Back Into The Web of Profit: Going Undercover in the Dark Net, Uncovering Threats to the Enterprise
- Presenting the findings of my latest report, ‘Behind the Dark Net Black Mirror,’ on Thursday 6th June at Infosecurity Europe 2019
- Offering insights from conversations with dark net vendors offering targeted attacks against the FTSE 500
After the culmination of months of study, the newest addition to the Web of Profit series – ‘Behind the Dark Net Black Mirror’ – will be going live on Thursday 6th June. The release will coincide with my speaking slot at Infosecurity Europe – the largest dedicated cybersecurity event in Europe. I feel privileged to have been invited to speak at the show, and excited to share the findings of this extremely illuminating report.
This report is the latest chapter in the Into the Web of Profit series, which I have been working with Bromium on for the past two years. The latest installment, which I will present the findings of next week, offers a detailed account of the various threats originating on the dark net that are being targeted against the enterprise.
‘Behind the Dark Net Black Mirror’
This has been an exciting period of research; there’s no doubt the dark net is a unique place. It’s shrouded in mystery and exploring it was thrilling, as well as worrying. I delved into this complex world and uncovered threats and risks that were truly shocking. To really get to the bottom of what’s happening in the dark net, I examined more than 70,000 listings on dark net platforms, analysing a number of factors – including what commodities are on sale, prices, attack vectors, patterns of trading, and more.
We obtained memberships to three key forums, which allowed us to observe, gather intelligence, and engage with vendors in a covert way; encouraging these vendors to be pretty candid with us about what they can do. This research was also supplemented through interviews and analysis from an expert global panel of law enforcement, governments, and cybersecurity experts.
During my presentation, I will be talking through what I encountered during my research; the variety of off-the-shelf tools that are being sold online, as well as the prevalence of targeted services for corporate espionage. I will also be outlining the conversations I had with criminal vendors who were offering services targeting FTSE 100 and Fortune 500 companies.
Essentially, anyone with time and a motive looking for malware or sensitive IP to cause reputational damage, has a tailormade marketplace to attack whenever and whoever they want. Even in a comparatively short amount of time I was able to find highly targeted espionage services. There were also numerous instances of bespoke services for specific industries, reinforcing just how savvy cybercriminals have become about the weak spots in organisations’ defences.
Shedding light on the Dark net
Make sure you look out for the report on June 6th and if you’re in London at the same time, come along to Infosecurity Europe 2019 for my session at 13:00 (BST) in the Geek Street track. I hope to see you there.