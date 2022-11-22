Ransomware remains one of the most serious cybercrime threats to organisations, with operators constantly evolving their extortion tactics and growing demand for stolen credentials, a report said on Monday.

According to Sophos, criminal underground marketplaces such as Genesis have long enabled the purchase of malware and malware deployment services (“malware-as-a-service”), as well as the bulk sale of stolen credentials and other data.

The Genesis Market is an automated online store that sells credentials, fingerprints, web platform vulnerabilities, cookies, and other sensitive data to help cybercriminals gain initial access to a victim network.

With the increasing popularity of ransomware over the last decade, an entire “ransomware-as-a-service” economy has sprung up, according to an official report.

“This isn’t just the usual fare, such as malware, scamming and phishing kits for sale,” said Sean Gallagher, principal threat researcher, Sophos.

“Higher rung cybercriminals are now selling tools and capabilities that once were solely in the hands of some of the most sophisticated attackers as services to other actors,” he added.

Now, in 2022, this “as-a-service” model has expanded, and nearly every aspect of the cybercrime toolkit is available for purchase, from initial infection to ways to avoid detection, said the report.

With the growth of the “as-a-service” economy, underground cybercriminal marketplaces are becoming more commodified and operating like mainstream businesses.

Some marketplaces now have dedicated help-wanted pages and recruiting staff, while job seekers post summaries of their skills and qualifications.

“Early ransomware operators were rather limited in how much they could do because their operations were centralised; group members were carrying out every aspect of an attack. But as ransomware became hugely profitable, they looked for ways to scale their productions,” said Gallagher.

The changing economics of the underground has not only fueled the growth of ransomware and the “as-a-service” industry, but also increased demand for credential theft.

With the growth of web services, different types of credentials, particularly cookies, can be used in a variety of ways to gain a stronger foothold in networks, even bypassing MFA (Multi-factor Authentication), the report added.

