itb-nz logo
Story image

Dark web dangers threaten world's top enterprises

17 Jun 2019

The dark web is now a serious threat to enterprises, with 4 in 10 dark web traders now selling targeted hacking tools and services against Fortune 500 and FTSE 100 businesses.

New research from the University of Surrey, sponsored by Bromium, says that the dark web is home to a variety of bespoke and off-the-shelf tools designed to target the enterprise.

University of Surrey senior lecturer in criminology Dr Mike McGuire and his team talked with cybercriminal vendors across the dark web. They also gathered intelligence and consulted with industry experts to find out how the dark web poses a threat to the enterprise.

The study found that bespoke services most frequently target banking (34%), ecommerce (20%0, healthcare (15%), and education (12%).

“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” says McGuire. 

“The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks. The most expensive piece of malware found was designed to target ATMs and retailed for approximately US$1,500.”

Researchers also requested hacking tools that targeted high value organisations. Services against Fortune 500 companies and similar can range from $150 to $10,000 – but it depends on the target company and how customised the malware needs to be, explains McGuire.

The study also found:

•    A 20% rise in the number of dark net listings with a direct potential to harm the enterprise since 2016
•    The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organisations outnumbering off-the-shelf varieties 2:1
•    Access to corporate networks is sold openly – 60% of vendors approached by researchers offered access to more than 10 business networks each
•    70% of dark net vendors engaged invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement

Phishing services remain a popular service on the dark web. McGuide says that corporate invoices can range from $5 to $10 on the dark web.

“These documents can be used to defraud organisations or as part of phishing campaigns to trick employees into opening malicious links or email attachments, which deliver malware that triggers a breach or gives hackers a backdoor into corporate networks which could be sold.”

“Organisations need to strengthen their defenses to protect their endpoints and networks against threats posed by the dark net,” says McGuire. 

“But the dark net can also help them in gathering intelligence and monitoring threats that are out there. Enterprises, researchers, and law enforcement must continue to study the dark net to get a deeper understanding of the adversaries that we are dealing with, and better prepare ourselves for counteracting the effects of a growing cybercrime economy.”

Statistics are taken from Bromium’s Behind the Dark Net Black Mirror study.

Story image
Pure Storage acquires Portworx for $370m, extends Kubernetes services and support
Pure Storage has signed an agreement to acquire Portworx for approximately $370 million in cash, with the aim of extending Kubernetes and containers solutions and support. This deal represents Pure Storage’s largest acquisition to date. More
Story image
Fast track your digital transformation with dynamic security services from Fortinet
Jon McGettigan, Fortinet A/NZ Regional Director, explains how enterprises can speed up their network service delivery programmes by embracing Fortinet’s dynamic security services.More
Link image
Huawei APAC FSI Data Storage Summit: Key takeaways
Missed the action? Catch the Summit on-demand & learn more about the latest trends in data storage.Watch Now
Link image
How to prove to your C-Suite that CX is worth the investment
Regardless of the benefits of customer experience (CX), the C-Suite wants to know how to validate an experience management program. Local CFOs voice their concerns about ROI, tangible value, and financial benefits – how will you make your case?More
Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Story image
Rubrik extends AWS partnership with Outposts Ready designation
“Supporting AWS Outposts is a natural fit for Rubrik, as our customers innovate more with AWS. Our SI partners also play an essential role as we work together to help our customers succeed.”More