Please fill in the form below to subscribe to our blog

Why You Should Worry About the Booming Dark Web Economy

April 16, 2021

The Dark Web Economy is Thriving & That’s Bad News for Everyone Else


In the wake of the global pandemic, everyone is trying to do more with less. Economic challenges are creating budget shortfalls that require creative thinking for businesses to overcome in almost every sector. But while many facets of the global economy are beginning to shift into recovery mode, there’s one economic engine that has powered explosive growth that shows no signs of slowing down: cybercrime. The dark web economy is growing by leaps and bounds. That may be great news for cybercriminals but it’s terrible news for businesses.


global year in breach depicted as a printed report.

Give your clients the cold, hard facts that tell the tale of exactly how much danger their business is in. GET THIS FREE BOOK>>


There’s No Recession on the Dark Web 


The dark web economy has seen major shifts in the past year as new opportunities for cybercrime created new profitability for everyone from major ransomware gangs to cybercrime-as-a-service gig workers. Demand for all kinds of skilled cybercrime work is high – experts estimate that 90% of posts on popular dark web forums are from buyers looking to contract someone for hacking services. An estimated 69% of those dark web forum hiring posts were looking for cybercriminals to do some website hacking, while another 21% were looking for bad actors who could obtain specifically targeted user or client databases.  

Everything else that the researchers noted around hiring on dark web forums was small potatoes. About 7% of the forum posts measured were ads for hackers looking for work. Even in a booming economy, there are several reasons for hackers to be advertising their services. Some hackers have a very specialized skillset, like specialists in social media scams or brand impersonation campaigns. Advertising their services uniquely helps them find better-paying work. Others may be new to the gig and trying to build their reputation or make contacts. Still others are drifters that move in and out of cybercrime gangs.  

Not all “hackers” are actually hackers. Putative cybercriminals can also profit from selling their own tech. A little over 2% of the forum posts measured by the researchers were made by cybercriminal developers who were selling the tools of the trade like password crackers, payment skimmers, malware, ransomware and other hacking programs. Hackers also use those forums as a way to meet people interested in planning or participating in cyberattacks — about 1% of the surveyed dark web forum posts were made by hackers seeking hackers for a team-up.  


Which of your vendors will cause your next cyberattack? Read our new eBook to learn how to spot and stop third party risk. GET THIS BOOK >>


Everything Has a Price 


What are cybercrime buyers hiring hackers for? The most popular category of “job” postings is from buyers who want to hire hackers to meddle with retail operations to facilitate payment jacking. They’re hiring hackers to inject malicious JavaScript code into websites to catch data entered by shoppers. Those buyers are also interested in hacked databases from retail outfits. Hacking these companies usually costs between $50 and $2,000. This spells disaster for many organizations – 60% of companies go out of business after a cyberattack, a number that can go much higher when direct financial hits are involved 

Websites are a perennially popular target. Buyers that want to acquire web shells, access to the administration interfaces of websites, or ready-made exploits that can be used to inject SQL code are always hiring. This has been an especially hot category as the sudden shift to remote work created vulnerabilities to exploit. A slow, lurching update cycle for many businesses has also left exploitable openings. Hacking a website can cost as much as $10,000. A task like web shells can range in cost from a few cents each to $1,000 per instance depending on the difficulty and time commitment involved for the hacker, while custom databases are priced between $100 and $20,000, or between $5 and $50 per 1,000 entries.

Buyers are hungry for databases, creating opportunities for enterprising hackers. Those enterprising hackers are having a field day snatching up data from companies that haven’t addressed vulnerabilities. Sometimes, hackers don’t even wait for a buyer, they’ll sell pre-hacked, freshly unlocked databases that can be priced as high as $20,000, or up to $50 per 1,000 entry. Typically, those entries include some personally identifying information (PII) in each entry like username, email address, full name, phone number, home address, date of birth and occasionally social security and identification numbers. Boutique hacking, sometimes involving assistance from malicious insiders, like accessing a custom database is available at a premium price: between $100 and $20,000, or between $5 and $50 per 1,000 entries – definitely not chump change. 


See how automated, affordable phishing defense with Graphus can save your business a fortune! GET THE EBOOK>>


Put Strong Protection Between Your Business and Dark Web Danger


Thriving dark web marketplaces do not bode well for businesses. It’s essential that organizations take a few steps right now to secure their data and systems from this growing threat. Here’s our prescription for a winning combination of solutions to mitigate this growing dark web danger. 

  • Dark Web ID – Don’t let cybercriminals sneak into your network with a compromised credential. Up to 80% of data breaches involve credential compromise. Make sure yours aren’t available with 24/7/365 human and machine-powered always-on dark wen monitoring that alerts you to trouble fast. 
  • Passly – Secure identity and access management with multifactor authentication is a must-have to take the power out of a filched password. Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime. Plus, automated password resets make everyone’s life a little bit better. 
  • BullPhish ID – Protecting a business from cybercrime starts with protecting it from phishing. An estimated 65% of cybercriminals use phishing as their primary method of attack. The new BullPhish ID enables trainers to either use create their own custom content or choose a  premade phishing simulator kit in 8 languages, with new content added monthly to make sure everyone is up to speed on the latest threats. 

Get help from experts to make sure that you’re doing everything necessary to spot and stop danger coming your way from the dark web in 2021.