Cyber attack: Dark Web-listing of malware designed to target top companies is on rise


A collaborated research conducted by a cybersecurity company Bromium and the University of Surrey in Britain has revealed that there has been a 20 percent rise in the dark-web listings in malware targeting enterprises.

The researchers have found that four in 10 dark-net vendors are distributing targeted hacking services aimed at FTSE 100 and Fortune 500 businesses.

This study has provided details of first-hand intelligence, which was gathered from covert discussions with dark-net vendors, as well as the analysis from a panel of global industry experts across law enforcement and government.

It also revealed that the corporate network access details are sold openly, with 60 percent of dark-web vendors approached by researchers offering access to more than 10 business networks each. Among the engaged vendors, almost 70 per cent invited researchers to talk on encrypted messaging applications, like Telegram, to take conversations beyond the reach of law enforcement.

The team discovered that over 40 percent of attempts by the researchers to request dark-net hacking services, targeting business enterprises in the Fortune 500 or FTSE 100, received positive responses from such vendors.

As per Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, almost every dark-net vendor offered the team of researchers "tailored versions of malware as a way of targeting specific companies or industries."

In addition, he also mentioned that more targetted attacks include more money "with prices rising even further when it involved high-value targets like banks."

McGuire said that the most expensive malware found was designed to attack ATMs and retailed for almost $1,500.

It should be noted that these services come with service plans for conducting the attack and it includes a price range, starting from $150 to $10,000, which depends on the company involved and the customised malware for a different type of hacking.

This study was presented at the InfoSecurity Europe conference in Olympia, London.