4 in 10 dark net cybercriminals selling targeted FTSE 100 or Fortune 500 hacking services
New academic research exposes abundant availability and increased demand for tailored malware, network access and targeted hacking services; requests for customized malware outnumber off-the-shelf by 2:1
Bromium®, Inc., the pioneer and leader in application isolation and containment that stops advanced malware attacks, has announced the findings of an academic study highlighting the growing risk posed by the dark net to the enterprise. ‘Behind the Dark Net Black Mirror’, the next chapter of the ‘Into the Web of Profit’ study, offers unique insights into the current risk to organizations, highlighting the variety of custom malware, network access tools and corporate espionage services available on the dark net, threatening enterprises, their employees, customers, and partners.
The study – undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and underwritten by Bromium – provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis by a panel of global industry experts across law enforcement and government. Key findings include:
- 4 in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses
- A 20% rise in the number of dark net listings with a direct potential to harm the enterprise since 2016
- The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties 2:1
- Access to corporate networks is sold openly – 60% of vendors approached by researchers offered access to more than ten business networks each
- 70% of dark net vendors engaged invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement
“The dark net has become a veritable candy store for anyone looking to steal IP and corporate data or disrupt business operations,” commented Gregory Webb, CEO of Bromium. “A world once dominated by off-the-shelf malware has been replaced by a service-driven, on-demand economy. Savvy dark net vendors have responded to increased demand for business access and targeting, offering bespoke malware, access to corporate networks, and targeted corporate espionage services. Any business relying solely on detection should be on notice, as custom malware will be unknown to their systems and will be free to pass through undetected to its target. Organizations should adopt a defense in depth security strategy that includes application isolation capabilities to identify and contain threats, as well as the ability to generate in-depth threat telemetry to stop cybercriminals from obtaining persistent footholds in corporate networks.”
Bespoke services in vogue
The industries most frequently targeted by malware tools being traded on the dark net are banking (34%), ecommerce (20%), healthcare (15%), and education (12%) – with targeted malware becoming increasingly popular to improve the effectiveness of campaigns. “Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” said Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey. “The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks. The most expensive piece of malware found was designed to target ATMs and retailed for approximately $1,500.”
More than 40% of attempts by researchers to request dark net hacking services targeting companies in the Fortune 500 or FTSE 100 received positive responses from dark net vendors. “These services typically come with service plans for conducting the hack, with prices ranging from $150 to $10,000 depending on the company involved and the extent to which the malware was customized for targeted attacks,” Dr. McGuire explained.
Targeted access and phishing
Within every dark net market that researchers examined, vendors offered access to a diverse range of business networks, with banking and finance (29%), healthcare (24%), ecommerce (16%), and education (12%) corporate networks being the most common. “The methods for providing access varied considerably,” Dr. McGuire explains. “Some involved stolen remote access credentials that are for sale for as little as $2, others involve backdoor access or the use of malware. Illicit remote access tools appear to be most popular – we were offered Remote Access Trojans at least five times more often than keyloggers.”
Phishing also remains a preferred method for infiltrating corporate networks, with dark net vendors offering kits and tutorials to create convincing lures for phishing campaigns using genuine-looking company invoices and documentation. “Purchasing corporate invoices is easy on the dark net, with prices ranging from $5-$10,” continues Dr. McGuire. “These documents can be used to defraud organizations or as part of phishing campaigns to trick employees into opening malicious links or email attachments, which deliver malware that triggers a breach or gives hackers a backdoor into corporate networks which could be sold on the dark net.”
“Organizations need to strengthen their defenses to protect their endpoints and networks against threats posed by the dark net,” Dr. McGuire concludes. “But the dark net can also help them in gathering intelligence and monitoring threats that are out there. Enterprises, researchers, and law enforcement must continue to study the dark net to get a deeper understanding of the adversaries that we are dealing with, and better prepare ourselves for counteracting the effects of a growing cybercrime economy.”
‘Behind the Dark Net Black Mirror’ is available to download here. The findings of this study will be discussed at the InfoSecurity Europe conference in London. Dr. McGuire will present the full findings during his Geek Street presentation on June 6, 13:00-13:45.
About the study
Into the Web of Profit is an academic study that was launched by Bromium in April of 2018. The report is researched and written by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey. ‘Behind the Dark Net Black Mirror’ is the third installment in the Web of Profit body of research. The findings and analysis contained in this report are the culmination of a three-month analysis of dark net listings. Researchers were embedded within gated and private platforms and communities within the dark net, exposing conversations with cybercrime service vendors. The report also includes insights from a global panel of experts, including law enforcement, security, and other professionals.
About Dr. Mike McGuire
Dr. Michael McGuire joined the Department as Senior Lecturer in Criminology in September 2012. Dr. McGuire read Philosophy & Scientific method at the London School of Economics where he acquired a first-class BSc Econ and he completed his Ph.D., at Kings College London. He has subsequently developed an international profile in the study of technology and the justice system and has been published widely in these areas. Contact: firstname.lastname@example.org