- Some of the most popular social media platforms are being exploited by cybercriminals to openly sell their tools and expertise
- This exploitation means that the lines between clear web platforms and their dark web equivalents have become blurred
We use social media for many reasons. Keeping up with our friends, finding out the latest news or posting photos and videos. But in the latest chapter of Into the Web of Profit, I discovered a whole new aspect of social media that’s hidden in plain sight. Cybercriminals, just like businesses, are using social media platforms to promote and sell their tools and services. Simply going on Instagram, Twitter or Facebook and conducting a few searches led me deep into the rabbit hole of the cybercrime world. I was shocked to see the extent to which social media is being exploited by cybercriminals, not just as a tool to spread malware, but as a shopping destination for their expertise and their products.
A shop front for the dark web
The major concern from these findings is how social media platforms have enabled the ready availability of products and services that were once only available in the darker corners of the internet. Up to 40% of the social media platforms examined for this report had a form of hacking service available, offering cybercrime-as-a-service, tutorials and tools like malware or ransomware. Cybercriminals are using accounts to sell these openly, or to act as a marketing portal that attracts buyers to more extensive facilities on the dark web.
Cybercriminals have become incredibly brazen on social media. One Facebook account sticks out in my mind because it was offering the opportunity to trade or learn about exploits and was actively advertising on Twitter to attract buyers. They’ve even thought about their pricing strategies too! For example, botnet and booter hire had an average cost of around $10 per month for a full-service package with tutorials and tech support, or $25 for a no-frills lifetime rental. That’s cheaper than a Netflix subscription.
What the findings clearly show is a maturing marketplace, no longer content with limiting their activities to the dark web. Cybercriminals have taken to social media to extend their reach and bring their services to a wider audience. Social media has blurred the lines between legitimate clear web platforms and illegitimate dark web marketplaces.
Social media must take an active stance against cybercrime
We can’t just unfriend social media – it’s become a central part of our personal and professional lives. However, its exploitation raises some very pressing issues. For organisations, the ready availability of cybercrime tools and services has made it much easier for hackers to launch cyberattacks. Social media is helping to bring dark web products and services to the masses, meaning attacks can come from anyone, anywhere and at any time. This can’t continue. Social media companies must take a much more active stance against the activities of cybercriminals exploiting their platforms. If we’re aware that social media is not just an avenue to deliver threats but also a market to sell them, then we can work together to stop cybercriminals exploiting it to flog their wares and make it harder for them to attract people to their dark web shopping facilities.
To learn more about the role of social media platforms in cybercrime and the implications this has on organisations, please download ‘Social Media Platforms and the Cybercrime Economy’ here.