sb-eu logo
Story image

Dark web dangers threaten world's top enterprises

17 Jun 2019

The dark web is now a serious threat to enterprises, with 4 in 10 dark web traders now selling targeted hacking tools and services against Fortune 500 and FTSE 100 businesses.

New research from the University of Surrey, sponsored by Bromium, says that the dark web is home to a variety of bespoke and off-the-shelf tools designed to target the enterprise.

University of Surrey senior lecturer in criminology Dr Mike McGuire and his team talked with cybercriminal vendors across the dark web. They also gathered intelligence and consulted with industry experts to find out how the dark web poses a threat to the enterprise.

The study found that bespoke services most frequently target banking (34%), ecommerce (20%0, healthcare (15%), and education (12%).

“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” says McGuire. 

“The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks. The most expensive piece of malware found was designed to target ATMs and retailed for approximately US$1,500.”

Researchers also requested hacking tools that targeted high value organisations. Services against Fortune 500 companies and similar can range from $150 to $10,000 – but it depends on the target company and how customised the malware needs to be, explains McGuire.

The study also found:

•    A 20% rise in the number of dark net listings with a direct potential to harm the enterprise since 2016
•    The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organisations outnumbering off-the-shelf varieties 2:1
•    Access to corporate networks is sold openly – 60% of vendors approached by researchers offered access to more than 10 business networks each
•    70% of dark net vendors engaged invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement

Phishing services remain a popular service on the dark web. McGuide says that corporate invoices can range from $5 to $10 on the dark web.

“These documents can be used to defraud organisations or as part of phishing campaigns to trick employees into opening malicious links or email attachments, which deliver malware that triggers a breach or gives hackers a backdoor into corporate networks which could be sold.”

“Organisations need to strengthen their defenses to protect their endpoints and networks against threats posed by the dark net,” says McGuire. 

“But the dark net can also help them in gathering intelligence and monitoring threats that are out there. Enterprises, researchers, and law enforcement must continue to study the dark net to get a deeper understanding of the adversaries that we are dealing with, and better prepare ourselves for counteracting the effects of a growing cybercrime economy.”

Statistics are taken from Bromium’s Behind the Dark Net Black Mirror study.

Link image
Protect your assets from deadly fires
This system provides fast-acting fire suppression to protect your assets from catastrophic loss - all with a minimal footprint.More
Story image
VMware reveals plans to acquire Octarine, going all in for Kubernetes
VMware says once the acquisition is completed, Octarine’s integration will provide new security features for containerized applications running in Kubernetes, and will enable security capabilities as part of the fabric of the existing IT and DevOps ecosystems.More
Story image
Consumer password hygiene doesn't reflect cybersecurity threat in 2020
83% of internet users think up their own passwords, while 54% say they are unaware about how to check if any of their credentials have already been leaked, according to new research from Kaspersky.More
Story image
FireEye unveils Cloudvisory: A multicloud security control centre
FireEye has announced the availability of FireEye Cloudvisory - a control centre for cloud security management across any private, public or hybrid security environment.More
Story image
11 new orgs join fight against insidious Stalkerware
Founded last year, the Coalition Against Stalkerware brings together cybersecurity vendors, domestic violence organisations, and digital rights advocates.More
Story image
Current security practices 'grossly inadequate' for protecting cloud infrastructures - report
"As cloud stacks become increasingly complex, with new technologies regularly added to the mix, what's needed is a holistic approach with consistent protection across the full cloud stack."More