What was once a rarely visited corner of the internet is now a market that mimics traditional enterprise strategy. The dark web contains ransomware groups that run like businesses, offering Ransomware as a Service (RaaS) and tools like "plug and play" malware kits.

"The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back" report from HP Wolf Security and Forensic Pathways dives into the inner workings of the dark web, showing that cybercrime is being supercharged through “plug and play” malware kits that make it easier than ever to launch cyberattacks. Cyber syndicates are collaborating with amateur attackers to target businesses, putting our online world at risk.

The report is based on a three-month dark web investigation, scraping and analyzing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust and build reputation.

Malware is cheap and readily available

Over three quarters (76%) of malware advertisements listed and 91% of exploits retail for under $10 USD. The average cost of compromised Remote Desktop Protocol (RDP) credentials is just $5 USD. Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials and mentoring services reducing the need for technical skills and experience to conduct complex, targeted attacks — in fact, just 2-3% of threat actors today are advanced coders.

Dark web selling requires a license

Much like the legitimate online retail world, trust and reputation are ironically essential parts of cybercriminal commerce: 77% of cybercriminal marketplaces analyzed require a vendor bond — a license to sell — which can cost up to $3,000. Eighty-five percent of these use escrow payments, and 92% have a third-party dispute resolution service. Every marketplace provides vendor feedback scores. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputation between websites, as the average lifespan of a dark net Tor website is only 55 days.

How to protect your business

Master the basics to reduce cybercriminals’ chances: Follow best practices, such as multi-factor authentication and patch management; reduce the organization's attack surface from top attack vectors like email, web browsing and file downloads; and prioritize self-healing hardware to boost resilience.

Focus on winning the game: plan for the worst; limit risk posed by employees and partners by putting processes in place to vet supplier security and educate workforces on social engineering; and be process-oriented and rehearse responses to attacks in order to identify problems, make improvements and be better prepared.

Cybercrime is a team sport. Cybersecurity must be too: talk to peers to share threat information and intelligence in real-time; use threat intelligence and be proactive in horizon scanning by monitoring open discussions on underground forums; and work with third-party security services to uncover weak spots and critical risks that need addressing.

For more report findings, click here.