sb-eu logo
Story image

Dark web dangers threaten world's top enterprises

17 Jun 2019

The dark web is now a serious threat to enterprises, with 4 in 10 dark web traders now selling targeted hacking tools and services against Fortune 500 and FTSE 100 businesses.

New research from the University of Surrey, sponsored by Bromium, says that the dark web is home to a variety of bespoke and off-the-shelf tools designed to target the enterprise.

University of Surrey senior lecturer in criminology Dr Mike McGuire and his team talked with cybercriminal vendors across the dark web. They also gathered intelligence and consulted with industry experts to find out how the dark web poses a threat to the enterprise.

The study found that bespoke services most frequently target banking (34%), ecommerce (20%0, healthcare (15%), and education (12%).

“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” says McGuire. 

“The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks. The most expensive piece of malware found was designed to target ATMs and retailed for approximately US$1,500.”

Researchers also requested hacking tools that targeted high value organisations. Services against Fortune 500 companies and similar can range from $150 to $10,000 – but it depends on the target company and how customised the malware needs to be, explains McGuire.

The study also found:

•    A 20% rise in the number of dark net listings with a direct potential to harm the enterprise since 2016
•    The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organisations outnumbering off-the-shelf varieties 2:1
•    Access to corporate networks is sold openly – 60% of vendors approached by researchers offered access to more than 10 business networks each
•    70% of dark net vendors engaged invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement

Phishing services remain a popular service on the dark web. McGuide says that corporate invoices can range from $5 to $10 on the dark web.

“These documents can be used to defraud organisations or as part of phishing campaigns to trick employees into opening malicious links or email attachments, which deliver malware that triggers a breach or gives hackers a backdoor into corporate networks which could be sold.”

“Organisations need to strengthen their defenses to protect their endpoints and networks against threats posed by the dark net,” says McGuire. 

“But the dark net can also help them in gathering intelligence and monitoring threats that are out there. Enterprises, researchers, and law enforcement must continue to study the dark net to get a deeper understanding of the adversaries that we are dealing with, and better prepare ourselves for counteracting the effects of a growing cybercrime economy.”

Statistics are taken from Bromium’s Behind the Dark Net Black Mirror study.

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
McAfee finds vulnerabilities in 'temi' the videoconferencing robot
Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More