If you want to destroy a business all you need is about $300, and know where to spend it.
Peter Bailey, head of Cybersecurity at Theta, says on the dark web, a part of the internet only accessible with specialised software, criminal enterprises are becoming increasingly complex, streamlined and professional.
As the global pandemic shifted a large portion of the workforce online, a rush of cyber criminals are taking advantage by attacking online infrastructure, and they are making a lot of money.
In 2021 Cert NZ reported almost $17 million was lost to cyber crime in New Zealand. Global researcher, CyberSecurity Ventures estimates the cyber crime industry to be worth US$10.5 trillion (NZ$16.8 trillion) a year by 2025.
And as the market grows, attacks are becoming far easier for criminal customers to access.
READ MORE:
* Five ways small businesses can evade cybersecurity threats
* Ransomware attacks around the world, including cyber insurance agencies
* Dealing with cyber crime: Some NZ businesses ‘feel they have no choice but to pay’
The idea of a “hacker” has fundamentally changed since the early days of the internet, Bailey says.
In the early days of the internet people thought of a hacker as a lone operator, he says.
But now that serious money is involved, hackers have become a comprehensive and multi-faceted business, with standardised practices, hiring processes and high levels of organisation, he says.
People skilled in coding can build a ransomware programme without mounting an attack themselves, people skilled in marketing sell the product, and people in call centres skilled at persuasion gently walk victims through paying the ransom, he says.
“Over the last five years, these businesses have developed such a high level of automation, that you no longer have to actually understand the software to mount a serious attack on a business,” Bailey says.
Three years ago, Bailey was shocked to see that ransomware could be bought as a service, similar to any other SaaS business.
Ransomware is a popular type of attack in which a victim’s files are held to ransom by malicious software put on the network by a hacker.
Previously if you wanted to take down a business you would need to build the ransomware yourself, a lengthy and specialised business, Bailey says.
Now a cyber criminal can buy a ready-made ransomware programme online for between $200 to $350, he says.
The ransomware is sold on dark web marketplaces, alongside guns, drugs, stolen credit cards, identities and “anything and everything that is illegal”, he says.
These marketplaces look like a “slightly off Trade Me”, he says.
“These places operate very similarly to Trade Me, except they are selling credit cards, passports, medical information. The sellers have a star rating based on user reviews, and can be removed from the site if they sell faulty goods. It is a thriving market that holds users to a certain standard.”
One section of the marketplace sells “toeholds”, which are vulnerabilities in a business that can be used to take over an entire system.
“A toehold is found when a group of hackers focus on a particular company and access what its vulnerabilities are. You can do a lot of it with automated scanning, and bots. From there they sell that information about particular organisations on to hackers who might want to attack that business,” Bailey says.
There are thousands of toeholds for New Zealand devices and businesses available on the dark web.
On one dark web by invitation only marketplace, called Genesis , criminals can buy access to online profiles.
Genesis has thousands of profiles of New Zealand users for sale for between $2 and $70.
A screenshot of one profile sighted by Stuff is linked to hundreds of websites and accounts including Google, Office 365, Trade Me, Paypal and Facebook.
The profiles are collected by bots that are programmed to scrape the log in data off a person’s browser.
There are over 2000 active bots in New Zealand on Genesis. In Australia there are only 1500.
“It is quite concerning that we have more than Australia, but not surprising. Australia has more maturity in the market, more security, and a focus from their Government on Cyber. Unfortunately we are a bit more relaxed,” Bailey says.
It isconcerning to see how much New Zealand information is for sale on the dark web marketplaces, he says.
“Small businesses think they are too small to target … the reality is, if you hold information on anyone, you are a target.”.
To run a ransomware campaign on a business costs US$200 plus the time it takes to run it. If you needed a toehold to get into the company that is an extra US$15 to $20.
So in total it is possible to take down a New Zealand business for as little as US$215, he says.
Cert managing director of incident response Jordan Heersping says activity on the dark web is a lot closer than people think.
“For New Zealand businesses the biggest cyber threats are data leaks or harvested information. These are the primary activities that people need to be aware of,” Speering says.
Even if a business does not plan on entering the dark web, they may be forced to if they fall victim to an attack.
“When businesses get ‘ransomwared’, the payment systems involved often direct people to dark net websites. These attacks start with information on the dark web, but then the payment is also received on the dark web.”
With the amount of money hackers are making, there is little chance the problem will go away any time soon, he says.
“The business models are getting more and more refined. This is all part of making sure they get paid for the work they have done, regardless of the fact the work they have done is a crime.”
© 2022 Stuff Limited
About Author
