Dark Web Looms Large as Enterprise Threat

New research from the firm Bromium finds dark web listings are booming as operators offer tailored access to enterprise networks.


New research has found that the dark web increasingly is being used to direct cyber crime toward the enterprise, with custom malware and services like access to specific company networks and kits for mounting massive phishing attacks now available for sale on the shadow network for would-be cybercriminals.

A new report, “Behind the Dark Net Black Mirror,” sponsored by security firm Bromium Inc. found that there has been a 20 percent rise in the number of dark-web listings with potential to harm the enterprise since 2016, making the secretive online community a better resource for cyber criminals.

Criminals, Not State Actors, Target Russian Oil Company in 3-Year Cyber Attack

Moreover, the research–undertaken by Mike McGuire, senior lecturer in criminology at the University of Surrey–found that the 25 to 33 percent of dark web activity now is related to buying and selling corporate data with the purpose of defrauding and disrupting enterprises.

This activity is aimed at damaging businesses in a variety of ways–including depreciation in the value of the data, loss of customer faith, loss of staff morale, a rise in negative perception of the company, and additional expenditure on security to plug gaps where data has been breached, according to the report.

“The report clearly shows that the dark net has become a major threat to the enterprise, and a key enabler of cybercrime,” McGuire told Security Ledger. “The dark net is a veritable candy story for cyber actors looking to breach enterprise networks, steal data and spy on the enterprise, allowing cyber actors to easily arm themselves with the tools and services they need to launch attacks.”

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

Enterprise in cyber-criminal crosshairs

The dark web has become a hotbed of cyber criminal activity and a flourishing network for cyber criminals to gather and share and sell malware and other technology for mounting cybercrimes, as well as to organize to create coordinated attacks.

The Bromium report now shines new light on how cyber criminals are using the dark web to target enterprises in a more focused and concentrated way.

Report: Small, Stealthy Groups Behind Worst Cybercrimes

While previously a forum to where cyber actors could buy or sell personally identifiable information, login credentials, financial information and medical records to use them for nefarious purposes, the dark web is now emerging as a marketplace for specific services aimed at creating cyber disruption, stealing data and pilfering funds from enterprises, according to McGuire’s research.

Bromium research found the banking and finance sectors were the most often targeted industries among darknet operators. (Image courtesy of Bromium.)

Findings of the report include evidence that four in 10 dark-web hackers are selling targeting hacking services against FTSE 200 and Fortune 500 businesses. Network-compromise tools and services–including attack tools such as malware, access tools such as trojans, and targeted hacking and espionage services–also are now available on the dark web, all of which pose a high threat to business customers, according to the report.

Malware and access services in particular are popular items for sale, McGuire found. The dark net has become a haven for bespoke malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties two to one, according to his research.

“Almost every vendor is offering tailored versions of malware that makes them more likely to breach enterprise defenses,” Ian Pratt, co-founder and president of Bromium, told Security Ledger.

“The abundance of bespoke malware means that the enterprise is facing a potential wave of tailored threats that can slice through defenses with ease.”

Ian Pratt, Bromium

Moreover, hackers are brazenly selling access to corporate networks on the dark web, with 60 percent of vendors approached as part of the research offering access to more than 10 business networks at a time, he said.

“The report also shines a light on a dedicated market for corporate network access, with vendors offering stolen credentials or remote access trojans,” Pratt said. “For the enterprise, this raises the very real threat that cyber actors could stroll into corporate networks at any time, leaving them free to obtain high-value assets and install further backdoors for future access.”

Retreating into the shadows

To make matters even worse, as cyber criminals using the dark web get more savvy as to how to attack the enterprise, they also are getting smarter about how to evade detection by law-enforcement and retreating into the shadows to avoid those trying to identify the sources of cybercrime and shut them down, McGuire told us.

“The report also highlights a concerning trend that will make it more difficult to track cybercrime in the future,” he said. “Increased law enforcement activity has forced cybercriminals to become more secretive, with 70 percent inviting us to talk over private, encrypted channels in the invisible net, such as Telegram. This is making it even harder for law enforcement to track dark-net transactions, and helps to cover-up plans for future attacks on the enterprise.”

Despite this–or perhaps because of it–it’s more critical than ever for enterprises and law-enforcement officials to work together to neutralize threats from the dark web, McGuire said. Threat intelligence will prove integral to this effort, he said.

“A greater readiness to share intelligence gathered from the dark net with the enterprise will help reduce their susceptibility to certain threats,” McGuire told Security Ledger. “The development of specialized dark-net intelligence units will enhance the capacity of law enforcement to disrupt cybercriminal activity, which increasingly operates across both clear and dark nets–with one often bolstering the other. Tracking these exchanges will help reinforce the task of cybercrime prevention.”

Even without the help of law enforcement, enterprises can take matters into their own hands to secure their systems from criminals using resources from the dark web to attack their networks.

However, the task won’t be easy, Pratt warned. “Cybercriminals always seem to be a step ahead of security efforts, and a growing proliferation of dark-net platforms is making it easier for them,” he said.

To get a leg up on their attackers, enterprises need to begin to understand better the risks posed by threats on the dark web can we hope to combat their tactics and reduce their impact, Pratt said. This, however, will require a heroic effort by the enterprise to do “a complete rethink on security,” he said.

“There needs to be greater encouragement for the adoption of layered defenses that go beyond detection–only then can law enforcement and the enterprise tip the balance in their favor,” Pratt said. “If we don’t, then we’ll never stem the tide of threats, or the lucrative trade in secrets and business-critical data on the dark net.”

Comments are closed.