Let’s do a quick recap of the workings of the Dark Web. You may have heard of it and that it has something to do with hackers and cybercrime, but do you know what it actually is? And why the increased sophistication of its marketplaces should concern you?
The dark web is a part of the world wide web that is not indexed by search engines such as Google and is only accessible through special software. Tor, short for The Onion Browser, improves the privacy of its users and “hides” their often illicit activities.
By allowing users and website operators to remain anonymous or untraceable, the dark web has emerged as a central hub for cybercrime, most notable for its gun and drug trade.
Over time, however, the dark web has become THE marketplace where private information, such as medical files, credit card numbers, social security numbers, emails, and passwords, is being monetized and traded.
Why?
Because personal data is like gold: there’s no end to what someone else can do with it. For example, they could make purchases using your money, use streaming services without paying for them (because they have access), or get free medical care using your social security numbers.
If a cybercriminal manages to access enough data, they can make thousands, or even millions, by selling or trading it on this secret marketplace.
In recent years, law enforcement and other Security Experts have observed a radical change in how cybercriminals monetize and commercialize their data activities.
CcaaS, or Cybercrime as a Service, is an organized business model under which cybercriminals and malware developers sell their services to multiple cybercriminals simultaneously. From ransomware kits to password stealers, malware installation software, and tailored phishing pages with tutorials, the dark web marketplace is thriving as it offers tools that can help anyone pull off cybercrimes, even if they’re not tech-savvy.
There’s still a common misperception that all hackers are highly skilled loners who spend their days hunched over computers in dark basements. In reality, hackers come from all walks of life.
Whatever the reasons for their actions, cybercriminals are human, just like the rest of us, and therefore their spending habits imitate everyone else: they pay their bills, buy food, etc. Also, like the rest of us, they invest their time and money in ways that will help grow their wealth.
And while some hackers do operate independently, many others are part of cybercrime syndicates.
These organizations often recruit novice hackers from countries where poverty is prevalent. For these individuals, hacking is simply a job, a way to earn a living and provide for their families. The syndicates provide them with the tools and support they need to be successful, and in return, they get a cut of the proceeds.
With Cybercrime as a Service, cybercrime has evolved into big business as hacking has become super easy, lucrative, and difficult for law enforcement to trace. All that any (novice) hacker needs is a functioning computer and knowledge of and access to the appropriate dark web marketplaces.
What does the popularity of CcaaS mean for your business?
Statistics show the impact of cybercrime on business: The global cost of cybercrime reached over $2 trillion in 2020. (Juniper Research, 2019). Small businesses lose on average $200,000 per (ransomware) incident due to downtime and recovery costs, with 60% going out of business. (CNBC, 2019).
Fortunately, it is not the sophistication of these attacks that should worry you. CcaaS attacks (if one can call them that) are no different than the ones perpetrated by the criminals who originally developed the malware.
What they are, however, is automated, easy to carry out, and lucrative. Amateurs no longer need access to vast resources or infrastructure to execute an attack. All they need to do is rent some tools from the dark web, and, for a couple of hundred dollars, they’re in business. This easy access and the high success rates of attacks on SMBs is resulting in a noticeable escalation of cybercrime. It’s how the criminal world works: if there’s a way to make money off of something, the bad guys will take advantage of it.
Where before, the high cost of cybercrime (specialist tools, skills, and knowledge) meant that the focus was mostly on high-value targets (Marriot, Target, Yahoo, Equifax, JSB, etc.), we’re now seeing that a full 61% of SMBs experienced a cyberattack during the past year. While not all attacks were successful or damaging, it shows how rampant the issue is.
What can you do to protect your business?
Following basic IT hygiene and cybersecurity best practices remains the most important step organizations can take to protect themselves against cyber-attacks. We recommend:
- Adopting strict password policies
- Patching systems and applications right away
- Implementing appropriate security measures
- Backing up your files, and
- Train, train, train, train yourself and your staff.
These best practices are especially important for organizations that allow employees to perform remote work and that let employees use their own laptops and mobile devices for work.
If you’re not 100% sure that your business defenses can withstand these relentless automated attacks (one every 39 seconds!) and would like a realistic view of cyber protection best practices, call Meeting Tree Computer at (845) 237-2117.
No obligations, no strings attached, just a conversation to help you make the best decisions for the protection of your business.
