Should you still be worried about the dark web? The short answer is yes. The dark web is active and thriving today. It’s actually busier than ever and still growing thanks in part to the rise of the gig economy.
How Significant is the Dark Web These Days?
The dark web is the world’s third-largest economy, and unlike the economy in many places, it is not experiencing any kind of downturn. In fact, it’s growing at an alarming rate. Cybersecurity Ventures estimates that the dark web will inflict about $6 trillion in damages worldwide in 2021, placing the dark web economy just behind the United States and China, the top two world economies. The same experts also see global cybercrime costs growing by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.
The U.S. Federal Bureau of Investigation (FBI) is also sounding the alarm about the precipitous growth that it is seeing in cybercrime, which is responsible for a major chunk of the dark web economy. In its IC3 2021 Internet Crime Report breaks down the bureau reported that its Internet Crime Complaint Center (IC3) received a record number of complaints from U.S. businesses in 2021 – 847,376 reported complaints, a 7% increase from 2020. Those complaints also carried a staggering amount of losses for U.S. businesses. The total amount of loss reported hit a new record high in 2021 of $6.9 billion. That’s a whopping 48% increase over 2020.
Cybercrime is responsible for one of the most significant shifts in economic wealth in history, and the dark web is the marketplace for cybercrime activity. That marketplace is thriving. These dangers have emerged from economic growth on the dark web.
Three Growing Dark Web Dangers
#1 The Cybercrime-as-a-Service gig economy
The economic shifts that have caused the rise of the gig economy have brought new prosperity to cybercriminals on the dark web. A major driver of that new prosperity is a booming Cybercrime-as-a-Service (CaaS) market. These days, outsourcing cybercrime is both easy and cheap. Gangs don’t need to keep a wide variety of specialists on the payroll. Instead, they can quickly and affordably hire skilled cybercrime specialists that are selling their services on dark web message boards, Discord servers and Telegram channels.
Most of the requests made on hacker forums are about hacking websites, selling sensitive data, obtaining stolen credentials or gaining access to a corporate resource. Researchers have determined that 90% of posts on popular dark web forums are from buyers looking to contract someone for hacking services, while 69% of posts were looking for website hacking and 21% looking for bad actors who could obtain specifically targeted user or client databases.
#2 There is a low barrier to entry into the cyberattack market
Bad actors don’t have to be skilled hackers or programmers to carry out profitable cyberattacks. They can simply buy the software, malware and other tools that they need to facilitate a cyberattack like plug-and-play phishing kits. Phishing-as-a-Service (PhaaS) specialists take care of everything – creating and hosting a phishing site, creating and installing a phishing template on the site, configuring the domain and take care of every technical aspect, sending emails to victims and collecting credentials or other desired data from the victims. Some operations also offer packages and monthly subscription programs that enable bad actors to simply pay a monthly fee to have the service conduct regular phishing campaigns and then deliver the buyer the results.
It’s also simple for cybercriminals to get their hands on tools like ransomware and other malware. These nasty tools of cybercrime are available as plug-and-play software complete with a user manual. An estimated 300,000 new pieces of malware are created daily. Malware as a service (MaaS) – and it’s offshoot Ransomware-as-a-Service (RaaS) – is a business model that offers the usage of ‘pay-and-use’ malware for conducting cybercrime. Of course, it’s also possible to farm out the work of conducting a ransomware attack entirely. The MaaS business model is very attractive because spreading out the work to many people makes it harder for authorities to track down and prosecute individuals or small groups of hackers, allowing gangs to avoid complete shutdowns and if they catch heat from the authorities.
#3 Easy access to an ever-rising pool of passwords
Credentials are a hot commodity on the dark web and there is an ever-growing supply. Cybercriminals can quickly get their hands on vast quantities of credentials that have been snatched or stolen in cyberattacks, sometimes without spending a dime. Researchers at Digital Shadows have determined that right now there are 24.6 billion complete username and password sets available on the dark web. That’s a whopping 65% increase since the last time this study was conducted, in 2020 or four complete sets of credentials for every person on Earth. Even more shocking? 6.7 billion of the offerings had a unique pairing of username and password – 1.7 billion more than what researchers found in 2020.
Most of those username and password pairs reached the market through cybercrime, but some do come from a company’s employees selling their access. Access brokers do a booming business, and an employee who wants to sell their valid insider credentials can make a good chunk of change, depending on the privilege level of that credential. Malicious insider actions like selling credentials result in an estimated 25% of data breaches. The more privileged a user credential, the more damage it can cause in the wrong hands. A malicious insider can easily sell their access to interested cybercriminals. An average legitimate corporate network credential sells for around $3,000, and legitimate privileged user credentials can go for as much as $120,000.
Put strong shields in place between your organization and dark web threats with our innovative, affordable solutions. Give us a call. We can help!
Article courtesy Kaseya