A Quick Tour in the Web Black Market

rand-cyber-black-market.jpg

Black Markets are places on the web where it is possible to acquire or rent “malicious” services and products, these markets are growing fast and are becoming very popular in the criminal underground. Among the most commercialized products offered in the black markets there is user’s personal information, but which its value for cyber criminals.
 
Once selected the various types of personal information, the application shows potential markets where a data could be sold and related price.

A report published by the RAND corporation titled “Market for Cybercrime Tools and Stolen Data” provided useful information for product and services available in the principal underground markets. This Report was created by researching the markets and interviewing experts in IT security industry and in the following table the principal goods and services exchanged on the black market are listed.

What is important to note is that in recent years the market’s access has grown thanks to the fact that many people, even if they are not technically skilled, can buy services or goods already made to initiate their activities as “lamier”. The report also notes that:
“Markets tend to make activities more efficient, whether such activities are laudable or criminal  (or, at least, subterranean). The world of hacking can be seen as a market: Buyers seek the best price; sellers ply their wares or skills to make the most profit. This scenario is subject to typical market forces, with prices rising when demand is high and falling when it is low. Over time, good products squeeze out bad ones, and high-quality brands can command premium prices. Mergers and acquisitions occur, and deals get made between market participants who know and trust each other. ”

In the last 10 years the market has started to be organized and guided by the exchange of products and services between groups and individuals (diagram above).

The RAND report reveals that the money is closer to those who have technical ability, like a zero-day researcher, or malware writers. These individuals write or analyze malicious code sell exploits to trigger newly discovered vulnerabilities in principal software.
The report goes on to explain the various channels through which the products and services are commercialized.

The most important requirement for both buyer and sellers is the anonymity of the channel used for the transaction, for this reason black markets based on anonymizing networks (i.e. Tor, I2P) and using virtual currencies like Bitcoin to anonymize payments.

Some of the most important malicious effects of the black market over the last few years as indicated in the RAND’s report is where data from as many as 40 million credit cards and 70 million user accounts were hijacked, such data appeared within days on black-market sites. Other examples of attacks and their links to underground markets include: recent increases in the use of watering-hole attacks (where users visit popular, legitimate, but compromised websites) when clicked they infect a victim’s computer. 

Perhaps the hacker’s market is not “more profitable than the illegal drug trade”, as the RAND report suggests, but it is a big commercial opportunity for a large amount of people.  Anyone who has a computer can enter the market and start a business. The channels are pretty much secure and even if you do not look like a new Al Capone, if you want, you could be a “dark trader” of stolen credit card or a good broker of new zero-day vulnerabilities.
Security Affairs: http://bit.ly/1JD1NC4

« WhiteHat Security: Majority of Websites Are Vulnerable to Data Thieves
US spied on French presidents »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

CornerStone

CornerStone

CornerStone is an award winning, independent risk, cyber and security consulting firm providing a range of Risk Management, Security Design and Implementation Management Services.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Appknox

Appknox

Appknox is the world’s most powerful plug-and-play security platform that helps developers, security researchers, and enterprises to build a safe and secure mobile ecosystem.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.