Dark Reading, June 10, 2019 with comments by Ray DeMeo;
Malware on the Dark Web is increasingly customized to target specific organizations and executives.
The Dark Web is a demented shopping center where people can buy or sell any number of wicked and malicious products and services. Whatever an ill-minded individual can think up and decide to follow through on, there’s a villainous vendor available for purchase. Lately, rounds of those malicious services are particularly eager to strike at the globe’s big businesses.
Evidence from research* shows 4 out of 10 vendors on the Dark Web sell their hacking services to those seeking to target large businesses in the Financial Times Stock Exchange 100 and Fortune 500. Fortune 500 and FTSE Corporate access is a product that’s openly sought after and sold on the Dark Web.
Over half of these ‘dark’ vendors (60%) provide access to 10+ networks. For buyer and seller alike, the Dark Web is a haven for pairing up those seeking to perpetrate malware and cyber crime and those ready and willing to aid and abet the process.
Dark Web Business Follows the Same Principles as Legitimate Business
Markets follow patters and the Dark Web sites are no exception. As even this market matures, inevitable consequences emerge.
Ray DeMeo, co-founder and COO at Virsec, points out to Dark Reading that the criminal world has become more sophisticated, efficient, and compartmentalized, just like legitimate business. As a result, he says, “Specialists are focusing on specific pieces of the supply chain, such as password theft, memory attacks, ransomware, and selling personal data in bulk. As part of this, many resources on the Dark Web have become Amazon-like, relying on building ‘good’ reputations with high-quality stolen data.”
From the Mundane to the Masterful, It’s All Available for the Right Price
The Dark Web’s wares include manipulating products and using them in a malware scheme. Bad actors involved also include professional services with these products and schemes. This has turned into a dark “malware-as-a-service” model. Those seeking these services don’t need a lot of skill or expertise to carry out sophisticated and complex attacks. They simply need to be able to pay others the money they demand for the technical skills.
The cost for “simple” malware currently starts around $150 and goes up to about $1,500 for going after a target. Typically the malware is ready to go into action for a “usual” malicious application. More money also can include customer services and greater assurances of desired results, including a higher dollar gain. If someone is wiling to pay more, that can buy them customization for their malware to do something particularly disruptive or destructive.
*Research performed by Dr. Mike McGuire, University of Surrey, UK
Read full Dark Web Becomes Haven article.
White paper: How The Shadow Brokers Have Permanently Changed The Cybersecurity Landscape
Newsletter: Latest issue
Memory Protection: Product page