Armor’s Annual Black Market Report Shows Cybercrime-as-a-Service is on the Rise
It is no secret that crime has moved online. Cybercrime has been identified as one of the biggest risks to society by the World Economic Forum Global Risk Report 2018. One of the primary drivers behind the boom in cybercrime is the ease of availability of hacking tools as well as a rising Crime-as-a-Service industry found on the dark web.
The Black Market Report 2018
Cybersecurity company Armor Defense published its 2018 Black Market report in which it highlights trends in cybercrime that businesses and individual should be aware of to be able to mitigate the potential threats.
Composed by Armor’s Threat Resistance Unit (TRU) research team, the report provides deep insight into the illegal marketplaces where cybercriminals buy and sell tools and information needed to commit a range of cyberattacks to provide a snapshot of the criminal underworld on the dark web where “compromised bank accounts and credit cards are sold and cybercrime-as-a-service is a hot commodity.”
Cybercrime-as-a-Service is a relatively new phenomenon on the dark web and entails services such as DDoS attacks, spammers-for-hire, or renting a botnet for an hourly, daily or a monthly fee.
“This all fits into a general trend where vendors offered services and access as opposed to source code for their malware. Threat actors are increasingly monetizing their wares by leasing access to botnets, exploit kits, hacked accounts or other items that they now want to make a regular income from,” the report states.
Moreover, many vendors have started to offer support and even code upgrades for their customers.
Hacking tools and services can be purchased for as low as $10 and as high as several thousand dollars. Buying a stack of hacked Instagram accounts, for example, will set you back only $10 dollars, a password-stealing software will only cost you around $50, and an Android malware leader is priced at $1,500. For aspiring cybercriminals, hacking tutorials can also be purchased for as little as $5 to $50.
Needless to say, the barriers to entry for cybercrime are extremely low, which is why organizations and individuals alike need to increase their focus on cybersecurity.
Credit Cards, Bank Account Information, and PayPal
Social security numbers, bank account details, and even hotel rewards points can be illegally purchased on dark web marketplaces. The most common staple of stolen information on the dark web, however, is arguably credit card information.
Credit card information is usually stolen using either credit card skimmers or infected PoS terminals and can then be purchased for as little as $7 and as much as $100, depending on the credit card provider and the geography, on the dark web.
Bank account information is another hot commodity on the dark web but is not as cheap to purchase as credit card data. According to Armor’s report, “credit card numbers will always be fixtures of the underground market. The same can be said of ATM cards and bank account information. The bigger the balance, the bigger the payoff for the seller.”
Depending on the bank balance, hacked bank accounts can be purchased for as little as $100 and as much as several thousand dollars for accounts with balances above $20,000.
The same principle applies to PayPal accounts too, which are another favorite for online scammers as there come with less prudent security measures than bank accounts and are, thus, easier to gain access to.
Airline and Hotel Rewards and Social Media Accounts
Perhaps the most surprising revelation of the Black Market Report is that hotel and airline reward points are also being bought and sold on the dark web.
For example, 100,000 airlines from a large U.S. airline can be purchased for a little under $150. Hotel rewards points are even cheaper. Criminals can purchase 150,000 stolen hotel rewards point for less than $140.
Another relatively new commodity being traded on the dark web are social media accounts. “Social media and other seemingly innocuous online accounts have more value than one might think. Compromising these accounts can allow an attacker to assume the victim’s online persona and use the account for spam campaigns, malware distribution and other activity,” the report states.
Aside from being able to purchase bundles of hacked accounts, cybercriminals can also buy account hacking programmes targeted at social media accounts.
How to Protect Your Data
Regardless of whether you are a business, a public sector institution or a private individual, cybercriminals are interested in your personal data as they can sell it for a profit. Hence, it is important to stay aware of trends in cybercrime and deploy practices for securing important data.
Armor recommends for individuals to download anti-virus software, not to click on suspicious links, update software regularly, not to re-use passwords and to be very cautious when accessing important accounts such as online banking or PayPal.
For institutions and businesses, Armor recommends providing cybersecurity training for all employees, encrypt important data, deploy patches for vulnerabilities immediately, monitor cloud usage, and to utilize security technology to keep bad actors at bay.
“Cybercrime remains big business. Even with occasional law enforcement takedowns like the recent effort against the Infraud marketplace, the sophistication of market operators makes the illicit buying and selling of goods on the Web difficult to stop which means big businesses, small organizations and home users alike need to follow security best practices and stay on guard to stay safe,” the Armor report concludes.