Dark Web Markets for Stolen Data See Banner Sales

credential stuffing cyberattack

Report reveals a booming business for Dark Web vendors selling everything from emails to hacked crypto accounts.

Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs.

That leaves these thriving dirty data dealers in a familiar predicament — they need to lock down their growing businesses for added privacy and security.

“As predicted, there is much more volume being sold now compared to last year, with fake-ID and credit-card vendors reporting sales in the several thousands,” the report said. “Not only quantity, but the variety of items to purchase has grown as well, such as hacked crypto accounts and web services like Uber accounts.”

Brandon Hoffman with Netenrich explained to Threatpost that he expects these Dark Web marketplaces to continue to look more like their legit counterparts.

“The parallels between Dark Web markets and standard consumer markets continue to grow,” Hoffman said. “As can be seen in this report the market on the Dark Web is starting to follow standard economics. If there is a huge influx in inventory, the price goes down as long as demand remains somewhat steady. If there is a set of inventory with strong demand but the product is deemed to be of higher quality there is premium on that product.”

A private database of 122,000 U.S. dentists will run about $50 on the Dark Web, while credit card details for an account with a balance up to $5,000 costs about $240, according to the report, which scoured hundreds of vendors selling stolen data.

What is Stolen Data Worth?

While the going rate for some types of data, like PayPal credentials, have dropped because they have become so common, the value of cloned credit cards and personal information about the cardholder shot up, the report found.

An example of stolen data listings online. Click to enlarge. Source: Privacy Affairs.

“The price increase is most likely due to a combination of factors, like the increasing risks of attaining the information, the increasing benefit for buyers to use the information, the increased quality/accuracy of the card data, or just good ol’ inflation,” The report said.

Last year, the price of a cloned Mastercard with PIN was about $15, the report said. This year, it’s $25, with comparable rise in rates across cloned credit cards. Hacked cards from the U.S. with CVV data included are the cheapest, at around $17, because there’s a high supply. Israeli cards are the most valuable, fetching $65 each.

The rise in this area of the business has inspired vendors to adopt more traditional sales techniques, like an 80 percent guarantee on the stolen data, meaning only two out of every 10 cards will either fail or have less than the expected available balance, the report explained.

Hacked Crypto Accounts Bring Big Bucks

The rise of cryptocurrency has made hacked crypto accounts hugely valuable in these Dark Web marketplaces, the report said. “Due to the skyrocketing prices of Bitcoin and other cryptocurrencies, hacked accounts may hold large sums of coin-based currency and cash, protected by relaxed security measures after the initial verification process.”

The average price for a hacked Coinbase-verified account is $610, the Dark Web Price Index said.

Social-media credentials lost value over the past year, thanks in large part to the implementation of multi-factor authentication (MFA), forcing potential threat actors to use time-consuming social-engineering tactics instead, the report found.

Services like video streaming, Uber and even FedEx accounts are up for sale in these marketplaces too. You can score a hacked Uber driver account for $14 or a one-year Netflix account for $44.

Physical forged documents are by far the most valuable, followed by document scans and even counterfeit money, which is popular on these Dark Web marketplaces, some of which are sold with a guarantee to pass the UV pen test used at many retailers, the report said. The most valuable forged document according to the Dark Web Pricing index was a Maltese passport, which costs about $6,500.

 Malware and DDoS Attacks

Researchers also looked at malware and distributed denial-of-service (DDoS) attacks for sale on the Dark Web.

“This increase in ransomware attacks are not only from criminal organizations; those with limited resources and technical abilities can also initiate less sophisticated ransomware attacks that can prove quite lucrative,” Kristina Balaam with Lookout explained to Threatpost by email. “Now, we have more individuals attempting to compromise users. They rely on the Dark Web to purchase the products that allow them to accomplish this.”

The added that demand, along with the rise in ransomware payments, is contributing to its price, Balaam added.

“With an increasing demand in malware products, malware authors can increase their unit prices and cybercriminals hoping to take advantage of our new online lifestyles are willing to pay,” Balaam said. “We’re seeing this reflected in the increasing malware prices in this report.”

Dark Web Marketplaces Need Security

With the volume and value of stolen data growing by leaps and bounds, it was only a matter of time before everyone else caught on, including the cops and other cybercriminals.

“In an effort to mitigate detection and tracking by law enforcement, the Dark Web is moving towards increased security on all ends,” according to the report. “The markets have abandoned Bitcoin (BTC) as it is not secure, and vendors are demanding buyers to use Monero as payment and communicate only through PGP encryption.” Pretty Good Privacy (PGP) is an encryption system dating to 1991 that’s used for both sending encrypted emails and encrypting sensitive files.

This year marks a real milestone in these marketplaces coming of age, Austin Merritt, an analyst with Digital Shadows, told Threatpost.

“This past year has been an incredibly unique time for Dark Web marketplaces, since overall supply and demand have increased with novel cybercriminal opportunities made possible by the chaos of COVID-19,” Merritt said. “Outside of market conditions, law-enforcement seizures of marketplaces, forum closures and increased competition among sellers have also added to the unpredictable nature of the landscape.”

End users are likewise encouraged to harden their security stance against cybercriminals with smart security like anti-malware tools, password hygiene and being aware of skimmers. But Privacy Affairs stressed that understanding the value of the personal data people use every day might help them think twice about their everyday practices.

“Since most of us do not spend our time shopping in these marketplaces, the most important takeaway from this research is an insight into how valuable personal data can be,” Merritt said. “It also serves as a reminder for individuals to adopt multi-factor authentication when available, monitor account activity, and critically evaluate inbound emails, texts and phone calls from suspicious sources.”

Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community:

Suggested articles