Shining a light on the dark web

Dark web marketplaces sell a plethora of tools, stolen data, and forged documents, and some of the things for sale are priced higher than the rest.

dark web selling

The most expensive records advertised

If we only focus on financial, identification and access data, the black market serves as an emporium for credit cards, bank account information, credentials that can be used to access companies through their VPNs and other means. The dark web also houses victims’ personal information, including national insurance numbers, passports, and their driver’s license details.

The SpiderLabs team discovered remote access credentials to be the most expensive records sold on the dark web. This is because programs and applications like RDP, SSH, FTP, VPN, or VNC enable threat actors to gain remote access to an enterprise network.

This doesn’t come as a surprise, because gaining access allows threat actors to do huge damage across an organization, from stealing money, corporate espionage, IT theft, seeding malware and planting ransomware.

Bank account details are also among the items that will fetch the highest price on the dark web. Pricing per account vary from $100 to $3000, and the price is tied directly to the amount of money that can be accessed through the account.

Purchasing bank account information allows the buyer to gain online access, along with the entry to the account and the routing number, as well as information on the owner’s name and signature, phone number and billing address. The owner’s IP address as well as the operating system used to access the account might also be included in the purchase. With that information, criminals could go to a financial institution and withdraw money in person, however generally the information is used for digital access of an account.

Various types of payment cards have different prices, which depend on the credit limit. Obviously, the higher the limit, the higher the price of the card. Credit cards are also one of the more expensive items that are advertised on the forums. Another factor that impacts the pricing of stolen credit cards is the reputation of the bank to detect fraud and how proactive it is in blocking the illegitimate use of cards. The credit cards of banks that block illegitimate use quickly will be sold at a lower price.

Along with different types of credit cards, threat actors also offer what is known as “fullz.” This includes additional personal information on the victim – their name, address, Social Security number, etc. – in one package. This helps the buyer use the stolen credentials effectively.

Why are data thieves selling records on the dark web instead of using them themselves?

With bank account details at their disposal, it’s natural to ask why the sellers aren’t using them themselves. The most straightforward answer is convenience: Threat actors often sell credit cards and driver’s licence information on a wholesale basis, which helps them avoid the time and trouble required to use these assets but still achieving financial gain.

Also, malware gangs typically divide their activities into different business roles. There are a couple of threat actors digging for information, some implementing cyberattacks, some selling stolen data or extracting user information, while some solely focus on using the data to obtain money. If a cyber gang does not know how to use the information that they have stolen, they will sell it to someone who does.

Criminals often sell credit card information in bulk, which helps them scale their business and maximize revenue. Moreover, investigations found that in many cases buyers do not get first-hand hacked data but receive data that has been previously sold to others. This could lead to conflict if the data is no longer viable or has already been used before. Some organized criminal groups offer refund policies for data that turns out to be unusable.

Cybercriminals might abuse the individual’s data to further gain access to their employer. For example, SpiderLabs finds ads on the dark web asking for access to a corporate network. Threat actors sometimes mention the industry they want to target, but the price to gain access is usually determined by the company’s revenue. Our researchers found an ad on the dark web asking $5,000 for access to a corporate network while another priced at $2,500 for VPN credentials of a Korean company with an estimated $7 billion in revenue.

Additionally, criminal gangs have a well-structured pricing model in place before selling any information on the dark web. They analyze how much profit their customers can make and decide the selling price of their items accordingly.

The price of bank details or credit card credentials depends on the country that the stolen information is from. For instance, there are different classes of credit cards (Classic, Gold, Corporate, World, Platinum, etc.) and they are sold between $30 to $140 in the US but for a slightly lower price in Europe and Asia.

Many criminal gangs are selling similar products on the dark web. So, what do different gangs need to keep themselves ahead of their competitors?

Creativity is key for criminal gangs

It is essential to understand that most of these gangs make their living by stealing information and selling it on the dark web. Cyber defenders try to learn from previous cyberattacks and analyze how threat actors might think to take effective measures to protect their enterprises.

Cybercriminals, therefore, need be extremely creative. They also need to update, adapt and modify their strategies to break into an organization’s perimeter. These gangs are highly technical and are always finding new ways to infiltrate an organization.

To them, adapting to newer strategies is all about profit, and it’s surprising to see the never-ending level of originality and sophistication as they constantly look for newer ways to carry out a breach.

Organizations must therefore put in extra effort to understand how they can stay a step ahead and defend themselves from these attacks. Gone are the days when organizations prioritized prevention, they must now focus on how they can reduce the impact should a cyberattack take place.

Minimizing the blow of a cyberattack

Network segmentation and regularly checking for anomalies will help an organization by limiting the access to their network.

A firm with employees that have a basic knowledge of cybersecurity can help recognize malicious content and help prevent an attack. Having a basic company-wide knowledge of cyber threats is imperative for an organization to have a strong security stance and hence a firm’s culture must adopt a healthy level of cyber knowledge.

Organizations must also embrace a risk-based approach. This will allow them to identify, prioritize, and manage security controls that are aligned with the risk management framework of an enterprise. It will help an organization recognize the top-tier high-risk information to help the company implement the necessary measures to minimize the impact of a cyberattack.

An enterprise must recognize who is responsible for certain information and the related security controls. This will help a business establish clear governance processes which will allow managers to understand where security controls need to be enforced. A solid cybersecurity strategy is needed to reduce the impact a cyberattack can have on an organization.


Criminals can buy and sell any kind of information on the dark web. The underground economy has developed a well-defined pricing structure, offering a bargain for cyber- attackers when the potential returns are considered.

Organizations and individuals must stay alert and be well trained in spotting suspicious content, which will in turn protect them from being subjected to any kinds of fraud. With the ever-growing rate and accuracy at which threat actors are planning their attacks, it has become necessary for organizations to not just keep themselves updated but also to be ready to combat any type of cyberattack.

Don't miss