Inside the Big Business Of Cyber Crime

Uploaded on 2018-04-05 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analysed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry.

Just as big businesses operate based on regulations, the laws of supply and demand, and even customer reviews, so does the black market.

However, unlike the legitimate economy, the underground market is highly anonymised and can be difficult to access, with some sites requiring rounds of verification and removing users deemed suspicious.

“There’s no question that the Dark Web is filled with stolen financial information, personal records and tools for carrying out small- and large-scale attacks,” said Wayne Reynolds, vice president of security, Armor.

“More surprisingly, threat actors have created a guide for each other at the expense of their victims. Cyber-criminals have developed a world where someone’s identity can be stolen and their bank account wiped out in an instant.”

Cyber-Crime-as-a-Service

Similarly, the backbone of this industry is the tools, tactics and services made available. Researchers found one of the most profitable means of generating income is cybercrime-as-a-service. These flexibly-priced services range from DDoS attacks for $10/hour or $200/day to spam for-hire-services.

Remote access to compromised machines can be bought and sold for $13 a month, and exploits kits are rented for prices such as $80/day, $500/week or $1,400/month.

Some sellers even offer their own version of customer support for their wares in the form of updates and troubleshooting for an additional price.

Everything available for Sale

The cyber underground is riddled with stolen credit cards and personal data the way retail stores have shelves lined with products. Data from customers of major brands such as American Express, Visa and Master Card is readily available for $10 or less.

Additional personal information found in these forums includes social security numbers, bank account information, as well as hotel and airline reward points.

But there is more than just malware, hacking services and credit cards for sale. Personally identifiable information (PII) and forged documents are up for sale to those trying to move across borders without detection.

A Canadian passport and Ontario driver’s license was being offered for $1,000 for example. Meanwhile, passports, driver’s licenses, Visas, social security numbers and a slew of other PII ranged from $40 – $2,000 depending on the item or items being sold.

Even compromised social media accounts have value as well, hacked Instagram accounts were seen being sold in bundles, such as $15 for 2,500 accounts and up to $60 for 10,000 accounts.

“The pricing models and overall barrier to entry for cybercrime is shockingly low,” said Reynolds. “However, the potential payout is worth the upfront cost, and the stable nature of underground market makes the investment worthwhile.

Although it’s difficult to pinpoint an exact amount, we estimate hundreds of billions to trillions of dollars are exchanged through the black market almost every day. It’s imperative that individuals and legitimate businesses secure their environments and keep up with the evolving cyber landscape.”

Help Net Security

You Might Also Read: 

Cybercime Against UK Business Is Up 63%:

 

« Snowden Says Social Media Is Surveillance 'Rebranded'
The Cambridge Analytica Case Is A Red Herring »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

Northern Computer

Northern Computer

Northern Computer provides comprehensive IT solutions that streamline your operations and help you achieve your business goals.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.