Hackers use sophisticated tools to steal login credentials, harvest customers’ data and inject malware. However, despite their sophistication, these tools have been alarmingly easy to access for cybercriminals – even those with limited hacking skills and limited access to funds. Visit the dark web, and you’ll find full-scale, packaged attack methods on sale for as little as a few dollars.
Mike McGuire, a senior lecturer of criminology at the University of Surrey in England, and Bromium, a cybersecurity vendor, recently reviewed several notorious marketplaces for hacking tools on the dark web. Although law enforcement often cracks down on several hotbeds for illicit activity – primarily marketplaces for illegal drugs – these researchers have discovered that sites distributing malware products and stolen data remain operational.
McGuire and his research partners uncovered more than 60 vendors offering stolen credentials, providing access to multiple business networks. Companies in the financial services industry topped the list of most frequent targets, at 34%. Organizations in e-commerce (20%), healthcare (12%) and education (10%) followed. Intercepted communications and trade secrets also appeared among the listings of data offered on the dark web.
Among the tailored malware products for sale, researchers found kits for bypassing firewalls and opening remote connections to corporate systems. Hackers-for-hire also appeared in the listings, for those wishing to commission an attack. The price for these services ranged from $1,000 to $15,000.
That said, bargain hunters could find “stolen remove access credentials that are for sale for as little as $2,” McGuire said in a statement.
Ultimately, the McGuire/Bromium report demonstrates that those looking to target organizations in cybercriminal attacks still have ready (and sometimes cheap) access to the services, tools and information they need. Companies need to take precautions and understand the threats that can originate from dark web sources before they have the chance to strike.
Lunarline can help companies of any size take action to stay a step ahead of cybercriminals on the dark web. Through our Managed Active Response Services (MARS) team, we offer complete dark web surveillance, operated by industry veterans who know how to navigate the shadowy regions of the internet and uncover any threats that may surface there.
For more information on dark web surveillance, or any of the services we provide, contact us online today.