Positive Technologies’ experts have analyzed the ten most active forums on the dark web, which offer services for hacking websites, buying and selling databases, and accessing web resources 1. The research found that in the vast majority of cases on these forums, most individuals are looking for a hacker, and in 7 out of 10 ads, their main goal is to gain access to a web resource.
The research discovered that in 90 percent of cases, users of dark web forums will search for a hacker who can provide them with access to a particular resource or who can download a user database. Only seven percent of forum messages analysed included individuals offering to hack websites 1. The remaining three percent of the messages analysed were aimed at promoting hacking tools, programs and finding like-minded people to share hacking experience.
Positive Technologies analyst Yana Yurakova said: "Since March 2020, we have noticed a surge of interest in website hacking, which is seen by the increase in the number of ads on forums on the dark web. This may have been caused by an increase in the number of companies available via the Internet, which was triggered by the COVID-19 pandemic. As a result of this, organisations that previously worked offline were forced to go online in order to maintain their customers and profits, and cybercriminals, naturally, took advantage of this situation."
According to the research, 69 percent of ad inquiries were related to website hacking, where the main goal was to gain access to a web resource. Not only does this show that attackers can steal sensitive information, but they can also sell access to web applications to so-called fences. Inquiries aimed at obtaining user or client databases from a targeted resource ranked second in popularity with 21 percent of all ads seen. Competitors and spammers who collect lists of addresses for targeted phishing attacks aimed at a specific audience are primarily interested in acquiring this type of information. The research shows that custom databases such as these can cost up to $20,000.
Additionally, people on dark web forums also look for hackers who can place malware on a web resource or ones who can hack a website in order to delete particular data located on it, seen in four percent and three percent of ads respectively.
Positive Technologies Senior Information Security Analyst Vadim Solovyov said: "Insufficient web application security and the ability of criminals to easily find an experienced hacker or a ready-made tool for hacking a web resource pose an undoubted threat to both users and companies. Hacking a company's web applications can lead to global consequences, ranging from data leaks to penetrating the company's local network and using its resources in subsequent attacks. When building a security system, we recommend following the principles of a risk-oriented approach, based on an understanding of the magnitude of negative consequences that are acceptable for your company. To protect your company, you should adhere to the principles of secure development and use automated source code analysis tools to search for errors and vulnerabilities. It is essential to regularly evaluate your web application security and to use a web application firewall for proactive protection against attacks."
- In total, more than 8 million users are registered on these forums, more than 7 million topics have been created, and more than 80 million messages have been published.
- By offers, we mean ads published by service owners and hacker groups. They cannot act as indicators of supply and demand, as they are often posted only once.