Recruitment drive for hackers

Cybercriminals use the dark web – and pandemic – to boost their activities

Positive Technologies experts have analysed the ten most active forums on the dark web, which offer services for hacking websites, buying and selling databases, and accessing web resources. The research found that, in the vast majority of cases on these forums, most individuals are looking for a hacker and, in 7 out of 10 ads, their main goal is to gain access to a web resource.

The research discovered that in 90% of cases, users of dark web forums will search for a hacker who can provide them with access to a particular resource or who can download a user database. Only 7% of forum messages analysed included individuals offering to hack websites. The remaining 3% analysed were aimed at promoting hacking tools, programs and finding like-minded people to share hacking experience.

"Since March 2020, we have noticed a surge of interest in website hacking, which is seen by the increase in the number of ads on forums on the dark web,” says Positive Technologies analyst Yana Yurakova. “This may have been caused by an increase in the number of companies available via the Internet, which was triggered by the COVID-19 pandemic. As a result of this, organisations that previously worked offline were forced to go online, in order to maintain their customers and profits, and cybercriminals, naturally, took advantage of this situation."

According to the research, 69% of ad inquiries were related to website hacking, where the main goal was to gain access to a web resource. Not only does this show that attackers can steal sensitive information, but they can also sell access to web applications to so-called fences. Inquiries aimed at obtaining user or client databases from a targeted resource ranked second in popularity with 21% of all ads seen.

Competitors and spammers who collect lists of addresses for targeted phishing attacks aimed at a specific audience are primarily interested in acquiring this type of information. The research shows that custom databases such as these can cost up to $20,000.

People on dark web forums also look for hackers who can place malware on a web resource or ones who can hack a website, in order to delete particular data located on it, seen in 4% and 3% of ads respectively. Among the various options of purchasing and selling hacking services and website access, there is a consistently high demand for access to online store sites, with prices ranging between $50 and $2,000.

Experts say this is very popular, due to the fact that, when paying for goods, users enter their credit card details. Thus, attackers have opportunities to inject malicious JavaScript code into these websites to intercept the information entered by the user and use it for their personal gain. Another way that attackers cash in on users is by obtaining privileged access to online stores, which then allows them to place orders using other people's payment cards or not pay at all.

Positive Technologies’ senior information security analyst Vadim Solovyov comments: "Insufficient web application security and the ability of criminals to easily find an experienced hacker or a ready-made tool for hacking a web resource pose an undoubted threat to both users and companies. Hacking a company's web applications can lead to global consequences, ranging from data leaks to penetrating the company's local network and using its resources in subsequent attacks.

“When building a security system, we recommend following the principles of a risk-oriented approach, based on an understanding of the magnitude of negative consequences that are acceptable for your company. To protect your company, you should adhere to the principles of secure development and use automated source code analysis tools to search for errors and vulnerabilities. It is essential to regularly evaluate your web application security and to use a web application firewall for proactive protection against attacks."