Cyber attack software products for sale
17th January 2019
Cyber crime software products for sale
Many cyber crimes are executed by inexperienced criminals who purchase cyber attack software products and services from third party suppliers operating on the Dark Web. The availability of low-cost software tools and services is a key factor in the explosive growth in the number and success rate of current cyber exploits. They have also been shown to lower the ‘cybercrime entry threshold’ by simplifying the process, reducing the cost and making detection even more difficult.
Cost and availability of cyber crime services
The Positive Technologies, ‘The Criminal Cyberservices Market’ report provides a fascinating insight into the nature, cost and availability of essential hacker tools. The report details the results of a survey of the services of 25 of the most popular shadow trading platforms hosted on the Dark Web. These platforms have a combined total of more than three million registered users. 10,000 product and services adverts which were displayed over a period of 6 months were reviewed. Inaccurate or obviously fraudulent scams were excluded from the research activity. The minimum and an average cost of various tools were estimated together with supply-demand ratios. The technical capability of the services to deliver a full-scale cyberattack were also evaluated.
Low-cost highly targeted cyber attack
The diagram above shows common types of attacks and their minimum cost in US dollars. A targeted attack against an organisation, depending on its complexity, can start from $4,500, including hiring an expert hacker, leasing infrastructure, and purchasing the relevant tools. Hacking a site and gaining full control of a web application can cost as little as $150. Prices for targeted hacking of sites started from around $1,000.
Positive Technologies show that crypto mining software, hacking utilities, botnet malware, remote access Trojans (RAT), and ransomware Trojans are widely available in the shadow cyberservices market. The highest demand is typically for malware development and distribution. The market offers more than 50 different categories of goods and services, which together can be used to organise any attack.
What is the Dark Web?
The Dark Web is part of the World Wide Web that is only accessible by means of special software that allows users to remain anonymous or untraceable. Information on the Dark Web remains invisible to search engines such as Google and Yahoo and is usually viewed by an anonymizing browser called Tor. The Dark Web itself is not illegal but criminals use this resource to setup shadow trading platforms that sell illegal products or services which are illegal when executed.
Types of products and services
- Malware (ransomware, miners)
- Exploits (both known and zero-day vulnerabilities)
- Data (personal, accounting, payment)
- Access (web shells, passwords for sites or servers)
Stolen data and personal credentials
Stolen personal data is used by cyber criminals to execute additional (and profitable) cyber attacks or is sold to the highest bidder on the Dark Web. The US Department of Justice evidence used to prosecute the Ukrainian, Ruslan Yeliseyev, demonstrated that he trafficked the data from 62,000 stolen credit cards on Dark Web private chat rooms.
Data bought and sold on the shadow market can be divided into the following categories:
- Logins and passwords for various Internet services (social networks, online banks)
- Credit card information
- Personal data of individuals
- Financial statements and registration documents of companies
Positive Technologies found that user credentials accounted for 59%, credit card details for 24% and company documents for 17% of the total of data they found for sale.
Dark web Monitoring is recommended as a key element of an effective cyber security programme. A growing number of software vendors including RepKnight, Alien Vault and Rapid 7 are now offering solutions which include continual data searches, real-time alerting and watermarking.
I am pleased to confirm that Dark Web Monitoring has now been added to the Wizard Cyber CYBERSHIELD MDR-COMPLETE service package. Delivered using the Rapid 7 insightVM and insightIDR applications, it offers Dark Web data collection and real-time reporting on a 24/7 basis.