DallasMarch 20, 2018 –  Proving the life of cybercrime does pay, Armor, today released its Black Market Report, exposing the hacker underground and detailing popular tools and services cybercriminals are peddling, as well as what types of data hold the most value. For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analyzed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry.

Just as big businesses operate based on regulations, the laws of supply and demand, and even customer reviews, so does the black market. Armor’s research highlights the pricing models, market rules, customer support and other services within this exclusive community of thieves. However, unlike the legitimate economy, the underground market is highly anonymized and can be difficult to access, with some sites requiring rounds of verification and removing users deemed suspicious.

“There’s no question that the Dark Web is filled with stolen financial information, personal records and tools for carrying out small-and-large-scale attacks,” said Wayne Reynolds, vice president of security, Armor. “More surprisingly, threat actors have created a guide for each other at the expense of their victims. Cybercriminals have developed a world where someone’s identity can be stolen and their bank account wiped out in an instant.”

Similarly, the backbone of this industry are the tools, tactics and services made available. Armor TRU researchers found one of the most profitable means of generating income is cybercrime-as-a-service. These flexibly-priced services range from DDoS attacks for $10/hour or $200/day to spam for-hire-services. Remote access to compromised machines can be bought and sold for $13 a month, and exploits kits are rented for prices such as $80/day, $500/week or $1,400/month. Some sellers even offer their own version of customer support for their wares in the form of updates and troubleshooting for an additional price.

The cyber underground is riddled with stolen credit cards and personal data the way retail stores have shelves lined with products. Data from customers of major brands such as American Express, Visa and Master Card is readily available for $10 or less. Additional personal information found in these forums includes social security numbers, bank account information, as well as hotel and airline reward points.

But there is more than just malware, hacking services and credit cards for sale. Personally identifiable information (PII) and forged documents are up for sale to those trying to move across borders without detection. A Canadian passport and Ontario driver’s license was being offered for $1,000 for example. Meanwhile, passports, driver’s licenses, Visas, social security numbers and a slew of other PII ranged from $40 – $2,000 depending on the item or items being sold. Even compromised social media accounts have value as well – hacked Instagram accounts were seen being sold in bundles, such as $15 for 2,500 accounts and up to $60 for 10,000 accounts.
“The pricing models and overall barrier to entry for cybercrime is shockingly low,” said Reynolds. “However, the potential payout is worth the upfront cost, and the stable nature of underground market makes the investment worthwhile. Although it’s difficult to pinpoint an exact amount, we estimate hundreds of billions to trillions of dollars are exchanged through the black market annually. It’s imperative that individuals and legitimate businesses secure their environments and keep up with the evolving cyber landscape.”

For more information on this underground industry and how to protect yourself, you can view Armor’s research, “The Black Market Report,” here.

About Armor  

Armor protects customers’ vital assets and helps prevent data breaches through managed multi-layer security for public and private clouds. The Armor team also applies extensive military cyber security experience for proactive threat detection, response and remediation. Forward-thinking organizations trust Armor for data security and compliance to stay ahead of cyber threats in the cloud. To learn more, visit www.armor.com or follow @armor.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals