Dark web analysis shows high demand for hackers
Positive Technologies’ experts have analyzed the ten most active forums on the dark web, which offer services for hacking websites, buying and selling databases, and accessing web resources.
The research found that in the vast majority of cases on these forums, most individuals are looking for a hacker, and in 7 out of 10 ads, their main goal is to gain access to a web resource.
The research discovered that in 90% of cases, users of dark web forums will search for hackers who can provide them with access to a particular resource or who can download a user database.
Only seven percent of forum messages analyzed included individuals offering to hack websites. The remaining three percent of the messages analysed were aimed at promoting hacking tools, programs and finding like-minded people to share hacking experience.
Positive Technologies analyst, Yana Yurakova said: “Since March 2020, we have noticed a surge of interest in website hacking, which is seen by the increase in the number of ads on forums on the dark web. This may have been caused by an increase in the number of companies available via the internet, which was triggered by the COVID-19 pandemic.
“As a result of this, organizations that previously worked offline were forced to go online in order to maintain their customers and profits, and cybercriminals, naturally, took advantage of this situation.”
Gaining access to a web resource
According to the research, 69% of ad inquiries were related to website hacking, where the main goal was to gain access to a web resource. Not only does this show that attackers can steal sensitive information, but they can also sell access to web applications to so-called fences.
Inquiries aimed at obtaining user or client databases from a targeted resource ranked second in popularity with 21% of all ads seen. Competitors and spammers who collect lists of addresses for targeted phishing attacks aimed at a specific audience are primarily interested in acquiring this type of information. The research shows that custom databases such as these can cost up to $20,000.
Additionally, people on dark web forums also look for hackers who can place malware on a web resource or ones who can hack a website in order to delete particular data located on it, seen in four percent and three percent of ads respectively.
Among the various options of purchasing and selling hacking services and website access, there is a consistently high demand for access to online store sites, with prices ranging between $50 and $2,000.
Experts say this is very popular due to the fact that when paying for goods, users enter their credit card details. Thus, attackers have opportunities to inject malicious JavaScript code into these websites to intercept the information entered by the user and use it for their personal gain.
Attackers obtaining privileged access to online stores
Another way attackers cash in on users is by obtaining privileged access to online stores, which then allows them to place orders using other people’s payment cards, or not pay at all.
Positive Technologies Senior Information Security Analyst, Vadim Solovyov said: “Insufficient web application security and the ability of criminals to easily find an experienced hacker or a ready-made tool for hacking a web resource pose an undoubted threat to both users and companies.
“Hacking a company’s web applications can lead to global consequences, ranging from data leaks to penetrating the company’s local network and using its resources in subsequent attacks.
“When building a security system, we recommend following the principles of a risk-oriented approach, based on an understanding of the magnitude of negative consequences that are acceptable for your company.
“To protect your company, you should adhere to the principles of secure development and use automated source code analysis tools to search for errors and vulnerabilities. It is essential to regularly evaluate your web application security and to use a web application firewall for proactive protection against attacks.”