This week, HP held a briefing on their latest safety report, and it wasn’t pretty, but it does imply a level of militarized cyberthreats that will continue to grow at rates that could cripple global commerce if the trend doesn’t reverse. Like many high profile threats, HP argued that the industry was not taking this one seriously enough. They may be right.
Let’s talk about security this week and why we might be overwhelmed in a few years.
HP Wolf Security
Among PC OEMs, HP has taken the most aggressive stance to combat cybercrime with what appears to be the strongest and most targeted security effort outside of IBM. They have created what amounts to a security company encapsulated by HP and therefore focused on the types of threats that HP customers face. HP is best known for printers and PCsits solutions therefore revolve around these platforms, but it has research labs located around the world, publishes regular security reports, and operates in line with stand-alone security companies in terms of focus and execution.
Because of this focus, HP’s security reports tend to be more comprehensive, forward-looking, and related to the threats users face. The threat landscape has intensified. In 2016, for example, NIST reported that damage in the United States may have reached $770 billion per year.
But the trends identified by analysts at Wolf Security could make that number relatively insignificant compared to what’s to come.
The trend analysts interviewed are particularly troubling. At the heart of their argument for why cybercrime is spiraling out of control is the industrialization of related efforts. Companies have started providing cybercrime products, created marketplaces that sell exploits on identified servers and large-scale IDs (the price of a typical user ID is around $5 due to the number of ‘users who have been compromised).
The latter certainly explains why multi-factor authentication should be even more common than it is now. These sales are happening on something analysts call the “dark network,” private networks that provide cybercrime tools on a scale that law enforcement is currently unable to observe.
These new industrial crime tool vendors have become increasingly sophisticated by offering try-before-you-buy opportunities that demonstrate how a targeted exploit works and, even more chillingly, they deploy forensic tools as as a service, meaning the criminal doesn’t have to buy the tool, only share what they do with it.
The increasing availability of cybercrime tools is changing the criminal dynamics and removing the need for hacking skills from the process. The tools do all the work, they’re very easy to learn and use, and they increasingly don’t require a lot of computer skills. Until now, most criminals were stuck in the past, and due to their lack of skills, they were forced to use non-technical scam tools like phishing. But with these new tools, criminals acquire capabilities similar to those of a professional hacker, potentially increasing the total market available for cybercrime tools by several magnitudes and increasing the potential for domestic damage to even more unacceptable levels. .
HP’s Wolf Security is unique in the market and presents an unprecedented level of security in the technology market. Its global capabilities and tools are market-leading in the field, and the company’s view of the threat landscape created by cybercriminals is in line with that of other named security companies.
They pointed out this week that the trend to industrialize the production of cybercrime tools will bring unprecedented capabilities to cybercriminals and equally unprecedented threats to businesses and users.
Recommendations for ensuring timely remediation, aggressive exploit identification and remediation, user training and protection, password disposal and replacement, multi-factor authentication, and tools that ensure least privileged access fall naturally out of their report. But what also stands out is the need for governments to fight more aggressively against this trend of industrializing cybercrime before it causes unsustainable damage. This should be on the short list of changes that need to happen before things get even worse.