A recent British study posted at https://www.helpnetsecurity.com/2019/06/07/targeted-hacking-services provides a view of how cyber criminals are selling their services on the dark net. Four out of ten dark net vendors are selling targeted services aimed at Fortune 500 and FTSE 100 companies. There has been a 20% rise in dark net listings since 2016. Custom built malware outnumbers off the shelf varieties by two to one. Dark net vendors are not secretive; 60% of those contacted by researchers offered access to multiple networks, and 70% offered to talk on encrypted applications beyond the reach of law enforcement.
The most frequently targeted industry is banking, followed by e-commerce, healthcare and education.
The use of custom malware means that businesses cannot rely solely on detection as their systems will not recognize it. Organizations need a defense in depth cybersecurity system that can identify, isolate and contain malware.
On the positive side, organizations, researchers and law enforcement can use the dark net to gather intelligence and monitor threats. As in so many areas, the best defense is a good offense.