- The Washington Times - Thursday, June 6, 2019

Cybercriminals selling computer intrusion tools and hacker-for-hire services on the darknet are increasingly catering to customers hoping to cause harm to corporate enterprises, according to a study released Thursday.

Dr. Michael McGuire, a senior criminology lecturer at the University of Surrey in Guildford, England, reported the finding after his team of researchers spent three months studying and speaking with vendors who advertise on the darknet, an unindexed portion of the internet relatively difficult to monitor.

Darknet listings “that have a potential to cause harm” to a particular enterprise, such as advertisements for targeted malware and corporate data, have increased by 20% since 2016, he wrote in the report.

Forty percent of darknet vendors contacted by the researchers offered hacking services targeting particular Fortune 500 companies, with prices ranging from $150 to $10,000 depending on the potential victim, the report said.

Sixty percent of vendors contacted claimed to be able to sell access to the networks of more than 10 specific businesses, according to the report.



“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” Mr. McGuire said. “The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks.”

“It’s a seller’s market for custom malware: Requests for bespoke malware outstrip ‘off the shelf’ versions 2:1, with an increased demand for zero-day, polymorphic malware, and malware tailored to specific industries,” added Gregory Webb, the head of Bromium, a California-based cybersecurity company that underwrote the report. “For organizations, this means the specter of customized threats never seen by detection-based security tools could hit enterprise IT assets at any time, slicing through defenses like a hot knife through butter.”

Authorities in the U.S. and abroad have routinely set their sights on darknet marketplaces where cybercriminals sell illegal goods and services, such as “Wall Street Marketplace,” an underground bazaar where vendors sold hacking tools and hardcore drugs, among other contraband, prior to being dismantled as the result of an international law enforcement operation announced early last month.

The Department of Justice unsealed criminal charges days later against two Israeli nationals accused of running another website, DeepDotWeb, that referred visitors to darknet marketplaces.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide