RIO DE JANEIRO, BRAZIL – Stolen data, weapons, drugs and particularly cybercrime services are not only moved via dark channels but are also offered via illegal platforms and relevant forums in the dark realms of the cyber world.
The criminal services on offer are simplifying cyber attacks and are now available at surprisingly low prices, as investigations of illegal marketplaces in Darknet and Deepweb have shown.
According to a report by the Texas web security company Armor, stolen credit card information can change owners for as little as US$15 to US$20; ransomware for carrying out blackmail hacker attacks can be bought for US$225; DDoS attacks to shut down websites and servers are offered for US$60 per hour.
The company has investigated twelve relevant platforms and forums on the underground web.
US$25 for current account access
Complete personal data records, the so-called “fullz” with name, date of birth and address, which can be used for identity theft, can be purchased from US$4 to US$10 according to analysts at cybersecurity specialist Flashpoint. If banking or financial information is also included, up to US$65 is charged.
Criminals are able to buy access data for a current account with a credit limit of €7000 for US$175. A US bank account with a credit limit of US$10,000 only costs US$25. The same applies to forged passport documents.
Illegal trade with access data
The recent hacker attack on user accounts of the video streaming service Disney+, which was launched only a few days ago and subscribed by more than ten million users in the first 24 hours alone, shows that it is even cheaper.
Only a few hours after its launching, criminals hacked accounts and advertised them in forums for US$3 to US$11 according to a study by the American tech magazine ZDNet.
US$1.5 trillion dollar business
Last year, the online security service provider Bromium from Silicon Valley, together with criminologists from the English University of Surrey in England, estimated that the illegal dealings on the web had grown into a huge business.
The security experts believe that in 2018 alone cybercriminals generated worldwide revenues of at least US$1.5 trillion – more than the gross domestic product generated by Spain or Australia, for instance.
According to the study, the flourishing cybercrime business is mainly fueled by the development of “platform crime”, which makes cybercrime as easy as online shopping. In addition to access data, numerous cybercrime tools, services and expertise are profitably distributed via criminal platforms.
Experts, therefore, speak of “cybercrime as a service” on the basis of the Software-as-a-Service business segment.
Cybercrime as a service: Simply engaging hackers
A hacker may be hired in underground forums for around US$200 to carry out a “minor” attack. For the same price, criminals have the option of buying customized spyware. Text message spoofing services for sending fake text messages can be used for US$20 a month.
Malware kits (“exploit kits”, US$200 to US$600) are more expensive, with which poorly skilled developers can create and distribute Malware. The so-called “zero-day iOS exploit kits” for exploiting software vulnerabilities on the day they are detected cost US$ 250,000.
The digital association Bitkom says that leisure hackers have evolved from formerly well-equipped cyber gangs with often very good technological skills. According to a study by the IT Association, the scope and quality of attacks on companies have increased dramatically.
Source: NZZ