From the Netflix series ‘Narcos’, the story of the media-popular drug lord Pablo Escobar who in his time made more money in trafficking cocaine in a year than Colombia’s GDP, there are several factors that influenced his growth and the rise in demand of his product and the eventual fall of this kingpin.
Equally, there are a growing demand of stolen personal information, private data, privileged user login credentials and credit card numbers among others on dark web marketplaces which result in a significant loss of money paid as ransom, negatively impacting business globally.
Advances in Internet technology have been an important and crucial step towards general development in almost all aspects of life. However, a dark side has emerged.
The ability of companies to track customer buying treads and habits has led to privacy invasions, ranging all the way from annoying pop-up advertisements to Google ads that track consumers based on their current searches.
Numerous cases have been reported where students and children are exploited and intimidated on the Internet through cyber-bullying or threats of exposing and disclosing sensitive, personal and private files and information after being stalked.
On the other side, security breaches at the organization and corporate-level have made it easier for online criminals to tap the wealth that goes with the value of customers’ personal information cybercrime, dark web, cyber threats, cybersecurity, including credit card numbers and passwords from compromised companies’ databases.
These are then sold on the dark web copious amounts of money paid as ransom in the form of bitcoins.
Nationally, the aptitude of a particular state to spy other states through the Internet has triggered North Atlantic Treaty Organization (NATO) to draft new rules on cyber warfare that are expected to control how countries can react and respond to state-sponsored threats.
What is a Cyber Threat?
A cyber threat is an actionable risk involving a computer and a network, which if conducted are globally considered as cybercrimes.
The book of Cybersecurity Laws and Regulations defines cybercrime as an offense that is committed against individuals or organizations to intentionally cause loss or result in physical, mental or even reputational harm through a telecommunication network such as the Internet.
With Internet connectivity being accessible to an approximate 20 billion people by the year 2021, cyber threats are also expected to be on the rise with the same rate.
Cyber threats and warfare are now ranked as the greatest global threat at 44%, followed by the previous top threat, terrorism, at 27%.
This brings a classic fear of possibilities that hackers can even attack the power grid and shut down government agencies, effectively bringing the economy to a halt.
Cyber threats are proliferating for the most part due to a lack of cybersecurity. Cybersecurity systems and principles are developed to safeguard websites and web applications from hackers seeking to disrupt, delay, alter or change the flow of data.
These hackers vary in target, motive, levels of the organization, and technical capabilities, which is why both public and private corporations adopt ever-increasing and dynamic measures to prevent cyber threats, including gathering threat intelligence from the dark web.
Cyber-Crime as a Lucrative Business.
Cybercrime is now a service on the dark web with more than 30,000 domains and thus permits criminals and their customers to trade as easily as any legitimate business.
The use of bitcoins as their currency of trading makes them difficult to trace, hard to find and safe. In a recent study report, the famous drug industry has been overtaken by the cybercrime industry in terms of revenue.
This explains the increased cases of cyber-attacks and the reason why active dark web markets are economically thriving on stolen credentials.
A consumer’s credit card credentials’ going price is at least $20, whereas credentials with administrator access go for above $2 million. The connection is simple: the more access someone has to a system, the more valuable their identity is on the dark web.
A single site on the dark web is expertly estimated to generate more than $900,000 of revenue in a single day. Derek Manky, a Global Security Strategist, predicts that technological development in cybersecurity will raise the cybercrime rate by 20% and will generate more than $160 billion by 2020.
The dark web is so lucrative that anyone with basic computer science skills and with criminal intent can try their luck.
Passwords and logins credentials of special or privileged users such as system administrators and chief information officers are hunted, as this is the most crucial piece of information needed to access the most sensitive data a company or organization might have.
If such sensitive information falls into the wrong hands, it’s most likely to be traded back for ransom or sold on darknet markets.
Is There a Way Out?
No one expects that the IT world will be able to eliminate cyber threats entirely in the near future.
It’s already evident that the good guys are having trouble and a rough time trying to make life difficult for the bad guys on the dark web.
Basically, cyber threats and attack attempts take place almost on a constant basis.
From a Federal Bureau of Investigation (FBI) 2017 report, an average of 5,000 cyber-attacks per day take place globally across private users, government agencies and businesses, which accounts for over a 300% increase
From the “Narcos” series, if those who used cocaine during Escobar’s time eventually developed immunity against the drug, market demand would have equally reduced, and that’s how Escobar would have finally dried up.
Similarly, if the ease at which cyber criminals use stolen credentials can be controlled and reduced, successful cybercrimes can eventually be curbed.
The same scenario will likewise work with dark web marketplaces since if your key suddenly stopped unlocking important information, nobody will be willing to purchase it. Data’s value is fleeting due to the rapid pace of change across users and systems.
With that in mind, the best way to mitigate hackers looking to sell your privileged credentials on a darknet market is to devalue that which they have by initially ensuring that no single individual has full control and regulation of all systems in an organization.
Access and control should be tracked, monitored and shared among several users in a compartmentalized fashion to ensure the credentials of a single user can do no major good or harm if compromised.
The impact of these cyber threats can be minimized by some simple cybersecurity practices.
This includes regularly performing security risk assessments to look for and resolve the denial of service-related vulnerabilities and using network security solutions, including managed services from cloud-based vendors specialized in responding to DDoS attacks.
Software patch and update management practices, phishing attack testing, employee awareness, and network monitoring and alerting can further help reduce organizations’ threat exposure across networks.
Software such as ThreatInformer is likewise important to install for cyber insurance. It is programmed with an automated security risk assessment system that creates a cyber insurance profile and provides risk tracking and analytics services.
Continuous vulnerability scanning via antivirus software is important in order to identify whether your system is affected by a recent security threat.
While cybercriminals seem to be incorporating data theft and outright extortion as their main revenue source in ransomware, stealing personal information and credentials and using or selling it for further action and revenue still remains a major problem.