In recent years, Armor’s Threat Resistance Unit (TRU) has been scouring underground hacker markets and forums to discover the cybercrime-enabling products and services that are traded there.
The results of this work have been published annually in its Dark Market series of reports, which has charted the rapid rise of cybercrime as a service. As the authors of the most recent edition note, it seems that, much like digital enterprises themselves, “the cybercriminals participating in these businesses are resilient, innovative, and agile.”
This work offers a window for enterprise tech leaders into hackers’ threats, tactics and procedures — vital intelligence for building defenses. Here, we share three alarming new threats on the dark web uncovered by Armor’s 2020 Dark Market Report: The New Economy. We also pass along some cybersecurity protection recommendations for IT and security teams.
Three alarming new threats on the dark web
#1 Business fullz
Business fullz are packets of information containing everything a criminal needs to impersonate corporate officers. For between $35 and $65, one dark market vendor offers business fullz containing a corporate officer’s credit score, a background report, Social Security Number (SSN), full name and birthday, certificate of business, bank account numbers and Employee Identification Number (EIN)/Tax Identification Number.
#2 Destroy a business as a service
The TRU team was alarmed to discover a dark web vendor offering to “destroy an individual’s business” by inundating them with spam emails and phone calls, shipping unwanted items to their business and including their phone number in advertisements. All for just $185.
#3 Hacker University
Video tutorials and instruction guides on how to commit an array of different kinds of cybercrime are nothing new. However, one criminal group has established what they’re calling “Hacker University.” For $125, to be paid in Bitcoin or Monero, “students” can access courses on everything from operational security and Wi-Fi hacking to network attacks and carding.
Constant vigilance is recommended for IT and security teams
Businesses should brace themselves for a sustained uptick in cybercriminal activity. As economic uncertainty pervades, and the ongoing global pandemic provides the ultimate cover of chaos under which to operate, hackers have become and will remain more emboldened than ever. And they’ll be further buoyed by high-profile stories of successful cyberattacks.
Here’s how IT and security teams should respond:
- Continuously train employees on how to identify suspicious activity, especially phishing attempts.
- Find, classify and protect your most sensitive data (particularly information impacted by compliance regulations such as PCI-DSS and HIPAA). Data security methods span on-premises and cloud environments and include encryption, masking, tokenization, erasure, authentication, access control, backups and recovery and data resilience.
- Deploy patches as promptly as possible, shortening the vulnerability window. Most of the major data breaches in the last two decades, not related to zero-day exploits, have been because someone failed to apply a critical patch in a reasonable amount of time. Many recent breaches were caused because patches were ignored for years.
- Employ data encryption to protect sensitive data, both in transit and at rest.
- Monitor cloud usage, manage access to cloud services and secure any data or applications you migrate.
- Build a shield around your environment with firewalls, anti-malware software, and intrusion detection and prevention systems.
- Provide an extra layer of security for your most critical systems by implementing multi-factor authentication.
- Users must have backups of data that are air-gapped from the internet. And ensure all critical data, applications and application platforms are backed up and password-protected.
- Apply a Zero Trust approach to everything — including people, devices, code and solutions.
To address vulnerabilities at Rackspace Technology, we proactively monitor the dark web through our vendor for any mentions of Rackspace Technology and our customers. In addition to this, we can see what vulnerabilities, services, applications and/or industries certain threat actors are leveraging and targeting.
The CTI team uses this information to create a threat landscape for Rackspace Technology and our customers depending on which industry vertical they reside. By doing so, we assist security analysts in their hunting and monitoring in taking a proactive approach to security operations.
Some key takeaways
As the report notes, “it is more important than ever for organizations and individuals to implement proven and comprehensive security practices.” And like cloud transformation, security isn’t a "one and done" activity. Every new day means a new fight so constant and sustained vigilance is paramount.
We recommend adopting a similar approach to our own, which involves working with a third party to do periodic reviews on your company’s threat landscape. And keep investing in your employees by providing learning and development opportunities and ongoing education on current and evolving threats.
CTI recommends continuing with regular patching schedules for enterprise software and applications, such as Windows, Adobe, and other popular vendors while expediting patching for business-critical vulnerabilities. In addition to this, reviewing logs and performing hunts within environments for anomalies are necessary security practices that should be conducted regularly.
As companies continue working remotely and under different stressors, issues may go unnoticed and result in security problems that potentially leave the company exposed. Proactive vulnerability management can help mitigate some of these risks and add layers of defenses through PDR services and other Rackspace enterprise solutions. Companies should also increase vigilance during crises and change current events, as adversaries are often keen to capitalize on newsworthy events to ensnare victims via phishing or other website compromises.
Getting Started with Zero Trust Security