Let’s Go Shopping; How ’bout The Dark Web?
If you were to go shopping online but elected to bypass Amazon for the seedier parts of the Internet you might find ads that look like the following;
| For Rent : ATTACK YOUR ENEMIES or anyone. Do you have someone you want to knock off the ‘net? Our service will do it for you. Reasonable rates that get better for long term commitments. 5 minutes at 125 Gbs for €5. 3 hours for as low as $20/hour. Contact us for more details. | For Sale: Need a new identity?We can offer a U.S. green card, passport visa, driver’s license, and insurance card for $2,000. Prefer Canada? We can offer an Ontario driver’s license and Canadian passport for $1,000. Want to be a diplomat? Diplomatic passports from multiple countries for $2,000. |
| Need Money? We can help. ATM cards as low as $100 to $1,000 for accounts with balances ranging from $2,000 to $50,000. | For Sale: Full identities. Due to the latest breaches we have bargain prices on US identities. Australia, Denmark have gone up. Sorry. |
| Need credit? Did the takedown of Alphabay and Hansa curb your cash? We have credit cards available at reasonable prices. | Want to start own your business? Need a zero day? Need some malware? We can provide what you need AND tech support. |
The dark web has a ton of things for sale that are even more sinister but let’s just focus on the lesser of the evils. Some trends in legitimate business include SaaS (Software as a Service), HaaS (Hardware as a Service) and even TSaaS (Tech Support as a Service [I think I just made that up]). These are service providers that can do things for you that you either can’t do or don’t want to do for yourself. When you lack expertise, personnel, or don’t want to make an investment, these providers can help you out.
This same trend is proliferating on the dark web. Where DDoS (distributed denial of service) attacks used to take a certain level of expertise, now you can rent a service to do it for you. Don’t have the programming skills to write ransomware? Buy a kit. The list goes on. What does this mean for you and your business? Attacks will go on and likely increase in the future. The bar for entry into a criminal career in cybercrime is getting lower all the time, which translates into more people trying their hand at cybercrime.
What can you do about it? Unfortunately, we will always be playing catch up with criminals, because as long as someone has the time, new exploits will be found. And they will be weaponized and distributed. If you live in a dangerous neighborhood you learn where not to go, when not to go out, and who to avoid. The internet is a dangerous place. Unfortunately there are no signs to remind you that you are about to enter a bad neighborhood. We all need to realize that and take appropriate precautions.
Just as you can often tell gang members by some outward sign (a particular piece of clothing, tattoos, etc.), there are things to watch out for when on the internet. The usual tipoffs still apply; Is it too good to be true? Are you getting quick money for no effort? Is the email unexpected? Do you know the sender? Basically these and other signs are the mark of social engineering. These attacks are the worst because you have to have a connection to the web. Your employees are on the web all the time, for both business and pleasure. These days you can’t do business without the web. Training to spot the scam is a must. Otherwise you and your employees will be constant victims.
There is also the issue of attacks that do not use social engineering. These are things like poorly configured firewalls and network devices (CCTV cameras and DVRs for example) that can be exploited from the outside. If you don’t know how to set these up properly, you must get some help. You may feel that you cannot afford to hire someone to do a good job, but if you don’t, the cost to your business may be significantly greater because of a breach.
There have been several exploits found in commercial products (hardware and software) that have been patched by the manufacturer. If you have products that are not up to date with security patches, you are just putting out the welcome mat for the bad guys. Patching is a fact of life and one that is ignored at the peril of your security.
Shopping on the dark web can uncover some troubling products and trends. Business owners need to go shopping for protection, training. and qualified help to establish a secure business. The bad guys are spending money to take yours. You need to spend your money to guard what you have.
