It is no surprise that the world’s largest organisations are the most popular targets for hackers for the vast amounts of data, intellectual property, and financial information they hold, and a recent study has confirmed that as many as 40 percent of hackers operating in the Dark Web are selling hacking tools that specifically target FTSE 100 or Fortune 500 companies.
The fact that the most sophisticated cyber crime tools used to breach organisations’ IT networks were readily available on the Dark Web was proved correct when research carried out by Flashpoint found as many as 35,000 Remote Desktop Protocols (RDPs) on the Dark Web that allowed their owners to connect to computers running Microsoft Terminal Services.
These RDPs were being sold on the Dark Web marketplace Ultimate Anonymity Services and could be used to gain access to remote access servers belonging to hundreds of organisations located all across the world. Flashpoint said that by utilising fraudulently obtained RDP access, hackers have been successful in breaching several hospitality, retail, and online payment services. Compromised RPD servers not only provide direct access to victim networks but can also be used as instruments of anonymity.
A recent study conducted by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey and underwritten by security research firm Bromium has found that as many as four out of then cyber criminals operating in Dark Web marketplaces are selling targeted hacking services aimed at FTSE 100 and Fortune 500 companies.
Even though law enforcement authorities in the United States, in Europe and in other regions have been able to shut down a number of large Dark Web marketplaces over the past couple of years, hackers are quick in setting up new marketplaces and carrying out anonymous transactions, so much so that there has been a 20 percent rise in the number of dark net listings with a direct potential to harm enterprises since 2016.
A large number of cyber criminals, who intend to profit from security weaknesses in enterprise servers holding vast amounts of data, purchase off-the-shelf hacking tools and malware to save themselves from the arduous task of developing malicious codes on their own. These novice hackers frequent Dark Web marketplaces to search for the most effective hacking tools at affordable prices.
Huge demand for specialised tools that target networks of Fortune 500 companies
However, the new research has found that custom-built and specialised malware created specifically to target FTSE 100 and Fortune 500 companies outnumber off-the-shelf hacking tools and malware by around two to one. This indicates that today’s hackers are more willing to buy specialised tools to target the largest organisations rather than using cheaper hacking tools to attack servers owned by small and medium-sized firms.
“The dark net has become a veritable candy store for anyone looking to steal IP and corporate data or disrupt business operations. A world once dominated by off-the-shelf malware has been replaced by a service-driven, on-demand economy. Savvy dark net vendors have responded to increased demand for business access and targeting, offering bespoke malware, access to corporate networks, and targeted corporate espionage services,” says Gregory Webb, CEO of Bromium.
“Any business relying solely on detection should be on notice, as custom malware will be unknown to their systems and will be free to pass through undetected to its target. Organisations should adopt a defense in depth security strategy that includes application isolation capabilities to identify and contain threats, as well as the ability to generate in-depth threat telemetry to stop cybercriminals from obtaining persistent footholds in corporate networks,” he adds.
While it is no surprise that more than a third of organisations targeted by hackers using specialised malware and hacking tools obtained from the Dark Web are banks and financial organisations, as many as 20 percent of such attacks are directed at e-commerce firms, 15 percent of attacks target healthcare companies, and 12 percent of them are aimed at breaching networks owned by organisations in the education sector.
Dark Web marketplaces are also offering access to networks owned by a large number of FTSE 100 and Fortune 500 companies, 29 percent of which are banking and finance companies, 24 percent are healthcare firms, 16 percent are ecommerce firms, and 12 percent are organisations in the education sector. The tools on offer are either stolen remote access credentials, backdoor access software, Remote Access Trojans, or keyloggers.
“Organisations need to strengthen their defenses to protect their endpoints and networks against threats posed by the dark net. But the dark net can also help them in gathering intelligence and monitoring threats that are out there.
“Enterprises, researchers, and law enforcement must continue to study the dark net to get a deeper understanding of the adversaries that we are dealing with, and better prepare ourselves for counteracting the effects of a growing cybercrime economy,” says Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey.
ALSO READ: 620 million stolen online accounts available to buyers on the Dark Web