, scraping and analyzing more than 35 million cybercriminal markets and forum posts to understand how cybercriminals operate, gain trust and build reputation.

Key findings include:

  • Malware is cheap and readily available – More than three-quarters (76%) of listed malware advertisements and 91% of exploits (i.e. code that allows attackers to control systems by taking advantage of software bugs) sell for less than 10 usd. The average cost of compromised Remote Desktop Protocol credentials is only $5. Vendors sell products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services reducing the need for technical skills and experience to carry out complex attacks and targeted – in fact, only 2-3% of today’s cybercriminals are advanced coders1.
  • The irony of “honor among cyber thieves” – Much like the world of legitimate online retail, trust and reputation are ironically essential components of cybercriminal commerce: 77% of cybercriminal markets analyzed require vendor bonding – a license to sell – which can cost up to at $3,000. 85% of them use escrow payments and 92% have a third-party dispute resolution service. Each marketplace provides vendor feedback scores. Cybercriminals are also trying to stay one step ahead of law enforcement by transferring reputation between websites – as the average lifespan of a darknet Tor website is only 55 days.
  • Popular software gives cybercriminals a foot in the door – Cybercriminals focus on finding gaps in software that will allow them to gain a foothold and take control of systems by targeting known bugs and vulnerabilities in popular software. Examples include the Windows operating system, Microsoft Office, web content management systems, and web and email servers. Kits that exploit vulnerabilities in niche systems are the most expensive (typically between $1,000 and $4,000). Zero Days (vulnerabilities that are not yet publicly known) sell for tens of thousands of dollars on dark web markets.

“Unfortunately, it has never been easier to be a cybercriminal. Complex attacks previously required serious skills, knowledge and resources. Now technology and training are available for the price of a gallon of gasoline. And whether it’s exposing your business and customer data, delaying deliveries or even canceling a hospital appointment, the explosion of cybercrime affects us all. Report author Alex Holland, Senior Malware Analyst at HP Inc.

“At the heart of this is ransomware, which has created a new cybercriminal ecosystem rewarding small players with a share of the profits. This is creating a cybercrime factory line, producing attacks that can be very difficult to defend against. and putting the businesses we all rely on in the crosshairs,” adds Holland.

HP consulted with a panel of cybersecurity and academic experts, including former hacker Michael “Mafia Boy” Calce and author criminologist Dr. Mike McGuire, to understand how cybercrime has evolved and what businesses can to better protect against the threats of today and tomorrow. They warned that companies should be prepared for destructive data denial attacks, increasingly targeted cyber campaigns, and cybercriminals using emerging technologies like artificial intelligence to challenge the integrity of organizations’ data.

To protect against current and future threats, the report offers the following advice for businesses:

Master the basics to reduce the chances of cybercriminals: Follow best practices, such as multi-factor authentication and patch management; reduce your attack surface against major attack vectors such as email, web browsing, and file downloads; and prioritize self-repair materials to build resilience.

Focus on winning: plan for the worst; limit the risks posed by your staff and partners by putting processes in place to vet vendor safety and educate the workforce on social engineering; and be process-oriented and rehearse responses to attacks so you can identify problems, make improvements, and be better prepared.

Cybercrime is a team sport. Cybersecurity must also be: talk to your peers to share real-time threat information and intelligence; use threat intelligence and be proactive in foresight analysis by monitoring open discussions in underground forums; and work with third-party security services to uncover critical vulnerabilities and risks that need to be addressed.

“We all need to do more to combat the growing cybercrime machine,” says Dr. Ian Pratt, Global Head of Personal Systems Security at HP Inc. “For individuals, this means becoming cyber-aware. Most attacks start with a mouse click, so it’s always important to think before you click. But giving yourself a safety net by buying technology that can mitigate and recover from the impact of bad clicks is even better.

“For businesses, it’s important to build resilience and disable as many common attack paths as possible,” Pratt continues. “For example, cybercriminals study patches as soon as they are released to reverse engineer the patched vulnerability and can quickly create exploits to use before organizations have patched. It is therefore important to speed up patch management. Many of the more common threat categories, such as those delivered via email and the web, can be fully neutralized through techniques such as threat containment and isolation, which significantly reduces the threat surface. attack on an organization, whether or not the vulnerabilities are patched.

You can read the full report here

Media contacts:
Vanessa Godsal / [email protected]

About Research

The Evolution of Cybercrime – The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – An HP Wolf Security Report is based on findings from:

  1. An independent study by dark web investigative firm Forensic Pathways and commissioned by HP Wolf Security. The company has collected lists of dark web markets using its automated crawlers that monitor content on the Tor network. Their Dark Search Engine tool has an index consisting of over 35 million URLs of mined data. The data collected was reviewed and validated by Forensic Pathway analysts. This report analyzed around 33,000 websites active on the dark web, including 5,502 forums and 6,529 marketplaces. Between February and April 2022, Forensic Pathways identified 17 recently active cybercrime marketplaces on the Tor network and 16 hacking forums on the Tor network and across the web with relevant listings that include the dataset.
  2. The report also includes threat telemetry from HP Wolf Security and research into leaked communications from the Conti ransomware group.
  3. Interviews and contributions from a panel of cybersecurity experts including:
    • Alex Holland, report author, Senior Malware Analyst at HP Inc.
    • Joanna Burkey, Chief Information Security Officer at HP Inc.
    • Dr. Ian Pratt, Global Head of Personal Systems Security at HP Inc.
    • Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Labs, HP Inc.
    • Patrick Schlapfer, malware analyst at HP Inc.
    • Michael Calce, former black hat “MafiaBoy”, chairman of the HP Security Advisory Board, CEO of decentraweb and president of Optimal Secure.
    • Dr Mike McGuire, Lecturer in Criminology at the University of Surrey, UK and expert author on cybersecurity.
    • Robert Masse, HP Security Advisory Board Member and Partner at Deloitte.
    • Justine Bone, HP Security Advisory Board Member and CEO of Medsec.

About HP

HP Inc. is a technology company that believes that a thoughtful idea has the power to change the world. Its product and service portfolio of personal systems, printers and 3D printing solutions helps bring these ideas to life. Visit

About HP Wolf Security

From the maker of the world’s most secure PCs2 and printers3, HP Wolf Security is a new generation of endpoint security. HP’s portfolio of hardware-enhanced security services and endpoint-centric security services are designed to help organizations protect PCs, printers and people from surrounded cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends to software and services.

©Copyright 2022 HP Development Company, LP The information in this document is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP assumes no responsibility for technical or editorial errors or omissions contained herein.

1 According to Michael Calce, Former Black Hat “MafiaBoy”, Member of the HP Security Advisory Board, CEO of decentraweb and President of Optimal Secure
2 Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Generation Intel and above® AMD Ryzen™ 4000 and above processors or processors; HP ProDesk 600 G6 with Intel® 10th generation processors and above; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th generation processors and above.
3 HP’s most advanced built-in security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or higher. Claim based on HP’s review of features released in 2021 of competing printers in the same class. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in accordance with NIST SP 800-193 guidelines for device cyber resilience. For a list of compatible products, visit: For more information, visit:

Comments are closed.