As Dark Net Endangers Enterprises, MSSPs Need New Tools

Cybercrime, powered by the hard-to-follow tunnels buried within the dark net, will pose the second-highest risk to global commerce over the next decade. In 2020 alone, cyberattacks on critical infrastructure, both public and private, stand as the fifth-top risk. Meanwhile, cybercrime as a service represents a fast-growing threat. Tools available on the dark net are making malicious services easier for anyone to access and afford.

That data all comes from the World Economic Forum and its Global Risks Report 2020. It highlights why managed security service providers must constantly remain on the lookout for products and expertise that help them stay ahead of cyberperps.

After all, dark net-originated attacks on enterprise customers have grown more common, if not pervasive. According to Bromium’s 2019 findings in “Into the Web of Profit,” since 2016, researchers have tracked a 20% rise in the number of dark net listings that carry the potential to harm organizations.

“These include increases in targeted malware for sale, enterprise-specific DDoS services, corporate data for sale and brand-spoofing phishing tools,” wrote Michael McGuire, lead researcher and senior lecturer in criminology at the University of Surrey.

Indeed, the internet’s seedy underbelly no longer provides safe haven just for the lowest of the low — terrorists, drug dealers, human traffickers, killers for hire and pedophiles. It also serves as the musty basement for hackers looking to score easy money and send organizations into chaos. (Actually, many of these bad actors have turned to the sophisticated life. They even have executives and full-fledged staff.)

AppViewX’s Gregory Webb

“Cybercrime is an incredibly lucrative business for the bad guys, and both enterprises and governments aren’t doing enough to protect themselves,” noted Gregory Webb, who at the time of publication of “Into the Web” worked as CEO of Bromium. (HP bought Bromium in September of last year.)

That assessment comes despite the estimated $1 trillion Cybersecurity Ventures has projected organizations and governments will spend on cybersecurity products and services between 2017 and 2021.

The Dark Net and MSSPs

So what are MSSPs to do as the dark net shoots its tentacles into the enterprise? Stay vigilant, informed and prepared to act.

“Cybercriminals always seem to be a step ahead of enterprise security efforts, and a growing proliferation of dark net platforms is making it easier for them,” Webb wrote. “Only with a thorough understanding of the risks posed by threats on the dark net can we hope to combat their tactics and disrupt their networks. But to do that, the enterprise needs to completely rethink security, deploying layered defenses that go beyond detection — only then can legitimate businesses tip the balance in their favor. If we don’t, then we’ll never stem the tide of threats, or the lucrative trade in secrets and business-critical data on the dark net.”

One cybersecurity intelligence firm, Kela, intends to help MSSPs do just that with its new platform, IntelAct. The technology, Kela says, allows MSSPs to track and intercept any mentions of their clients’ network infrastructure, vulnerabilities or exposures in the dark net. This turns the attackers’ edge against them, remediating issues before they become breaches, the vendor says. IntelAct is fully automated, scalable, and requires no installation or network access.

Kela’s David Carmiel

“IntelAct is meant to help organizations – even at earlier stages of maturity – maintain a reduced attack surface at all times,” David Carmiel, CTO at Tel Aviv-based KELA, said.

Aviad Gal, product manager for KELA, agreed.

“What’s really unique about IntelAct is that it …