Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

underground market pricing

Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.

Cybercriminals are vying for Remote Desktop Protocol (RDP) access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing.

During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the disruption,” said researchers — and this has also been reflected on underground markets, where new services like targeted ransomware and advanced SIM swapping are popping up.

“As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces (DWMs),” said researchers in a Friday analysis. “Flashpoint has also observed what can only be described as impressive, shrewd innovation throughout the cybercrime ecosystem.”

2020 Reader Survey: Share Your Feedback to Help Us Improve

Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020. Meanwhile, the price of payment card “dumps” has also inched up from $24.19 in 2019 to average $26.50 in 2020.

Payment Card Costs Soar

While payment cards are sourced from online transactions and include card number, expiration date and cardholder name; dumps are usually sourced from malware-infected or skimmer-infected point-of-sale (PoS) terminals, and include magnetic strip track data.

Credit: Flashpoint

Researchers said that payment-card data pricing varies and is typically influenced by “freshness” (i.e., how recently the data was sourced), country of origin, availability of track 1 and track 2 magnetic strip data and expiration date. 

RDP Server Access in High Demand

Microsoft’s proprietary Remote Desktop Protocol (RDP), used to enable system admins to remotely connect to corporate machines, as well as for server updates, continues to be a cybercriminal favorite.

Credit: Flashpoint

RDP listings continue to grow in popularity throughout the cybercriminal ecosystem, said researchers. A successful RDP attack is lucrative for cybercriminals as it would give them remote access to the target computer with the same permissions, and access to data and folders, that a legitimate user would have.

On underground marketplaces in 2020, researchers found that RDP access pricing varies – global admin access costs $10, while hacked RDP costs $35.

Researchers noted that 2020 listings for RDP server access are less specialized, and cater to a broader audience. This can include packages that typically provide multiple RDP access options in one bundle.

“This can cover country-specific access, bank account or government ID information, among other options to execute or manage the access,” they said.


Meanwhile, DDoS-for-hire pricing appears to be on the rise since 2017, said researchers. DDoS-for-hire, known as “booter” services, make it easy to carry out DDoS attacks, flooding targets with internet traffic to overwhelm a site or IP address and eventually knock it offline.

While in 2017 researchers rarely saw standard DDoS-for-hire offerings exceed $27, in 2020 a 10-minute DDoS attack (60 Gbps) costs $45, while a four-hour DDoS attack (15 Gbps) averages $55. Meanwhile, a fully-managed DDoS attack costs $165. Researchers said, this price increase is likely due to several contributing factors.

Credit: Flashpoint

“First, taking down bigger websites must be custom-crafted due to improvements in DDoS protection offerings and widespread use of content distribution networks (CDNs), which are beyond the skills of all but the most advanced bot herders,” they said. “However, there are still instances where threat actors can successfully target larger websites, such as the takedown of Wikipedia via a DDoS attack in September 2019.”

DDoS-for-hire services that charge hourly rates are also becoming increasingly popular, they said.

“While booters…remain prevalent, the need for more hands-on support and customization make subscription service options more appealing to buyers,” said researchers.

Researchers also tracked listings for an array of other services. These include bank logs and routing numbers (ranging from $25 for a U.S. bank log with a $100 balance, to $55 for a U.S. bank log with a $4,000 balance). Researchers also looked at pricing for “fullz,” which are full packages of personal identifiable information (PII) on individuals, mainly used for identity-fraud schemes (ranging from $4 to $10, with Fullz including financial information being more expensive).

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles