- The Washington Times - Thursday, June 6, 2019

Cybercriminals selling computer intrusion tools and hacker-for-hire services on the darknet are increasingly catering to customers hoping to cause harm to corporate enterprises, according to a study released Thursday.

Dr. Michael McGuire, a senior criminology lecturer at the University of Surrey in Guildford, England, reported the finding after his team of researchers spent three months studying and speaking with vendors who advertise on the darknet, an unindexed portion of the internet relatively difficult to monitor.

Darknet listings “that have a potential to cause harm” to a particular enterprise, such as advertisements for targeted malware and corporate data, have increased by 20% since 2016, he wrote in the report.


TOP STORIES
Franklin Graham calls on nation to pray for Trump as impeachment effort gains speed
White House, Trump family slam impeachment witness for 'classless' Barron Trump reference
Joe Biden calls man a 'damn liar' at campaign event after he brings up son Hunter


Forty percent of darknet vendors contacted by the researchers offered hacking services targeting particular Fortune 500 companies, with prices ranging from $150 to $10,000 depending on the potential victim, the report said.

Sixty percent of vendors contacted claimed to be able to sell access to the networks of more than 10 specific businesses, according to the report.



“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries,” Mr. McGuire said. “The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks.”

“It’s a seller’s market for custom malware: Requests for bespoke malware outstrip ‘off the shelf’ versions 2:1, with an increased demand for zero-day, polymorphic malware, and malware tailored to specific industries,” added Gregory Webb, the head of Bromium, a California-based cybersecurity company that underwrote the report. “For organizations, this means the specter of customized threats never seen by detection-based security tools could hit enterprise IT assets at any time, slicing through defenses like a hot knife through butter.”

Authorities in the U.S. and abroad have routinely set their sights on darknet marketplaces where cybercriminals sell illegal goods and services, such as “Wall Street Marketplace,” an underground bazaar where vendors sold hacking tools and hardcore drugs, among other contraband, prior to being dismantled as the result of an international law enforcement operation announced early last month.

The Department of Justice unsealed criminal charges days later against two Israeli nationals accused of running another website, DeepDotWeb, that referred visitors to darknet marketplaces.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

 

Click to Read More and View Comments

Click to Hide