There's been a significant rise in the number of dark web listings for malware and other hacking tools which target the enterprise, and an increasing number of underground vendors are touting tools that are designed to target particular industries.
A study by cybersecurity company Bromium and criminologists at the University of Surrey involved researchers studying underground forums and interacting with cyber-criminal vendors. The study found that the dark web is fast becoming a significant source of bespoke malware.
In many cases, the dark web sellers demonstrated intimate knowledge of email systems, networks and even cybersecurity protocols in a way that suggests they themselves have spent a lot of time inside enterprise networks, raising questions about security for some companies.
"What surprised me is the extent you could obtain malware targeting enterprise, you could obtain operational data relating to enterprise," Mike McGuire, senior lecturer in Criminology at the University of Surrey and author of the study, told ZDNet.
"There seems to be an awareness and sophistication among these cyber criminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that," he said, adding: "What surprised me is just how easy it is to get hold of it if you want to."
McGuire and his team interacted with around 30 sellers on dark web marketplaces – sometimes on forums, sometimes via encrypted channels, sometimes by email – and the findings have been detailed in the Behind the Dark Net Black Mirror report.
The study calculated that since 2016, there's been a 20 percent rise in the number of dark web listings that have the potential to harm the enterprise.
Malware and distributed denial of service (DDoS) form almost half of the attacks on offer – a quarter of the listings examined advertised malware and one in five offered DDoS and botnet services. Other common services targeting enterprises that were for sale include espionage tools, such as remote-access Trojans and keyloggers.