computer screens with codeThe researchers found that the banking and financial sector wasmost frequently targeted by tailored malware or hacking tools forsale on the dark web, constituting about 35% of those onoffer.(Photo: Bloomberg)

|

(Bloomberg) –Organized crime groups are selling access to thecomputer networks of financial firms like Bank of America Corp. andhacking tools targeting these companies, according to a Britishresearcher who posed as a buyer on several dark webmarketplaces.

|

While engaging criminal groups on the dark web in conversationsover several months, Michael McGuire, a criminologyprofessor at the University of Surrey, and his team discoveredtools for sale to steal login credentials of many businesses,including those of Bank of America customers. They also found whatsellers claimed to be the passwords and PINs of Qatar National Bankcustomers for sale.

|

Their findings, released in a researchreport today, offer rare insight into the workings of thedark web, the portion of the internet which requires specializedsoftware or authorizations to access and which isn't indexed byconventional search engines.

|

There are numerous sites on the dark web that serve asmarketplaces for hackers selling their services and the datathey've previously stolen.

|

“We couldn't legally purchase this stuff,” McGuire said in aninterview before presenting the findings at an information securityconference in London Thursday. His research was sponsored bySilicon Valley-based cybersecurity firm Bromium.

|

The scale of data breaches has grown in recent years as criminalhacking groups become increasingly adept at penetrating corporatenetworks and harvesting vast amounts ofinformation.

|

Often these data are then used for identity-theft and creditcard fraud. In other cases, access to a network is used toimplant ransomware which encrypts the contentsusing a key only the hackers control. The hackers then ask for aransom to be paid to hand over the key. Nation-states have alsobecome much more active in targeting corporatenetworks.

|

Between November 2018 and March 2019, McGuire's team reached outto sellers often over encrypted messaging services or inpassword-protected forums. Given the anonymous nature of the darknet, the researchers typically didn't have a clear sense of who thesellers they were negotiating with were or where they were based,he said. It's possible in some cases that these groups could beaffiliated with nation-states, or even that some were undercoverlaw enforcement officers posing as hackers as part ofinvestigations or intelligence-gathering, McGuire said.

|

In the case of Bank of America, the material McGuire foundavailable were fake web pages that could be used to harvestcustomer data in phishing attacks. In these attacks, a customer issent an email that appears to come from the bank, asking them toclick a link to access their account. The link then takes them tothe fake web page and records their username and password.

|

A complete phishing toolkit — including a tutorial manual — thatwould enable almost anyone to launch such a phishing attack againstBank of America customers was selling for $11, the report said.

|

In other cases, the researchers discovered individuals seekingemployees at companies such as AT&T Inc. and VerizonCommunications Inc. who would be willing to sell access to thosecompanies' networks in order to steal contract and payrollinformation.

|

The researchers found that the banking and financial sector wasmost frequently targeted by tailored malware or hacking tools forsale on the dark web, constituting about 35% of those on offer.

|

While those tools still require some knowledge to use, banksalso ranked highly among those entities to whose networks hackersclaimed they could provide ready access, the report said.E-commerce firms and health care providers were also populartargets.

|

The price for commissioning an attack on a specific corporationaveraged about $4,500, the researchers found. Bespoke corporateespionage services, targeting either individuals or specificinformation from a particular company, were available for feesranging from $1,000 to $15,000, they said.

|

McGuire said the research indicated corporate espionage, eitherfor competitive business advantage or possibly insider trading, waslikely far more prevalent than most people realized. “We posed asan enterprise and wanted to see if someone would get us informationabout a competitor's product trials and product lists, accountinginformation, and we got positive responses,” he said.

|

He also said that some information available for sale wasclearly marketed at those who might want to blackmail seniorexecutives — such as stolen emails that seemed to indicate anexecutive was romantically involved with a junior employee, McGuiresaid.

|

McGuire said his research suggested that, if they were notalready doing so, corporate cybersecurity teams ought to spend timemonitoring the dark web to pick up signs of potential threats, suchas data from their organizations already for sale or rogueemployees willing to sell network access to others.

|

Copyright 2019 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.