The dark web has made cyber crime accessible even to those with only “rudimentary” IT skills, with malware available to buy for less than $10, around £8.50, a new report by forensic experts Forensic Pathways and security platform HP Wolf Security has found.
The dark web – a group of websites only accessible via special routing software, usually Tor – gives cyber criminals “an anonymous online environment” where they “can collaborate, organise, hone their skills and establish illicit shops”, the report says.
The early hacking subcultures of the 1990s, in which participants would often compete purely for the prestige of demonstrating their technical prowess, have receded and given way to a for-profit free-for-all of “DIY cyber crime” kits and for-sale malware, the report’s authors claim, dramatically lowering the skills level needed to engage in cyber crime.
“Back in the day you had to figure stuff out yourself and show off what you could do technically to be noticed,” said Michael Calce, HP Security Advisory Board chairman and former hacker. “Today, only a small minority of cyber criminals really code – most are just in it for the money, and the barrier to entry is so low that almost anyone can be a threat actor.”
In 2000, Calce, then a young teenager using the pseudonym “MafiaBoy”, launched a series of high-profile denial-of-service attacks against large online companies such as Yahoo, Amazon, Dell and Ebay. Yahoo, then the world’s most popular search engine, was sent offline for an hour. Now working as a security expert, Calce says the monetisation and spread of ransomware is “bad news for business”.
[ See also: How ransomware shut own an English council ]
Many criminals have now shifted from online fraud to data denial and destructive attacks, supercharged by the dark web and aided by the emergence of cryptocurrencies like Bitcoin. These have given hackers new, difficult-to-trace ways of monetising and laundering money from ransomware scams. Cyber crime has followed a trajectory towards “service and platform business models”, the report says, becoming much more efficient and targeted. “The cyber crime economy,” says Mike McGuire, senior lecturer in criminology at the University of Surrey, “has shifted from sole traders to mass production in less than 25 years.”
The cyber crime world has grown very sophisticated, according to the research, with 77 per cent of online marketplaces requiring a vendor bond, or license, to sell, and 92 per cent offering a third-party dispute resolution service. All marketplaces provide Amazon-like review and rating services. More than three-quarters of malware adverts listed cost under $10, the report says.
“Unfortunately, it’s never been easier to be a cyber criminal. Complex attacks previously required serious skills, knowledge and resource. Now the technology and training is available for the price of a gallon of gas. And whether it’s having your company and customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cyber crime affects us all,” says Alex Holland, senior malware analyst at HP and author of the report.
The National Cyber Security Centre’s 2021 annual report noted that 39 per cent of all UK businesses reported a cyber attack in 2020-21. And private companies aren’t the only victims – in 2020, Hackney council estimated it would cost £10m to recover from a serious breach that affected local service delivery.