Cybercrime, powered by the hard-to-follow tunnels buried within the dark net, will pose the second-highest risk to global commerce over the next decade. In 2020 alone, cyberattacks on critical infrastructure, both public and private, stand as the fifth-top risk. Meanwhile, cybercrime as a service represents a fast-growing threat. Tools available on the dark net are making malicious services easier for anyone to access and afford.

That data all comes from the World Economic Forum and its Global Risks Report 2020. It highlights why managed security service providers must constantly remain on the lookout for products and expertise that help them stay ahead of cyberperps.

After all, dark net-originated attacks on enterprise customers have grown more common, if not pervasive. According to Bromium’s 2019 findings in “Into the Web of Profit,” since 2016, researchers have tracked a 20% rise in the number of dark net listings that carry the potential to harm organizations.

“These include increases in targeted malware for sale, enterprise-specific DDoS services, corporate data for sale and brand-spoofing phishing tools,” wrote Michael McGuire, lead researcher and senior lecturer in criminology at the University of Surrey.

Indeed, the internet’s seedy underbelly no longer provides safe haven just for the lowest of the low — terrorists, drug dealers, human traffickers, killers for hire and pedophiles. It also serves as the musty basement for hackers looking to score easy money and send organizations into chaos. (Actually, many of these bad actors have turned to the sophisticated life. They even have executives and full-fledged staff.)

AppViewX’s Gregory Webb

“Cybercrime is an incredibly lucrative business for the bad guys, and both enterprises and governments aren’t doing enough to protect themselves,” noted Gregory Webb, who at the time of publication of “Into the Web” worked as CEO of Bromium. (HP bought Bromium in September of last year.)

That assessment comes despite the estimated $1 trillion Cybersecurity Ventures has projected organizations and governments will spend on cybersecurity products and services between 2017 and 2021.

The Dark Net and MSSPs

So what are MSSPs to do as the dark net shoots its tentacles into the enterprise? Stay vigilant, informed and prepared to act.

“Cybercriminals always seem to be a step ahead of enterprise security efforts, and a growing proliferation of dark net platforms is making it easier for them,” Webb wrote. “Only with a thorough understanding of the risks posed by threats on the dark net can we hope to combat their tactics and disrupt their networks. But to do that, the enterprise needs to completely rethink security, deploying layered defenses that go beyond detection — only then can legitimate businesses tip the balance in their favor. If we don’t, then we’ll never stem the tide of threats, or the lucrative trade in secrets and business-critical data on the dark net.”

One cybersecurity intelligence firm, Kela, intends to help MSSPs do just that with its new platform, IntelAct. The technology, Kela says, allows MSSPs to track and intercept any mentions of their clients’ network infrastructure, vulnerabilities or exposures in the dark net. This turns the attackers’ edge against them, remediating issues before they become breaches, the vendor says. IntelAct is fully automated, scalable, and requires no installation or network access.

Kela’s David Carmiel

“IntelAct is meant to help organizations – even at earlier stages of maturity – maintain a reduced attack surface at all times,” David Carmiel, CTO at Tel Aviv-based KELA, said.

Aviad Gal, product manager for KELA, agreed.

“What’s really unique about IntelAct is that it …

… monitors numerous high-quality dark net sources, extracts mentions of the specific assets that are compromised, and structures them into clear alerts in a dedicated workspace on the system, so that they’re perfectly digestible for the end user,” Gal told Channel Futures. “We take all of the complexity out of the dark net and provide the high-quality intelligence from these sources for the MSSPs and their users.”

Such capabilities will prove critical as the dark net evolves and targets the enterprise.

Kela’s Ayesha Prakash

“The dark net continues to turn more and more into an ecosystem of trading services rather than goods,” Ayesha Prakash, Kela’s newly tapped vice president of global channels and strategic alliances, told Channel Futures.

This “servitization,” as Prakash put it, means threat actors working to generate more money now view organizations as prime targets. Thus, these cybercriminals continue to create new and specialized markets for various products and services. Think targeted ransomware and credential abuse as just two examples. However, because so-called servitization (or the aforementioned cybercrime as a service) requires fewer skills on the part of the hackers, MSSPs can gain an advantage with the right tools on hand.

“Enterprise defenders [can] collect actionable, targeted intelligence, effectively aiding enterprises in reducing their attack surface and gaining a better visibility into what attackers do,” Prakash said. “This is definitely a growing trend that we expect to continue … over the next year.”

How IntelAct Works

First off, MSSPs can use IntelAct with the other resources they have in place. It does not replace anything; rather, it augments what MSSPs already use.

“The intelligence gained from IntelAct can be used as a trigger for investigation or as … a source of data enrichment,” Gal said.

To that point, Gal added, “An IntelAct alert regarding a new leaked employee email can trigger a password change. Or, it can be used to check if the password of a user who performed a suspicious login, that was prompted by another data source, was published somewhere in our sources.”

MSSPs also can employ IntelAct for visibility into clients’ exposure to the dark net. Here’s what that can look like:

One of the keys is that IntelAct allows MSSPs to perform these actions for multiple clients.

“IntelAct allows full automation, which is something that is very different than most solutions out there today,” Gal said. “Most existing solutions require lots of manual assistance in the process of servicing their clients. IntelAct’s automation allows MSSPs to scale the number of clients they are catering to without the need to expand their teams, essentially allowing them to better increase their revenues.”

Kela recommends MSSPs lean on IntelAct to give clients more complete services, and to upsell to those customers. Some possible instances of that include proactive mitigation and patch management; reducing “noise” and false positives by verifying and prioritizing threats; and tracking adversaries and collecting intelligence across multiple illicit online communities.

And those recommendations don’t just apply to enterprise end users. Prakash says MSSPs need to protect themselves as much as they do their clients.

“Service providers are a big target by threat actors nowadays as well,” she said.