HP has issued a report which says that cheap “plug-and-play” malware kits are causing a major headache for the channel.
The report with the concise title The evolution of cybercrime: Why the dark web is supercharging the threat landscape and how to fight back said 76 per cent of malware advertisements listed were on the dark web, and 91 percent of exploits were being priced at around £8.50.
Kits often comes as a bundle, with malware as a service, tutorials and mentoring services added to the malware offering.
Criminals are targeting major software brands, looking to exploit known vulnerabilities and bugs that they can take advantage of so they can get in a position to take command of user systems.
Ian Pratt, global head of security for personal systems at HP, said its research would be shared with the channel, and that partners would be alerted to its implications.
“The commodification of malware means the barrier for entry for cyber crime has never been lower – even low-skill attackers can purchase sophisticated tools and collaborate with experienced ransomware gangs”, he said. “All organisations are in the firing line, regardless of their size or area of business.
“The channel is uniquely placed to help customers prepare for this aggressive threat landscape, helping them to take a proactive approach to defending themselves, designing for resilience to attacks rather than just hoping traditional security tools detect and block them”, said Pratt.
He added that employee devices were still the main route into an organisation for attackers, and partners could educate customers, and help protect users from email phishing campaigns and web-based attacks.
“The channel can help customers escape this game of Russian roulette by bringing them technologies that isolate these common threat vectors at the hardware level, neutralising such attacks regardless of whether they can be detected – thus resulting in a greatly reduced attack surface and far more resilient security posture”, said Pratt.
