The two main villains of the cyber security world are the nation state-backed Advance Persistent Threats (APTs) and cybercriminals, with their comprehensive infrastructure and circles known as the dark web. Both threat actors are independent, each with its own goals, actors and methods. However, over the years there has been quite a lot of cross-pollination between the two.
Since entering the spotlight, APTs have been using tools commonly sold on the dark web. Specifically, Remote Access Trojans (RATs) such as Poison Ivy, have been found in many APT incidents. This was common enough that many people have contested the term “APT” itself, as RATs were not considered “Advanced” (in reality, the “Advanced” in APT refers to the infrastructure behind the threat actor, i.e. a nation state). The use of various cybercriminal tools available on the Dark Web has been consistent throughout the years in APT cases where data exfiltration has been the goal.
Cybercriminals, on the other hand, also took a page out of the APT book. Fraudsters have always targeted the customers of financial institutions as they were considered the weakest link. Instead of trying to gain access to the secure networks of banks, they would instead use Phishing attacks to compromise their victims. Other organizations have been victimized by criminals hacking into their systems, such as e-commerce websites, in order to steal credentials, but breaching a bank’s systems was considered such an unattainable goal, that the vast majority of criminals would not attempt it.