Cybersecurity
The battle between light and dark: the dark web and the future of business
How well-developed is the dark web really? Gerard Allison, senior vice president of sales for EMEA at Sophos reveals all.
T
he dark web has become much more developed than most businesses think. It has seen cybercriminals scale up their operations in dark marketplaces where bad actors trade, creating a
tertiary industry with a network of supporting services and well- established, professionalised approaches to cyber operations. The parallels of the dark economy to our own are endless. Similar to that of information technology companies, the cybercrime
ecosystem is shifting to ‘as-a-service’ offerings. As the dark economy evolves to meet the ever-growing demand from cybercriminals, the structures of their operations have developed into established businesses. This raises a number of operational challenges for businesses and poses the question, what does this mean for the future of IT security and can we learn from any dark practices?
The dark economy Criminal marketplaces have made it much easier for entry-level cybercriminals to commoditize malware and malware deployment services, stolen credentials and other data across the dark web. Access brokers use commodity exploits of vulnerable software to gain footholds on hundreds of networks and then sell them on to other criminals, often selling the same exploited access multiple times. This bustling economy is proving to be the perfect breeding ground for
scammers and cyber criminals. Marketplaces on the dark web often have no recourse to law enforcement, due to the (semi) anonymous and clandestine culture surrounding its operations. These spaces are populated by criminals and offer an open market, providing no regulation or quality assurance and most activity is extremely difficult to trace. Ransomware operators use the dark web as their HQ and are using it in
sophisticated ways; both to evade detection, as well as to spread novel techniques. These are then made available online to other cybercriminals – in the same way you’d buy antivirus software. For instance, more and more cybergangs have embraced the use of new programming languages to try and avoid detection, and to make it easier to deploy ransomware under various operating systems or platforms. Diversifying their operation is at the heart of the growth of
ransomware groups. A key area is the increase of leak sites, where these cyber criminals post details of their victims. Traditionally, the model has been fairly simple: if organisations pay, their data isn’t published on the leak site. If they don’t, it is. However, there have been some interesting developments in that space.
34 | April 2023 A prime example of this is the LockBit ransomware group which has been
at the forefront of ransomware innovation. For example, one tactic used by the group is to offer visitors, or the victim, the chance to destroy or purchase the stolen data, or to extend the timer counting down to publication. However, it doesn’t stop there, LockBit 3.0 offers a bug bounty program
to crowd-source testing of its malware and performs market research in the criminal community to improve the group’s operations and services. As a part of its bug bounty program, the ransomware group pays ‘researchers’ to provide Personally Identifying Information (PII) on high-profile individuals as well as web exploits for rewards between $1000 and $1 million. LockBit has also started paying bounties for “brilliant ideas” to improve its ransomware operations. Some businesses are already following suit – offering bounty schemes
to improve their own security stature. Ethical hackers can earn money by helping to improve organisations’ security and identifying vulnerabilities in their software. Increased visibility into these vulnerabilities means patches can be made before they are exploited by cybercriminals, whilst service feedback can be used to optimise user experience and services. However, these marketplaces have quickly become far more than just
places where products and services are advertised. When businesses become successful, organisations invest additional budget and resources into recruiting and retaining the best talent, whether this may be IT support, cybersecurity or any other vital tech position – this is no different for cybercriminals. The dark economy is worth billions and cybercrime and other
underground activity need the same talents and skill sets to that of the above ground economy to remain successful. To lure this talent, cybercriminals not only offer competitive salaries, but groups have even started offering added benefits including flexible working, paid time off and even sick leave. Job offers and recruitment posts become much more common on these platforms, with the biggest dark marketplaces having dedicated help-wanted pages to cater to both those seeking employment and those recruiting staff. This is becoming a concerning aspect of cybercriminal operations and it’s important that the security industry learns from this and continues to invest in the fight for cyber talent. The cybersecurity job market is already seeing a shortage in talent and skilled professionals are in high demand, but as these criminals continue to recruit, it’s vital that businesses continue to attract the skills they need to stay ahead of the competition.
www.pcr-online.biz
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
