Skip to content

Illustration by Security Management

A Look at the Cyber Criminal Marketplace

The dark web houses the equivalent of a cyber criminal candy store, and it remains open for business through the global COVID-19 pandemic. Cybersecurity firm Armor just released its annual examination of trends in the seedy underbelly of the Internet, finding that prices remain largely steady or have fallen slightly for some products while the offerings continue to evolve.

“Today, the underground economy, comprised of stolen credentials, malicious software, bullet-proof hosting, tools for financial fraud, and more, continues to grow across hundreds of dark web markets, some claiming to have as many as 1 million monthly visitors" according to 2020 Dark Market Report: The New Economy. "These markets are key drivers in the adoption of cryptocurrency and encrypted messaging—technologies with enormous potential that also challenge our notions of money and privacy.”

Front and center in the report is a two-page price list. Want a cloned ATM card? You’ll pay based on the balance in the account: $300 to $450 for a balance of $5,000; $850 - $1,000 for a balance of $15,000. Need to pick up some ransomware? The market for what the report labels “various generic ransomware” is $1.99 to $6.50. Looking to hire someone to launch a denial-of-service attack on a medium-sized website? Be prepared to shell out the hefty sum of $250.

The report noted two categories in particular in which prices fell compared to the 2019 report. Remote Desktop Protocol (RDP) service enables users to log into office computers from remote locations and allows IT staff to access staff computers. A criminal hacker tool searches for open, internet-facing servers running an RDP service and uses “a brute force, password spray attack” to try to obtain working credentials. The cost of RDP credentials fell as much as 25 percent, from $20 to $24 in 2019 to $16 to $25 in 2020—and the report noted a marked increase in the number of sellers. An article from ZDNet posits that the price reduction may be directly relatable to an increase in remote work due to the COVID-19 pandemic.

The other category seeing a price drop is good old credit card data. This year, prices ranged from $70 to $110 for U.S. cards, falling nearly as much as 20 percent from last year. In Europe, the lowest prices found fell 25 percent, from $120 to $90. The report speculates that the pandemic may be behind this price decline as well, a result of the worldwide economic decline.

Here are two trends the Armor researchers uncovered that you can learn more about in the report:

Ransomware evolves: Late last year, criminals started copying organizational data before encrypting it, giving them additional leverage by threatening to release the data. As if on cue, a headline in yesterday’s Wall Street Journal reads: “Hacker Releases Information on Las Vegas-Area Students After Officials Don’t Pay Ransom.”

Hacker accountability: As the marketplaces evolve, so does the supporting infrastructure. Journalism focused on cyber crime and hackers has emerged, discussing tools and techniques complete with profiles and rankings of hackers and their wares. Banner and text-based ads are, of course, available. There are also exchanges with ratings and validators built into the exchange.

And because I just cannot not write about it, here are two more trends in the report that capture the bizarro nature of hacking and cyber crime:

Compromising ethics: One ethic the report describes is that in some regions, hackers did not sell information that compromised citizens of that region. Russian hackers act this way, as do Ukrainian hackers. The researchers found a marked increase in the violation of this ethic, speculating that the economic decline might be fueling it.

Pizza theft: Criminals are trying to profit off loyalty rewards programs, including those for pizza orders. A medium, two-topping pizza is worth 60 Domino's points in its loyalty rewards program. A hacked Domino’s Pizza account with 60 to 120 points goes for $1.99, according to the report.

October is Cybersecurity Awareness Month, and ASIS has pulled together resources to aid security professionals in this important area. The page includes links to a series of webinars throughout the month, beginning with a free webinar on 1 October on “Cybersecurity: High-end Resources on a Low Budget.”