Prices have been rising in the last two years for longstanding tools available on the Dark Web to help bad actors commit cyber attacks and fraud, alongside newer innovations that are emerging to bolster crimes like ransomware and SIM swapping, new research has found.
Keeping track of these trends in dark-web markets for the tools and data cybercriminals depend on to commit nefarious acts can be a key indicator of where the next attacks will occur, according to a new Flashpoint report, “Pricing Analysis from Goods in the Cybercrime Communities.”
“Tracking pricing trends within illicit marketplaces is an important barometer that can inform decision makers about threats and the risk they present to private-sector organizations, public-sector agencies, and law enforcement,” Ian Gray, director of analysis and research at Flashpoint, wrote a Tuesday blog post.
Gray, who also wrote the report, said that an understanding of how prices and demand for tools fluctuate in the market not only provides insight into new developments within the cyber-crime landscape, but also can help dictate response efforts.
Overall the report shows that while some cybercriminal tools remain fairly consistently priced and reflect the value of the crimes for which they facilitate, other pricing is wildly disparate and seems to follow no particular trend, according to the report.
“Prices can vary drastically across the [dark web], and the reasons for the discrepancies remain largely unexplained,” Gray wrote.
That said, the report saw “modest price bumps” for individual-related personal information available on the Dark Web, such as passports, payment card data, bank logs and “fullz”–which is slang for a full packet of someone’s personal information that a cybercriminal can use to commit fraud.
Fullz in particular remain a popular item on these illicit markets because they allow a bad actor to steal and profit from someone else’s identity, Gray wrote. A fullz generally include a victim’s name, Social Security number, date of birth, relevant account numbers and additional information.
The range for a basic package of info is typically between $4 to $10, which is a slight price raise since 2017, according to Flashpoint. Cybercriminals also can purchase a more robust package of info that includes a victim’s financial information for a higher price, in the range of $30 to $65, researchers found.
Passports also remain a “crown jewel” for cyber criminals on dark-web markets, but actual physical passports—which are priced the highest—are hard to come by, researchers found. Most of the passports available to cyber criminals on the Dark Web come in the form of a scanned copy where the vendor sends the buyer a digital scan of the passport with their information inserted, or a template for a U.S. passport where the buyer is free to input their own information, according to the report.
Other services that are slightly more expensive than they were two years ago are DDoS-for-hire and remote desktop protocol (RDP) access to hacked servers or tools, the report found. Exploit kits that provide code for taking advantage of vulnerabilities also showed an uptick in price, researchers found.
Pricing for DDoS-for-hire services in particular “has noticeably gone up,” most likely because content-distribution networks and high-value websites also have bolstered their protections against these attacks, Gray wrote.
In 2017, the pricing for a DDoS botnet, a network of infected machines used by botnet operators to carry out attacks, was $27 at the highest end of the price range. The current report saw prices for these attacks between $1 and $100, depending on bandwidth and duration, according to the report.
What are the top cybersecurity issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.