Hackers take aim at Fortune 500 companies on the Dark Web

Dark Web listings with the potential to harm the enterprise are up 20% since 2016, according to Bromium.

What is the Dark Web, and why is it so bad if your information is there? Emily Wilson, vice president of research at Terbium Labs, discusses why consumers and professionals should be concerned if their data is leaked on the Dark Web.

Hackers are increasingly turning to Dark Web marketplaces to buy and sell tools to attack businesses, according to a Thursday Bromium report Into the Web of Profit: Behind the Dark Net Black Mirror.

The number of Dark Web listings with the potential to harm the enterprise have risen 20% since 2016, the report found. And four in 10 Dark Web hackers are selling targeted hacking services against FTSE 100 or Fortune 500 businesses.

Threats tailored to specific industries or organizations now outnumber off-the-shelf types by two to one, according to the report. Network compromise tools and services including malware, remote access trojans, and targeted hacking and espionage services were found to pose a high threat level to businesses.

SEE: Dark Web activities: 10 signs that you've been breached (free PDF) (TechRepublic)

Access to corporate networks is also sold openly on the Dark Web, the report found, and 60% of vendors approached in the study were offering access to more than 10 business networks at a time.

"The dark net has become a veritable candy store for anyone looking to steal IP and data or disrupt business operations," Gregory Webb, CEO of Bromium, said in a press release. "A world once dominated by off-the-shelf malware has been replaced by a service-driven economy. Savvy vendors have responded to increased demand for business access and targeting, offering bespoke malware, access to corporate networks, and targeted corporate espionage services."

Malware tools being traded on the Dark Web most frequently target banking (34%), ecommerce (20%), healthcare (15%), and education (12%) industries, according to the report.

"Almost every vendor offered us tailored versions of malware as a way of targeting specific companies or industries," Mike McGuire, senior lecturer in criminology at the University of Surrey and author of the report. "The more targeted the attack then the higher the price, with costs rising even further when it involved high-value targets like banks. The most expensive piece of malware found was designed to target ATMs and retailed for approximately $1,500."

The hacking services targeted at companies in the Fortune 500 or FTSE 100 typically came with service plans for conducting the hack, with prices ranging from $150 to $10,000 depending on which company was targeted, McGuire said in the release.

"Organisations need a much better understanding of the threats posed by the dark net, in particular those posed by custom malware and remote access trojans," McGuire said in the release. "The dark net, however, can be critical in achieving this. Organisations should build capacity to use the dark net for intelligence gathering, monitoring dark net marketplaces for the trade of malware, company or customer data being traded, and for potential brand misuses, such as the sale of invoices or spoof web pages."

For more, check out 5 ways to avoid top malware threats on TechRepublic. 

Also see

Cybersecurity, computer hacker with hoodie

Image: iStockphoto/stevanovicigor

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.