Even as cybersecurity experts and researchers declare that the “underground golden age is over” as its top marketplaces are raided or close their doors, the dark web continues to thrive. In fact, Darkode, one of the most well-known hacking forums and black markets, recently reopened. And what are some of the most common wares at these underground markets? Organizational data, and the tools needed to get more. As long as the dark web exists, organizations must learn more about the threat they pose, and how to protect themselves.
A One Stop Shop for Cyber Attack Tools
There are any number of ways attackers can use the dark web to find what they need to attack an organization. One of the most common items is ransomware, which has become worryingly affordable. For less than $1000, anyone can buy a malware strain that can be used again and again. While individuals are frequently ransomed, organizations are naturally a much more lucrative target. In fact, sophisticated, hands-on ransomware continues to target large organizations, but with a new trick: threatening to release breached files if the ransom isn’t paid. This has led to skyrocketing ransom costs for organizations, with the average payment per incident going from around $13,000 in the first quarter of 2019 to $111,605 in the first quarter of 2020.
Related Watching: How to Prevent Data Breaches with GoAnywhere
The marketplace isn’t limited to digital purchases. Interested parties can also buy physical means of attack like credit card skimmers or USB drives loaded with malware. Recently, a former student managed to destroy 59 computers at a small college in New York in a single evening using a “USB Killer,” a USB thumb drive that discharges electrical current to fry any device to which it is connected. Though the “USB Killer” is shockingly legal to buy, such an item or similar is also available on the dark web to those who don’t want their purchases to be tracked. Such physical items would be particularly effective in the hands of a malicious insider who has access to workstations and servers.
The dark web is also a refuge for those who are inexperienced in digital attacks. Thousands of fraud guides are available to those eager to learn more about multiple different types of attacks like phishing, brute force, or even simple account takeovers. These guides are incredibly cheap, typically only running someone five to ten dollars. Hacking services are also readily available. The recent reopened Darkode, mentioned earlier, specializes in customized hacking jobs, as well as providing simpler services like renting a botnet to mount a DDoS attack.
An Underground Marketplace to Sell Your Breach Bounty
The goal for many types of malware is breaching systems to steal data. Attackers can utilize stolen credentials to use for themselves to commit identity fraud. However, oftentimes these breaches are so large that the amount of data stolen is more than an individual could use in a lifetime. Selling these credentials is even more lucrative than using the data for themselves. The dark web is the most natural and best place to sell these records. A hacker known as Gnosticsplayers has posted hundreds of millions of accounts for sale on the dark web, earning thousands of dollars in bitcoin.
Related Reading: Think Like a Hacker and Secure Your Data
Usernames and passwords are far from the only thing for sale. The dark web has someone’s entire identity for sale, from social security numbers to bank account numbers. For example, old tax returns stolen from accounting and legal firms are readily available for next to nothing. An old W2 can cost a few dollars or less, and makes it possible to file fraudulent returns, open accounts, and other identity scams.
Stolen information isn’t limited to human identities, either. Hackers are now trafficking in digital trust and machine identities as well, selling data like SSL and TLS certificates, which can be used to commit a number of different types of attacks. As more and more types of data come up for sale, the less confidence organizations and users can have in the security of the internet at large.
Any data breach isn’t pretty: lost files can open you up to suits from injured parties, as well as fines due to relevant industry or regional compliance requirements. The cost of a data breach has risen alongside the cost of a ransom payout, with an average estimated at $3.92 million by IBM.
Not for Sale: Keeping Data Off the Dark Marketplace
With seemingly endless ways to perpetrate attacks, and a ready-made spot to sell the bounty of these attacks, it’s easy to feel daunted at the prospect of how to put up defenses. However, there are plenty of ways for your organization to prevent or remediate any threats from the dark web.
Just as you keep locks on every door and window to your house, so too should you protect every endpoint in your organization:
- While antivirus on workstations is routine, a high priority should also be placed on server specific, native antivirus for your servers, which are the key storage areas data attackers and threat actors are eager to exploit.
- As IoT (Internet of Things) devices become commonplace in the office, it’s critical to put in place preventative security specific to such devices. Advanced threat detection solutions are the best way to find out if any IoT device, be it tablet or MRI machine, is infected with malware or being used for malicious purposes.
- Data movement and file transfers are key to any organization, and your files should be safeguarded both during transfer and at rest. Using a secure managed file transfer (MFT) solution ensures that your files make it from one location to the next, unadulterated and secure.
Insider threats should also be strongly considered when evaluating solutions. Insiders naturally have more access to data, and a simple purchase from the dark web could devastate an organization without proper monitoring and controls. Security solutions that enforce least privilege and detect anomalies within an organization can help defend against insider threats.
Related Reading: 6 Users to Put on Your Security Watch List
Monitoring can be provided by SIEM solutions, which filter numerous data sources and provide helpful insights through normalization and correlation. They can also identify suspicious behavior inside and outside of your organization through real-time updates, threat prioritization, and reducing the number of interfaces in need of monitoring.
Control can be achieved with identity and access management (IAM) solutions, which enable a robust approach to managing and governing access by utilizing the principle of least privilege, which highlights granting users only the access they need, when and how they need it. Employees require some access to complete their job, but not universal access, which can be all too tempting to exploit.
Poor cybersecurity strategies can also be improved by safeguarding your sensitive files. GoAnywhere MFT goes beyond merely protecting your files in motion and at rest. Some key features that can help avoid a data breach include:
- File encryption for sensitive data, and key managers that allow you to create, import, export, and manage your keys and certificates from a central location.
- File transfer automation, reducing or eliminating user errors and manual processes.
- Auditing and reporting, to get a birds-eye view of file transfer and user activity. Within GoAnywhere, that information is stored and is easily searchable. Plus, built-in reports and audit logs can be pulled or scheduled regularly.
- And more: learn why you should incorporate MFT into your cybersecurity strategy.
Finally, what better way to prevent being attacked than by thinking like the attackers? Penetration tests utilize ethical hacking to safely exploit security vulnerabilities, providing organizations insight and enabling remediation before an attack ever takes place. Regular penetration testing keeps organizations up to date on the latest strategies and tactics used by threat actors and the tools they provide on the dark web. Threat actors thrive in environments where individuals and organizations remain ignorant, hoping that their fear will overwhelm them into inaction. Staying vigilant and being proactive about building a strong security portfolio to set up barriers to your data is the best way to keep your information safe in their databases, and off the dark web.
