CPO Magazine, June 17, 2019, with comments from Ray DeMeo;
The wealthiest companies at highest risk of hackers, now running large-platform hacking models
Amidst all the businesses in the world seeking growth, one area that never needs to fear lack of growth is that of cybercrime. The economy of global cybercrime is lucrative and always growing.
Senior Lecturer in Criminology at the University of Surrey Dr. Mike McGuire has authored “Behind the Dark Net Black Mirror,” a 32-page report describing the progressive happenings in the Dark Net underworld. The report discusses hacking services and tools that are increasingly targeting large enterprises, intent on stealing wealth from them and putting in their own hands. Cybercriminals are migrating away from individual targets to focus on these big companies – Fortune 500 and FTSE 100 -- using custom-built malware and hacking service specially designed to strike these enterprises and economic sectors.
For the report, McGuire’s team of analysts spent five months researching over 70,000 Dark Net listings. They discovered what kinds of hacking services are for sale, searched for the enterprises targeted and the hacking tools most desired to use against them.
Research Team Conducted Interviews, Evaluated Dark Net Platforms
The team looked at 15 leading Dark Net platforms, four of which are Dream Market, Empire Market, Agora and Ramp). They conducted over 30 interviews and undercover, obtained memberships to three of these platforms so they could experience the real deal of how these dark actors find customers and carry out their business.
The research revealed proof that these shadow-criminals, having previously been successful in the smaller realm of stealing from individuals and small businesses, now seek bigger pockets. They found that 40% of vendors in the Dark Net sell their hacking services to clients intended to strike Fortune 500 and FTSE 100 companies. The products sold – bespoke, “custom-built” malware – is now selling 2:1 times over off-the-shelf malware.
Rising Risky Dark Business
Since 2016, Dark Net listings for hacking services have grown 20%. It takes McGuire’s kind of research to track these activities because the majority of it is not visible to mainstream web users. The Dark Net can’t be surfed by the browsers we use or by searched by Google. The business and shopping sites are beyond the view of law enforcement officials. It’s not only Dark, it’s practically Invisible and Dark Net users know this. End-to-end encryption communication platforms have furthered this. Cybercriminals can use these platforms – such as Telegram – and communicate freely about the hacks they are planning and who their targets are without fear of discovery from law enforcement.
In the course of their research, McGuire’s University of Surrey’s analysts documented being asked by Dark Net vendors to carry out dialogue using encrypted chats or platforms 70% of the time.
The Rising Tide of Threats
Part of the study included a tool called the 3D Dark Net threat assessment tool. The purpose of the tool is to analyze twelve (12) categories of hacking services to see how they are used to go after enterprises in specific industries. Examples of hacking services include malware infections and botnets. The popular industries targeted are:
- Banking 34%
- e-Commerce 20%
- Healthcare 15%
- Education 12%
Clients are willing to pay hackers a premium price to customize malware to suit their particular enterprise(s) in the crosshairs. The most expensive of the bespoke (custom) malware runs about $1,500 for getting into ATM machines at banks. Other services are less expensive, such as stolen credentials and lists of customer names are available for cheap. Even with the more pricey custom malware, it only costs a few dollars to go after big enterprises worth billions of dollars.
What Can Billion $ Enterprises Do?
Large companies like the Fortune 500 and FTSE 100 have targets on their backs and they must have defenses in place. What realistic, effective options are available to them to protect against these shadow vendors? The report talks about an important strategic option of having these firms and law enforcement increasingly sharing their knowledge and pooling intel.
However, a lot of organizations don’t give a passing thought to the Dark Net. Yet it’s not the imagined monster under the bed. This monster is a real threat that needs to be addressed accordingly and without delay. The old proverb, ‘Know Thy Enemy,’ fits. These companies have too much to lose to be inattentive, especially when the evidence is clear that the enemy is actively coming for you.
How Equipped Is the Enemy?
If the best indication of future behavior is past behavior, we have plenty of reason to be alarmed and even more reason to be prepared. Past incidents of targeted malware tools – EternalBlue, DoublePulsar - that fueled attacks like WannaCry, NotPetya, brought tremendous devastation and cost (many billions) around the world. Large enterprises need to understand these same capabilities and much more are in the hands of their adversaries now.
Along with familiar threats, the research team of analysts observed changes in cybercriminal activity. One of the changes is a shift to “platform criminality.” This refers to the scale of crime. Likened to other large business models like Amazon and Uber, Dark Net platforms are a mirror of these models except these are based on malevolent and destructive intent.
Combating the nature of these cybercriminal attacks requires a new approach to defense, one that goes beyond simply detecting threats. These nefarious forms of custom malware avoid detection entirely until it’s far too late. Research shows 60% of vendors selling criminal spying services sought to access at least 10 enterprises. Criminals make repeated and sustained efforts to break into the wealth-filled networks of top Fortune 500 and FTSE 100 companies. Not responding to this known threat puts these assets at great risk.
Ray DeMeo, Co-Founder and COO of Virsec, comments on this shift to platform criminality: “It sounds perverse to say, but the cybercrime business is growing up – becoming more sophisticated, efficient, and compartmentalized. Specialists are focusing on specific pieces of the supply chain, such as password theft, memory attacks, ransomware, and selling personal data in bulk. As part of this, many resources on the Dark Web have become Amazon-like, relying on building ‘good’ reputations with high-quality stolen data. You can literally shop for stolen credit cards, find a very competitive price and get guarantees or credits if a certain percentage don’t work – all for a few Bitcoin. In this context, it’s no surprise that sophisticated hackers are systematically trying to break into top enterprises – they’re following the money.”
Read full Dark Net Hacking Services Post Threat article.
Further resources:
Exporing the Anything Goes world of the Dark Web?
White paper: How The Shadow Brokers Have Permanently Changed The Cybersecurity Landscape
Newsletter: Latest issue