Recent Surrey University research, ‘Web Of Profit’ commissioned by virtualisation-based security firm Bromium has shown that cyber-criminals are moving to their own invisible Internet on the so-called ‘dark net’ to allow them to communicate and trade beyond the view of the authorities.
What Is The Dark Net?
The dark net describes parts of the Internet which are closed to public view or hidden networks and are associated with the encrypted part of the Internet called the ‘Tor’ network where illicit trading takes place. The dark net is not accessible to search engines and requires special software installed or network configurations made to access it e.g. Tor, which can be accessed via a customised browser from Vidalia.
Infiltration and closing down of some of the dark net marketplaces by the authorities are now believed to have led to cyber-criminals moving to a more secure, invisible part of the dark net in order to continue communicating and trading.
Much of the communication about possible targets and tactics between cyber-criminals now takes place on secure apps, forums and chatrooms. For example, cyber-criminals communicate using the encrypted app ‘Telegram’ because it offers security, anonymity, and encrypted channels for the sale of prohibited goods.
Diverse Dark Net Marketplace
Posing as customers and getting first-hand information from hackers about the costs a range of cyber-attacks, the researchers were able to obtain shocking details such as:
- Access to corporate networks is being sold openly, with 60% of the sellers offering access to more than 10 business networks at a time. Prices for remote logins for corporate networks ranged from only £1.50-£24, and targeted attacks on companies were offered at a price of £3,500.
- Phishing kits are available for as little as $40, as are fake Amazon receipts and invoices for $52.
- Targeted attacks on individuals can be purchased for $2,000, and even Espionage and insider trading are up for sale from $1,000 to $15,000.
One thing that was very clear from the research is that cyber-criminals are very much focusing on corporations as targets with listings for attacks on enterprises having grown by 20% since 2016. The kinds of things being sold include credentials for accessing business email accounts.
The research also showed that cyber-criminals are moving away from commodity malware and now prefer to tailor tools such as bespoke versions of malware as a way of targeting specific industries or organisations. For example, the researchers found that 40% of their attempts to request dark net hacking services targeting companies in the Fortune 500 or FTSE 100 received positive responses from sellers, and that the services on offer even come with service plans for conducting the hack, and price tags ranging from $150 to $10,000, depending on the company to be targeted.
The industries that are most frequently targeted using malware tools that are being traded on the dark net include banking (34%), e-commerce (20%), healthcare (15%) and even education (12%).
Researchers also uncovered evidence that vendors are now acting on behalf of clients to hack organisations, obtain IP and trade secrets and disrupt operations.
What Does This Mean For Your Business?
The dark net is not new, but some commentators believe that the heavy-handed nature of some of the police work to catch criminals on the dark net is responsible for pushing criminal communication and trading activity further underground into their own invisible areas. End-to-end encrypted communications tools such as Telegram mean that cyber-criminals can carry on communicating beyond the reach of the authorities.
The research should show businesses that there is now real cause for concern about the sensitive, informed and finely tuned approach that cyber-criminals are taking in their targeting of organisations, right from the biggest companies down to SME’s. This should be a reminder that cyber-security should be given priority, especially when it comes to defending against phishing campaigns, which are one of the most successful ways that criminals gain access to company networks.
Law enforcement agencies also need to do more now to infiltrate, gather intelligence, and try to deter and stop the use of different forums, channels and other areas of the dark net in order to at least prevent some of the more open trading of hacking services and tools.