The Dark Net Diversifies: How Vendors Make a Living Selling Vertical-Specific Threats
- The dark net poses a serious risk to organisations, with many vendors offering vertical-specific malware or network access
- Greater awareness of dark net threats is vital to mitigate risk
My latest foray into the Web of Profit, Behind the Dark Net Black Mirror, detailed the growing risk posed by the dark net to the enterprise. During my dive into the depths of the dark net, we identified that there had been a 20% rise in the number of dark net listings with a direct potential to harm the enterprise since 2016.
What was most fascinating to see was how the dark net economy was catering for an increased demand for targeting businesses in particular vertical industries. Vendors were offering a range of malware targeting specific industries, and even corporate network access.
Malware is the frontrunner
During my conversations with dark net vendors, it became increasingly obvious they were more than willing to cater to our needs. Malware, perhaps unsurprisingly, is one of the most popular tools being sold on the dark net – making up 25% of all network compromise tools.
One of the most worrying aspects of this was the availability of vertical-specific attacks. Of the malware listings we found, banking was the most targeted vertical sector (34% of listings), with retail (20%), healthcare (15%) and education (12%) following behind. Due to the more targeted nature of these malware variants, we often found they were the priciest. One of the most expensive pieces of malware found was designed to target bank ATMs (via ATM logic attacks) and retailed for approximately $1,500.
Network access, a multiplying threat
But it’s not just malware. Within every dark net market we peered into, we found vendors offering ways of accessing specific corporate networks. Access to networks belonging to healthcare companies made up 24% of listings, with banking at 18% and retail at 16%. The methods of gaining access varied dramatically, from stolen IT admin credentials, to exploiting remote desktop protocols, installing backdoors and more.
However, when looking at access, there was a clear preference for remote access Trojans, which would allow hackers to take screenshots or access sensitive information. We found them being listed around five times as often as keyloggers and backdoors. This style of attack appears to be in vogue at the moment – one of the more popular RATs is Ramnit, which has become a much more prevalent threat to banks in recent years, including a spate of attacks in West Africa.
Steps for vertical sectors
If there’s one thing that my time on the dark net has revealed, it’s that the thriving markets poses a grave threat to vertical industries. There is a need for greater awareness of the threats posed by the dark net in order to help build cybersecurity capacities to manage it, but also greater investment in user education to help protect against threats from the dark net. Solving the challenge of taming this lawless domain will never be easy, and to curb it entirely may be impossible – but measures can be taken to help organisations defend themselves.
If you’d like to learn more about the dark net threat to the enterprise, please download a copy of Behind the Dark Net Black Mirror. And be sure to join me on July 18 as I discuss my findings on a live webinar with Bromium’s Kimberly Becan. Register for the webinar.