The Dark Web Uncovered

2D7B266700000578-3276190-The_report_found_a_value_hierarchy_in_how_this_stolen_data_is_pa-a-7_1445014741932.jpg

The report found a 'value hierarchy' in how this stolen data is packaged, priced

A new report from Intel Security has shone a light on the shadowy world of Dark Web cybercrime markets, where everything from £1 Netflix accounts to critical infrastructure access is available.

The security giant’s McAfee Labs division revealed a cyber-criminal underground, which mimics the real world—with sellers offering guarantees on stolen cards, and 'disreputable' members of illegal forums named and shamed. Stolen credit and debit cards start at just $5 in the US, while online video streaming services are even cheaper, beginning at only $0.55.

Payment card info is there in abundance, with the basic package including account number, CV2 and expiry date. Prices then rise for additional information such as bank account ID number, date of birth, and billing address, which allows the cyber-criminal to conduct more types of fraud.

Other data bought and sold on such sites included bank log-ins, payment service account details and even loyalty card info, Intel Security claimed.

Hackers are even selling the means to launch cyber-attacks on large corporations or critical infrastructure systems. The firm’s EMEA CTO, Raj Samani, argued that these underground markets are extremely volatile, with the recent spate of data breaches having precipitated a huge decrease in prices.
“When a breach occurs, stolen card credentials flood the market and prices can plummet. One recent breach resulted in details for over 100 million cards being stolen and overnight prices tumbled,” he told Infosecurity.
“However, the breadth of information being stolen goes far beyond payment cards. Almost everything that you can imagine is being sold. In such an enormous marketplace, sellers are also undercutting each other to try to ensure that their stolen data gets buyers’ attention.”

Far from being hidden away on anonymisation platforms like Tor, many of these markets are easy to find, Samani added.
“A few seconds of digging using a standard search engine reveals that the majority of this data is not hidden away,” he claimed.

Nevertheless, businesses should get more proactive in investing in advanced intelligence tools to scour both surface and dark web for signs of stolen data.
“You can’t work to protect and retrieve information if you don’t know it has been stolen,” Samani argued. “Any measure to protect valuable corporate information falling into the wrong hands is a step in the right direction.”

Infosecurity: http://bit.ly/1KjRVcZ

 

 

« IBM's Watson Analytics - New Data Discovery
Attract and Retain Great Cyber Security Talent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Ballistic Ventures

Ballistic Ventures

Ballistic Ventures is a new kind of venture capital firm, built by and for cybersecurity entrepreneurs and investors.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.