Dark net malware becomes more targeted
The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties by two to one, according to a new study.
The research from application containment company Bromium also finds four in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses.
"The dark net has become a veritable candy store for anyone looking to steal IP and corporate data or disrupt business operations," says Gregory Webb, CEO of Bromium. "A world once dominated by off-the-shelf malware has been replaced by a service-driven, on-demand economy. Savvy dark net vendors have responded to increased demand for business access and targeting, offering bespoke malware, access to corporate networks, and targeted corporate espionage services. Any business relying solely on detection should be on notice, as custom malware will be unknown to their systems and will be free to pass through undetected to its target. Organizations should adopt a defense in depth security strategy that includes application isolation capabilities to identify and contain threats, as well as the ability to generate in-depth threat telemetry to stop cybercriminals from obtaining persistent footholds in corporate networks."
The industries most frequently targeted by malware tools being traded on the dark net are banking (34 percent), ecommerce (20 percent), healthcare (15 percent), and education (12 percent) -- with targeted malware becoming increasingly popular to improve the effectiveness of campaigns.
Phishing also remains a preferred method for infiltrating corporate networks, with dark net vendors offering kits and tutorials to create convincing lures for phishing campaigns using genuine-looking company invoices and documentation.
"Purchasing corporate invoices is easy on the dark net, with prices ranging from $5-$10," says Dr Mike McGuire, senior lecturer in criminology at the University of Surrey. "These documents can be used to defraud organizations or as part of phishing campaigns to trick employees into opening malicious links or email attachments, which deliver malware that triggers a breach or gives hackers a backdoor into corporate networks which could be sold on the dark net."
The full report is available from the Bromium site.