There has been a 20 per cent rise in the dark net listings of malware targeting enterprises, warns a study. The dark net is that part of the Internet which is inaccessible when using standard browsers like Google. The study by cybersecurity company Bromium and researchers at the University of Surrey in Britain found that four in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses.
The research provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis from a panel of global industry experts across law enforcement and government.
Furthermore, access to corporate networks is sold openly, with 60 per cent of vendors approached by researchers offering access to more than ten business networks each.
Of the dark net vendors who were engaged, 70 per cent invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement.
More than 40 per cent of attempts by researchers to request dark net hacking services targeting companies in the Fortune 500 or FTSE 100 received positive responses from dark net vendors, the study said.
“Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries. The more targeted the attack, the higher the cost, with prices rising even further when it involved high-value targets like banks,” said Mike McGuire, Senior Lecturer in Criminology at the University of Surrey.
“The most expensive piece of malware found was designed to target ATMs and retailed for approximately $1,500,” McGuire said.
These services typically come with service plans for conducting the hack, with prices ranging from $150 to $10,000 depending on the company involved and the extent to which the malware was customised for targeted attacks, said the study.
The research was presented at the InfoSecurity Europe conference in Olympia, London.
