Most cybersecurity professionals are aware that one of the reasons why cybersecurity is so challenging to maintain is that opposition has access to resources that appear to be endless. A new “Dark Net and the Enterprise” report compiled by Dr. Mike McGuire, a criminology lecturer at the University of Surrey in the U.K., however, makes it clear just how sophisticated organized cybercrime has become.
Based on an analysis of 15 leading Dark Net platforms during November 2018 to March 2019, the investigation funded by Bromium, a provider of anti-malware software, found that cybercriminals increasingly are building business models based on their ability to compromise specific organizations.
The report found 60% of listings analyzed (not counting drugs) represented opportunities for direct harm to enterprises that could cause immediate and tangible damage involving network compromises, suspension of online services or financial losses. At least 60% of vendors queried in relation to compromising a network offered access to more than 10 enterprise networks, while 30% offered access between five and 10 and 10% were offering up to five. Malware, distributed denial of service (DDoS) and remote access trojans (RATs) were the most common types of network compromise services available, accounting for 25%, 20% and 17% respectively of all listings relating to network compromises.
Remote access credentials, meanwhile, were found priced at $2 to $30 each, and the cost to purchase targeted attacks on enterprises averaged around $4,500. That compares to $2,000 for targeted attacks on individuals. Around 40% of attempts by researchers to request Dark Net hacking services targeting companies in the FTSE 100 or Fortune 500 received positive responses, with pricing ranging from $150 to $10,000 depending on the company involved. Espionage services aimed at, for example, CEOs were offered for fees ranging from $1,000 to $15,000. Researchers also made contact with multiple individuals offering insider trading tips.
Pages suited for phishing attacks were for sale for just 99 cents, with full-service phishing kits for sale starting at $40. Credentials, phishing and fake receipts to obtain refunds were the most common types of services offered in relation to financial compromises, equating to 38%, 27% and 14% respectively. Fake Amazon receipts and invoices that could be used to obtain refunds were found for sale starting at $52.
Consumer account details, consumer bank logins and business email addresses were the most common types of data compromises, representing 28%, 21% and 15% respectively of listings analyzed.
Most of the communications with cybercriminals now occurs on invitation-only platforms, private forums and messaging networks where encrypted interactions between members are more easily hidden from law enforcement, according to the report.
The research also found there are far more requests for custom malware versus off-the-shelf versions, which appeared to confirm suppositions that requests for malware creation may exceed what is being offered by about 2 to 1. The most expensive malware targeted automated teller machines and retailed at $1,500. Almost every vendor offers tailored versions of tools that are touted as more effective based on the network being accessed—the higher value the target, the more costly the offer, the report found.
The report results show cybercrime is a trillion-dollar industry that can afford to continue to invest in developing new weapons that leverage technology such as artificial intelligence (AI), said McGuire.
McGuire added this report and others produced by his team make it clear enterprise IT organizations should ascertain how much of a target they are on the Dark Net to better understand how to optimize their own response. After all, it’s all easier to prepare a defense when the weapons that might be applied to launch the next attack have already been identified.