cybercrime photo

4 Dark Web Threats Businesses Need to Watch

The dark web is constantly evolving to present a thorny ticket of hazards for businesses. The point of origin for many of today’s most nasty and damaging cyberattacks, the dark web is the world’s third-largest economy and unlike many of the world’s industries, constantly growing. Dark web threats Cybersecurity Ventures predicts that global cybercrime costs will grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. That’s good news for cybercriminals and bad news for businesses. Dark web threats abound, endangering businesses from a myriad of vectors. These four dangers are just a few of the hazards that businesses face from today’s bustling dark web.

Cybercrime-as-a-Service is a growth industry & the top dark web threat
The Cybercrime-as-a-Service gig economy is the main driver of economic growth on the dark web and it is getting bigger every year. The growth of that industry is the biggest dark web threat that businesses face today. Cybercrime specialists typically sell their goods and services on dark web message boards, Discord servers and Telegram channels, and are generally paid in cryptocurrency. An estimated 90% of posts on popular dark web forums are from buyers looking to contract someone for cybercrime services. Now this industry is experiencing even more explosive growth thanks to the success that AI tools like Chat GPT and GPT-3 bring to the table, especially for phishing scams.

Malware-as-a-Service or Ransomware-as-a-Service
Malware-as-a-Service (MaaS), or its offshoot Ransomware-as-a-Service (RaaS), is a thriving sector of the dark web service economy. This type of operation offers pay-and-use malware for conducting cybercrime. Think of it as bad actors adopting the Software-as-a-Service revenue model. Malware authors develop and maintain software for prospective customers, much like any other software company. And like any other business, hiring specialists and service providers often makes good business sense for major cybercrime groups and nation-state threat actors. It is estimated that 300,000 new pieces of malware are created daily.

According to Microsoft researchers, a Phishing-as-a-Service (PhaaS) group’s subscription prices depend on a host of factors, but in general, the service can cost about $800 per month. Many of these operators offer what amounts to a one-stop shop for phishing, with phishing kits available for as little as $30. These groups feature everything from DIY kits to full-service contracting. It’s easy and cheap for a cybercrime group to hire a PhaaS practitioner who will take care of everything — build and host a phishing site, create and install a phishing template on the site, configure the domain and take care of every technical aspect, send emails to victims and collect credentials or other desired data.

Cybercrime affiliations
Cybercrime gangs are a major dark web threat. Most ransomware gangs recruit affiliates to conduct the actual attacks. In a common affiliate relationship scenario, the boss gang provides the affiliates with the proprietary malware used in the incident and access to specialized resources if needed. The affiliates typically handle the day-to-day business of the attack, sometimes turning the operation over to the boss gang when it’s time to negotiate the ransom. Affiliates are generally on the hook to pay the gang that recruits them an estimated 10% to 25% of the total take. Interestingly, many gangs operate formalized affiliate programs with terms and conditions that affiliates must abide by, like not attacking children’s hospitals, and they’ll disavow affiliates that break those rules quickly.

3 More Big Dark Web Threats

Cybercriminals are interested in many things to power their operations, like these three dark web threats.

Stolen credentials
One of the biggest dark web threats to businesses is credential compromise. Initial access brokers specialize in selling credentials that unlock the door to companies. Sometimes they gain those credentials from malicious insiders or former employees. In other cases, bad actors buy or obtain huge lists of credentials stolen in other breaches. They are often used in credential stuffing attacks — a cyberattack in which bad actors pelt a company’s defenses with thousands of credentials quickly in the hope that someone at that company has recycled a compromised password. There are more than 24.6 billion complete sets of usernames and passwords in circulation on the dark web, which is four full sets of credentials for every person on Earth.

Insecure operational technology or industrial control systems
Bad actors are hungry for information about business’ operational technology (OT) or industrial control systems. Every time that type of data falls into their hands, it makes it easier for them to conduct cyberattacks against infrastructure and manufacturing targets. Nation-state threat actors are interested in this data for their own purposes. Mandiant analysts discovered that one in seven cyberattacks gives the bad guys access to sensitive information about a business’s operation technology or industrial control systems.

Malicious insiders
It may not seem like it at first glance, but malicious insiders are a major dark web threat. When an employee wants to harm their employer or make money fast, the dark web is one of the first places they turn. Malicious insiders have many profitable options on the dark web, including selling their legitimate credentials or peddling their company’s proprietary data, customer lists or intellectual property. Malicious insider actions are responsible for an estimated 25% of confirmed data breaches.

What You Can Do 

Every business needs to be aware of these dark web threats and actively attempt to prevent the threats from becoming a reality. Persistent and consistent employee training, including phishing simulations, is an excellent defense.

Contact us to learn more about employee training and cybercrime prevention steps you can take today!

Article courtesy Kaseya