Criminals are selling hacking services targeting world’s biggest companies

A new study – undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and underwritten by Bromium – provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis by a panel of global industry experts across law enforcement and government.

Network compromise tools and services on the dark net

Key findings:

• 4 in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses
• A 20% rise in the number of dark net listings with a direct potential to harm the enterprise since 2016
• The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties 2:1
• Access to corporate networks is sold openly – 60% of vendors approached by researchers offered access to more than ten business networks each
• 70% of dark net vendors engaged invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement.

“The dark net has become a veritable candy store for anyone looking to steal IP and corporate data or disrupt business operations,” commented Gregory Webb, CEO of Bromium. “A world once dominated by off-the-shelf malware has been replaced by a service-driven, on-demand economy. Savvy dark net vendors have responded to increased demand for business access and targeting, offering bespoke malware, access to corporate networks, and targeted corporate espionage services. Any business relying solely on detection should be on notice, as custom malware will be unknown to their systems and will be free to pass through undetected to its target. Organizations should adopt a defense in depth security strategy that includes application isolation capabilities to identify and contain threats, as well as the ability to generate in-depth threat telemetry to stop cybercriminals from obtaining persistent footholds in corporate networks.”

Bespoke services in vogue

The industries most frequently targeted by malware tools being traded on the dark net are banking (34%), ecommerce (20%), healthcare (15%), and education (12%) – with targeted malware becoming increasingly popular to improve the effectiveness of campaigns.

“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” said Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey. “The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks. The most expensive piece of malware found was designed to target ATMs and retailed for approximately $1,500.”

More than 40% of attempts by researchers to request dark net hacking services targeting companies in the Fortune 500 or FTSE 100 received positive responses from dark net vendors. “These services typically come with service plans for conducting the hack, with prices ranging from $150 to $10,000 depending on the company involved and the extent to which the malware was customized for targeted attacks,” Dr. McGuire explained.

Targeted access and phishing

Within every dark net market that researchers examined, vendors offered access to a diverse range of business networks, with banking and finance (29%), healthcare (24%), ecommerce (16%), and education (12%) corporate networks being the most common. “The methods for providing access varied considerably,” Dr. McGuire explains. “Some involved stolen remote access credentials that are for sale for as little as $2, others involve backdoor access or the use of malware. Illicit remote access tools appear to be most popular – we were offered Remote Access Trojans at least five times more often than keyloggers.”

Financial attack tools on the dark net

Phishing also remains a preferred method for infiltrating corporate networks, with dark net vendors offering kits and tutorials to create convincing lures for phishing campaigns using genuine-looking company invoices and documentation.

“Purchasing corporate invoices is easy on the dark net, with prices ranging from $5-$10,” continues Dr. McGuire. “These documents can be used to defraud organizations or as part of phishing campaigns to trick employees into opening malicious links or email attachments, which deliver malware that triggers a breach or gives hackers a backdoor into corporate networks which could be sold on the dark net.”

“Organizations need to strengthen their defenses to protect their endpoints and networks against threats posed by the dark net,” Dr. McGuire concludes. “But the dark net can also help them in gathering intelligence and monitoring threats that are out there. Enterprises, researchers, and law enforcement must continue to study the dark net to get a deeper understanding of the adversaries that we are dealing with, and better prepare ourselves for counteracting the effects of a growing cybercrime economy.”