- New report details how the dark net has become a cybercrime shopping paradise, offering bespoke malware and targeted FTSE 100 and Fortune 500 hacking services
- Dark net activity is set to go deeper underground, as vendors turn to encrypted messaging services to thwart law enforcement
After another three months of research I’m excited to unveil the next chapter of ‘Into the Web of Profit’– ‘Behind the Dark Net Black Mirror’ – at Infosecurity Europe today. The previous chapter examined what role social media plays in the cybercrime economy, and how platforms like Twitter are being used as a marketing portal to shopping facilities on the dark net.
Naturally, it felt like the next step in this journey was to jump headfirst into this portal, allowing us to delve into the murky underbelly of the dark net and highlight the growing risk posed to businesses. What we found was startling, and we uncovered a worrying amount of threats to the enterprise including bespoke malware, network access tools as well as phishing kits and tutorials.
In order to discern what’s truly happening on the dark net, my team and I went undercover to gather first-hand intelligence through covert discussions with dark net vendors. One of the most shocking findings from these conversations was how willing vendors were to engage in discussions around targeted hacking and corporate espionage services.
We found that 4 in 10 dark net cybercriminals were offering hacking services targeting FTSE 100 or Fortune 500 businesses. This gives a clear indication that the dark net has become extremely tailored to attacking the enterprise, moving to a service-led approach catering to client needs, even offering service plans to outline how they’ll conduct the hack. It’s like they’ve become cybercrime consultants.
Rising Threat Levels
The overall danger to the enterprise is on the rise, and compared to 2016, there’s been a 20% increase in the number of dark net listings that can harm the enterprise, such as custom-built malware, which is outnumbering standard varieties by 2:1. The number and variety of threats will only increase too, because despite the takedown of sites like Silk Road and Alphabay, other platforms are able to easily step in to replace them.
This increased law enforcement activity has also forced cybercriminals to become more secretive, with 70% of vendors inviting us to talk over private or encrypted messaging systems. As dark net activity withdraws into the depths of the ‘invisible web’, law enforcement will find it more difficult to track transactions, making it harder to shut down platforms in the future.
It’s clear that the dark net represents a significant risk to the enterprise, arming cybercriminals with all the tools and services they need to steal data and disrupt business operations. But as activity goes deeper into the invisible web, organisations must ensure they take things into their own hands and improve their security posture, instead of hoping for another Alphabay style takedown.
If you’d like to learn more about the dark net threat to the enterprise, please download a copy of ‘Behind the Dark Net Black Mirror’ here.