In the wake of the global pandemic, everyone is trying to do more with less. Economic challenges are creating budget shortfalls that require creative thinking for businesses to overcome in almost every sector. But while many facets of the global economy are beginning to shift into recovery mode, there’s one economic engine that has powered explosive growth that shows no signs of slowing down: cybercrime. The dark web economy is growing by leaps and bounds. That may be great news for cybercriminals but it’s terrible news for businesses.

The dark web economy has seen major shifts in the past year as new opportunities for cybercrime created new profitability for everyone from major ransomware gangs to cybercrime-as-a-service gig workers. Demand for all kinds of skilled cybercrime work is high – experts estimate that 90% of posts on popular dark web forums are from buyers looking to contract someone for hacking services. An estimated 69% of those dark web forum hiring posts were looking for cybercriminals to do some website hacking, while another 21% were looking for bad actors who could obtain specifically targeted user or client databases.

Everything else that the researchers noted around hiring on dark web forums was small potatoes. About 7% of the forum posts measured were ads for hackers looking for work. Even in a booming economy, there are several reasons for hackers to be advertising their services. Some hackers have a very specialized skillset, like specialists in social media scams or brand impersonation campaigns. Advertising their services uniquely helps them find better-paying work. Others may be new to the gig and trying to build their reputation or make contacts. Still others are drifters that move in and out of cybercrime gangs.

Not all “hackers” are actually hackers. Putative cybercriminals can also profit from selling their own tech. A little over 2% of the forum posts measured by the researchers were made by cybercriminal developers who were selling the tools of the trade like password crackers, payment skimmers, malware, ransomware and other hacking programs. Hackers also use those forums as a way to meet people interested in planning or participating cyberattacks — about 1% of the surveyed dark web forum posts were made by hackers seeking hackers for a team-up.

What are cybercrime buyers hiring hackers for? The most popular category of “job” postings is from buyers who want to hire hackers to meddle with retail operations to facilitate payment jacking. They’re hiring hackers to inject malicious JavaScript code into websites to catch data entered by shoppers. Those buyers are also interested in hacked databases from retail outfits. Hacking these companies usually costs between $50 and $2,000. This spells disaster for many organizations – 60% of companies go out of business after a cyberattack, a number that can go much higher when direct financial hits are involved

Websites are a perennially popular target. Buyers that want to acquire web shells, access to the administration interfaces of websites, or ready-made exploits that can be used to inject SQL code are always hiring. This has been an especially hot category as the sudden shift to remote work created vulnerabilities to exploit. A slow, lurching update cycle for many businesses has also left exploitable openings. Hacking a website can cost as much as $10,000. A task like web shells can range in cost from a few cents each to $1,000 per instance depending on the difficulty and time commitment involved for the hacker, while custom databases are priced between $100 and $20,000, or between $5 and $50 per 1,000 entries.

Buyers are hungry for databases, creating opportunities for enterprising hackers. Those enterprising hackers are having a field day snatching up data from companies that haven’t addressed vulnerabilities. Sometimes, hackers don’t even wait for a buyer, they’ll sell pre-hacked, freshly unlocked databases that can be priced as high as $20,000, or up to $50 per 1,000 entry. Typically, those entries include some personally identifying information (PII) in each entry like username, email address, full name, phone number, home address, date of birth and occasionally social security and identification numbers. Boutique hacking, sometimes involving assistance from malicious insiders, like accessing a custom database is available at a premium price: between $100 and $20,000, or between $5 and $50 per 1,000 entries – definitely not chump change.

Thriving dark web marketplaces do not bode well for businesses. It’s essential that organizations take a few steps right now to secure their data and systems from this growing threat. Here’s our prescription for a winning combination of solutions to mitigate this growing dark web danger.

Don’t let cybercriminals sneak into your network with a compromised credential. Up to 80% of data breaches involve credential compromise. Make sure yours aren’t available with 24/7/365 human and machine-powered always-on dark wen monitoring that alerts you to trouble fast.

Secure identity and access management with multifactor authentication is a must-have to take the power out of a filched password. Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime. Plus, automated password resets make everyone’s life a little bit better.

Protecting a business from cybercrime starts with protecting it from phishing. An estimated 65% of cybercriminals use phishing as their primary method of attack.

Get help from experts to make sure that you’re doing everything necessary to spot and stop danger coming your way from the dark web in 2021.