The cyber crime underground mirrors legitimate, big businesses and the way they operate, based on regulations, supply and demand - even going as far as customer reviews on their tools and services.
The main difference is that the underground market is anonymous, and access to it is both difficult and strictly controlled. Several sites require users to jump through several verification hoops, and any users viewed as suspicious are removed.
This was one of the findings of cloud security company Armor's Black Market Report, that examines the cyber-criminal underground and takes a look at the popular tools and services attackers are selling, as well as what types of data they find most valuable.
For three months, Armor's Threat Resistance Unit research team compiled and analysed data from the black market to reveal what type of activity hackers are participating in and how underground forums operate in the burgeoning industry.
The research takes a look at pricing models, market rules, customer support and other services within this dark community.
Cybercrime-as-a-service
Wayne Reynolds, VP of security at Armor, says the dark Web is riddled with stolen financial information, personal records and tools for carrying out both small and large-scale attacks. "More surprisingly, threat actors have created a guide for each other at the expense of their victims. Cyber criminals have developed a world where someone's identity can be stolen and their bank account wiped out in an instant."
He says the backbone of the dark market is the tools, tactics and services they peddle. One of the most profitable enterprises for cyber crooks is cybercrime-as-a-service. These services range in price from a few dollars to several hundred, such as distributed denial of service attacks carried out for $10 an hour or $200 per day for spam-for-hire-services.
"Remote access to compromised machines can be bought and sold for $13 a month, and exploits kits are rented for prices such as $80 per day, $500 per week or $1 400 per month." Certain sellers have even upped their game to include their own version of customer support for their tools. For an additional fee, they offer updates and troubleshooting, he says.
The dark market is also filled with stolen credit cards and personal data, much in the way retail shops have shelves lined with products, says Reynolds. "Data from customers of major brands such as American Express, Visa and Master Card is readily available for $10 or less. Additional personal information found in these forums includes social security numbers, bank account information, as well as hotel and airline reward points."
Cyber crime pays
Over and above the malicious tools, criminal services and credit cards on offer, personally identifiable information (PII) and forged documents are available for those trying to illegally move across borders.
"Passports, driver's licences, visas, and a plethora of other PII ranged in price from $40 to $2 000. Compromised social media accounts have value as well - hacked Instagram accounts are sold in bundles, for example, $15 for 2 500 accounts, and up to $60 for 10 000 of them."
"The pricing models and overall barrier to entry for cyber crime is shockingly low," says Reynolds. "However, the potential payout is worth the upfront cost, and the stable nature of underground market makes the investment worthwhile. Although it's difficult to pinpoint an exact amount, we estimate hundreds of billions to trillions of dollars are exchanged through the black market almost every day."
Lousy quality
Ilia Kolochenko, CEO of Web security company High-Tech Bridge, says there's nothing substantially new in the report, as cybercrime-as-a-service offerings have existed for a while already.
However, he says some additional technical details would be useful. "A WordPress exploit can easily cost a five-figure amount depending on the vulnerability's criticality, exploitability and its public status, such as whether it is zero-say or not. For $100, you will unlikely buy anything of decent value and quality. You might buy a SQL injection for an unpopular plugin."
According to Kolochenko, most of these publicly-traded goods and services are of poor quality. "Backdoors and Trojans are usually based on the same engine, slightly modified or improved. Stolen data is a mix of several dumps from different data breaches or leaks. Many fraudsters sell overt fakes or garbage."
He says professional cyber criminals usually transact via private, well-established channels, disguised as legitimate systems. Moreover, the rise in crypto-currencies, has seen money laundering virtually disappear, as cyber criminals can enjoy the fruits of their labours without fear of detection, he concludes.
Share