Keep these three things in mind when considering a company’s threat picture.
Should you still be worried about the dark web? The short answer is yes. The dark web is active and thriving today. It’s actually busier than ever and still growing thanks in part to the rise of the gig economy. That makes trends in dark web markets an important indicator of the rise and fall of threats that businesses face today and going forward. This deep dive into the shadowy realm of the dark web helps you get a look at the dangers that businesses might face from the dark web right now as well as what a company can do to stay safe from dark web threats in the future..
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
How Significant is the Dark Web These Days?
The dark web is the world’s third-largest economy, and unlike the economy in many places, it is not experiencing any kind of downturn. In fact, it’s growing at an alarming rate. Cybersecurity Ventures estimates that the dark web will inflict about $6 trillion in damages worldwide in 2021, placing the dark web economy just behind the United States and China, the top two world economies. The same experts also see global cybercrime costs growing by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.
The U.S. Federal Bureau of Investigation (FBI) is also sounding the alarm about the precipitous growth that it is seeing in cybercrime, which is responsible for a major chunk of the dark web economy. In its IC3 2021 Internet Crime Report breaks down the bureau reported that its Internet Crime Complaint Center (IC3) received a record number of complaints from U.S. businesses in 2021 – 847,376 reported complaints, a 7% increase from 2020. Those complaints also carried a staggering amount of losses for U.S. businesses. The total amount of loss reported hit a new record high in 2021 of $6.9 billion. That’s a whopping 48% increase over 2020.
Source: FBI IC3
How good is your identity and access management? Use this checklist to see if it’s really getting the job done. GET IT>>
3 Dark Web Dangers for Businesses
Cybercrime is responsible for one of the most significant shifts in economic wealth in history, and the dark web is the marketplace for cybercrime activity. That marketplace is thriving. These dangers have emerged from economic growth on the dark web.
1. The Cybercrime-as-a-Service gig economy
The economic shifts that have caused the rise of the gig economy have brought new prosperity to cybercriminals on the dark web. A major driver of that new prosperity is a booming Cybercrime-as-a-Service (CaaS) market. These days, outsourcing cybercrime is both easy and cheap. Gangs don’t need to keep a wide variety of specialists on the payroll. Instead, they can quickly and affordably hire skilled cybercrime specialists that are selling their services on dark web message boards, Discord servers and Telegram channels.
Most of the requests made on hacker forums are about hacking websites, selling sensitive data, obtaining stolen credentials or gaining access to a corporate resource. Researchers have determined that 90% of posts on popular dark web forums are from buyers looking to contract someone for hacking services, while 69% of posts were looking for website hacking and 21% looking for bad actors who could obtain specifically targeted user or client databases.
2. There is a low barrier to entry into the cyberattack market
Bad actors don’t have to be skilled hackers or programmers to carry out profitable cyberattacks. They can simply buy the software, malware and other tools that they need to facilitate a cyberattack like plug-and-play phishing kits. Phishing-as-a-Service (PhaaS) specialists take care of everything – creating and hosting a phishing site, creating and install a phishing template on the site, configuring the domain and take care of every technical aspect, sending emails to victims and collecting credentials or other desired data from the victims. Some operations also offer packages and monthly subscription programs that enable bad actors to simply pay a monthly fee to have the service conduct regular phishing campaigns and then deliver the buyer the results.
It’s also simple for cybercriminals to get their hands on tools like ransomware and other malware. These nasty tools of cybercrime are available as plug-and-play software complete with a user manual. An estimated 300,000 thousand new pieces of malware are created daily. Malware as a service (MaaS) and it’s offshoot Ransomware-as-a-Service (RaaS) is a business model that offers the usage of ‘pay-and-use’ malware for conducting cybercrime. Of course, it’s also possible to farm out the work of conducting a ransomware attack entirely. The MaaS business model is very attractive because spreading out the work to many people makes it harder for authorities to track down and prosecute individuals or small groups of hackers, allowing gangs to avoid complete shutdowns and if they catch heat from the authorities.
3. Easy access to an ever-rising pool of passwords
Credentials are a hot commodity on the dark web and there is an ever-growing supply. Cybercriminals can quickly get their hands on vast quantities of credentials that have been snatched or stolen in cyberattacks, sometimes without spending a dime. Researchers at Digital Shadows have determined that right now there are 24.6 billion complete username and password sets available on the dark web. That’s a whopping 65% increase since the last time this study was conducted, in 2020 or four complete sets of credentials for every person on Earth. Even more shocking? 6.7 billion of the offerings had a unique pairing of username and password – 1.7 billion more than what researchers found in 2020.
Most of those username and password pairs reached the market through cybercrime, but some do come from a company’s employees selling their access. Access brokers do a booming business, and an employee who wants to sell their valid insider credentials can make a good chunk of change, depending on the privilege level of that credential. Malicious insider actions like selling credentials result in an estimated 25% of data breaches. The more privileged a user credential, the more damage it can cause in the wrong hands. A malicious insider can easily sell their access to interested cybercriminals. An average legitimate corporate network credential sells for around $3,000, and legitimate privileged user credentials can go for as much as $120,000.
Finding the fix for your security & compliance training challenges is easy with our buyer’s guide! GET YOUR GUIDE>>
Protect Your Organization from Dark Web Danger Affordably
Put strong shields in place between your organization and dark web threats with our innovative, affordable solutions.
Security awareness training
CISA recently recommended that companies step up their security awareness training programs to combat the current flood of cyber threats. BullPhish ID is the perfect solution to use to make that happen!
- A huge library of security and compliance training videos with 4 new lessons added a month!
- Choose from plug-and-play or customizable phishing training campaign kits
- Automation makes training painless for everyone
Dark web monitoring
Cybercriminals can do a lot with a compromised credential, like steal data and deploy ransomware. Compromised credentials are easy to obtain on the dark web and they open so many doors. Dark Web ID is the answer.
- 24/7/365 monitoring using real-time, analyst-validated data
- Monitoring of business and personal credentials, including domains, IP addresses and email addresses
- Gain priceless peace of mind about dark web dangers
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!