For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analyzed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry.
Just as big businesses operate based on regulations, the laws of supply and demand, and even customer reviews, so does the black market. However, unlike the legitimate economy, the underground market is highly anonymized and can be difficult to access, with some sites requiring rounds of verification and removing users deemed suspicious.
“There’s no question that the Dark Web is filled with stolen financial information, personal records and tools for carrying out small- and large-scale attacks,” said Wayne Reynolds, vice president of security, Armor. “More surprisingly, threat actors have created a guide for each other at the expense of their victims. Cybercriminals have developed a world where someone’s identity can be stolen and their bank account wiped out in an instant.”
Similarly, the backbone of this industry is the tools, tactics and services made available. Researchers found one of the most profitable means of generating income is cybercrime-as-a-service. These flexibly-priced services range from DDoS attacks for $10/hour or $200/day to spam for-hire-services.
Remote access to compromised machines can be bought and sold for $13 a month, and exploits kits are rented for prices such as $80/day, $500/week or $1,400/month. Some sellers even offer their own version of customer support for their wares in the form of updates and troubleshooting for an additional price.
Everything available for sale
The cyber underground is riddled with stolen credit cards and personal data the way retail stores have shelves lined with products. Data from customers of major brands such as American Express, Visa and Master Card is readily available for $10 or less. Additional personal information found in these forums includes social security numbers, bank account information, as well as hotel and airline reward points.
But there is more than just malware, hacking services and credit cards for sale. Personally identifiable information (PII) and forged documents are up for sale to those trying to move across borders without detection. A Canadian passport and Ontario driver’s license was being offered for $1,000 for example. Meanwhile, passports, driver’s licenses, Visas, social security numbers and a slew of other PII ranged from $40 – $2,000 depending on the item or items being sold. Even compromised social media accounts have value as well – hacked Instagram accounts were seen being sold in bundles, such as $15 for 2,500 accounts and up to $60 for 10,000 accounts.
“The pricing models and overall barrier to entry for cybercrime is shockingly low,” said Reynolds. “However, the potential payout is worth the upfront cost, and the stable nature of underground market makes the investment worthwhile. Although it’s difficult to pinpoint an exact amount, we estimate hundreds of billions to trillions of dollars are exchanged through the black market almost every day. It’s imperative that individuals and legitimate businesses secure their environments and keep up with the evolving cyber landscape.”