Experts Say Dark Web Helped Cybercrime Services Industry Grow

News

For years, the dark web has provided an anonymised haven for cybercriminals to hone their skills, giving rise to highly competitive illicit marketplaces where malicious actors stake their reputation on the quality of their malware services.

July 29, 2022

A recent report by cybersecurity firm HP Wolf, in collaboration with threat intelligence platform Forensic Pathways, found that virtually all darknet marketplaces allow buyers and sellers of malware services to leave reviews -- with at least 92% also offering dispute resolution for dissatisfied customers.

While custom cyberattacks can cost anywhere between US$1,000 and $4,000, the study reveals that at least three quarters of regular malware adverts are listed at under $10.

Gavin Wilde, a senior fellow at the Carnegie Endowment for International Peace, told OCCRP on Thursday that this trend speaks to broader patterns in the evolution of malicious cyber activity, with government-backed actors no longer necessarily being the most prominent players in this area.

“I view it as a manifestation of an evolving marketplace -- the continuing shift away from nation-state monopolies over sophisticated [attack methods] and bespoke [cyber] campaigns,” he said.

The explosive growth of so-called “malware-as-a-service” in recent years has led to the “democratization” of cybercriminal activity, allowing “even people with rudimentary IT skills… to launch cyberattacks at targets of their choosing,” according to HP Wolf’s report.

Wilde adds that the growing market for these services not only “levels the playing field” for illicit actors who may not previously have looked to cybercrime as a revenue stream.

It also increases opportunities for hostile nations to hide behind criminal groups as proxies for conducting cyber-offensives and intelligence-gathering operations against enemy states.

HP Wolf and Forensic Pathways’ study echoes concerns raised in another report by CheckPoint Security, released earlier this month, which described “today’s ransomware economy as a complex operation extorting millions of dollars per ransom, holding entire organizations captive under the threat of total system shutdown.”

CheckPoint Security also found that cyberattacks had increased at an average of 50% across different sectors since its last annual report. Educational and research institutions led the tables as the worst affected industry, closely followed by government and military organizations, communications services, internet service providers, and healthcare.

Though a number of high-profile enforcement actions around the world “have managed to put a noticeable dent in the ransomware ecosystem” over the past year, the firm warned that the exceptionally lucrative nature of the market likely means that it will only continue to grow.

Sergey Shykevich, a threat intelligence manager at Checkpoint Security, told OCCRP that the change to working practices as a result of the COVID-19 emergency will also help accelerate demand for these types of services.

“Many of the norms that entered our lives during the pandemic are here to stay, and those increase the attack surface for cybercriminals,” he said.

Shykevich recommended that defenders against cybercriminal threats ought to invest not only in effective safeguards against emerging attack methods, but also in raising awareness of best defense practices.

Cooperation between law enforcement and the private sector, too, will prove essential in safeguarding individuals and organizations as cybercriminal marketplaces continue to prosper and grow.

“Each side has its own strengths, but to battle such robust threats there must be good cooperation and information sharing between the sectors,” he said.