The Dark Web Uncovered

2D7B266700000578-3276190-The_report_found_a_value_hierarchy_in_how_this_stolen_data_is_pa-a-7_1445014741932.jpg

The report found a 'value hierarchy' in how this stolen data is packaged, priced

A new report from Intel Security has shone a light on the shadowy world of Dark Web cybercrime markets, where everything from £1 Netflix accounts to critical infrastructure access is available.

The security giant’s McAfee Labs division revealed a cyber-criminal underground, which mimics the real world—with sellers offering guarantees on stolen cards, and 'disreputable' members of illegal forums named and shamed. Stolen credit and debit cards start at just $5 in the US, while online video streaming services are even cheaper, beginning at only $0.55.

Payment card info is there in abundance, with the basic package including account number, CV2 and expiry date. Prices then rise for additional information such as bank account ID number, date of birth, and billing address, which allows the cyber-criminal to conduct more types of fraud.

Other data bought and sold on such sites included bank log-ins, payment service account details and even loyalty card info, Intel Security claimed.

Hackers are even selling the means to launch cyber-attacks on large corporations or critical infrastructure systems. The firm’s EMEA CTO, Raj Samani, argued that these underground markets are extremely volatile, with the recent spate of data breaches having precipitated a huge decrease in prices.
“When a breach occurs, stolen card credentials flood the market and prices can plummet. One recent breach resulted in details for over 100 million cards being stolen and overnight prices tumbled,” he told Infosecurity.
“However, the breadth of information being stolen goes far beyond payment cards. Almost everything that you can imagine is being sold. In such an enormous marketplace, sellers are also undercutting each other to try to ensure that their stolen data gets buyers’ attention.”

Far from being hidden away on anonymisation platforms like Tor, many of these markets are easy to find, Samani added.
“A few seconds of digging using a standard search engine reveals that the majority of this data is not hidden away,” he claimed.

Nevertheless, businesses should get more proactive in investing in advanced intelligence tools to scour both surface and dark web for signs of stolen data.
“You can’t work to protect and retrieve information if you don’t know it has been stolen,” Samani argued. “Any measure to protect valuable corporate information falling into the wrong hands is a step in the right direction.”

Infosecurity: http://bit.ly/1KjRVcZ

 

 

« IBM's Watson Analytics - New Data Discovery
Attract and Retain Great Cyber Security Talent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.