THREATLOCKER ZERO TRUST WORLD — A Zero Trust World 2023 keynote this week focused on how the dark web is essentially the Amazon of stolen data, and products and services easily accessible to anyone who wants to commit cyber crime.

Collin Ellis (pictured above), solutions engineer at ThreatLocker, gave the disturbing keynote on the dark web. Zero Trust World 2023 in Orlandofocused on zero trust security and how it can stop hackers from launching successful attacks that can result from stolen data.

Danny Jenkins, ThreatLocker’s CEO, closed out the conference by saying he’s taking with him feedback he’s received to keep improving.

ThreatLocker’s Danny Jenkins

“These tools are going to help you get more secure in your environment,” he said. “We’re here to take more steps forward in zero trust.”

The Flipside of Legitimate Social Media, Marketplaces

Ellis described how easy it is to access everything you need on the dark web for malicious hacking.

“As typical people, typical consumers, we think about how we use the internet, social media, the marketplaces that we shop at Amazon and so on,” he said. “And the dark web is a direct reflection of that in an almost malicious sense. They’re polar opposites, but they define the same type of sale, the same type of transaction. But the items, the the services, the people, the information you get to interact with is something that no one really knows about.”

Think about how easy it is, as an example, to go to Amazon and buy a charger cord, Ellis said. On the dark web, you can do the exact same thing and buy absolutely anything. That includes hacked passwords, hacked accounts, ransomware and malware for dollars.

“Bitcoin is what fuels it,” he said. “A lot of the cryptocurrency fuels that exchange. But it’s so simple and it takes minutes for someone to get access, connect to the dark web, make that transaction and then now doing anything maliciously that they see fit.”

More Gravitating to the Dark Web

The number of cybercriminals making use of what’s available on the dark web is growing, Ellis said.

“An example is Clop as a ransomware gang,” he said. “They don’t put up a paywall in the information that they’ve taken. It’s more of a flex to say, ‘We compromised this company; this is all of their information because they don’t care about their security.’ So what it allows the run-of-the-mill criminal to do without spending too many dollars and using their own resources is now they have all of your information to go ahead, take out new credit cards, new loans under your name and just leverage that as they see fit. So I like to describe it as …

… a never ending cycle. The company gets compromised. That data is out there for everyone to see, and anyone and everyone can abuse that information without a paywall.”

Cybercriminals will steal data just to prove a point, not necessarily to sell, Ellis said. That’s why no one should ever pay a ransom because even if they pay, the data is still out there.

“So it never stops,” he said. “I look at myself as a consumer. Between the school that I went to and the companies where I shop, my data has been taken quite a few times. You get these letters randomly of, ‘We had a data breach,; we apologize for the inconvenience.’ And that can’t stop anyone else from just misusing my information. The apology is great. Now I have an Equifax service for the next 10 years to monitor my credit. But there’s nothing else I can do about it in that regard. So that’s where really having that conversation, opening up the reality to let people know this is what the other side of the world looks like and you should really know what’s going on.”

For the Right Price, I’ll Ruin Somebody’s Life

With so much data easily accessible and available, hacking as a service is on the rise, Ellis said.

“There are two gentlemen that pop up on this, Vladimir and George,” he said. “And George basically said for the right price, which was about $7,500, I will ruin someone’s life financially and socially. They even advertise using child pornography as an attempt. And you think about that. What does that really mean for everyone else? Just as a regular person, you have people that might not like you, your business model or your competitors. That’s where the real threat lives, not just the attackers we think are coming from another country. We preach this concept of zero trust because it can be absolutely anyone. And that’s the reality.”

The idea is not to enable anyone nefariously because they have this information already, Ellis said.

“If we can bridge the gap for the engineers, especially the juniors coming up in this tech space, to understand how simple it is, then we get to make sure that from a zero trust perspective, that is just a fundamental everyone lives with,” he said.

2023 ThreatLocker Gold Partners

At the close of Zero Trust World 2023, ThreatLocker named its 2023 Gold Partners.

“ThreatLocker Gold Partners … show the highest level of security, a passion for helping customers, and aim to deliver higher and higher for their customers,” Jenkins said. “They’re going through the steps to make sure they’re doing everything and getting more secure.”

The 2023 ThreatLocker Gold Partners are: