Dark web marketplaces sale a plethora of tools, stolen data and fake documents, and some of the things for sale are more expensive than others.
The most expensive discs announced
If we focus only on financial, identification and access data, the black market serves as an emporium for credit cards, bank account information, credentials that can be used to access businesses through their VPNs and other means. The dark web also contains victims’ personal details, including national insurance numbers, passports and driver’s license details.
The Spider Labs team discovered remote access credentials are the most expensive records sold on the dark web. Indeed, programs and applications such as RDP, SSH, FTP, VPN or VNC allow hackers to access a corporate network remotely.
This is no surprise, as access enables threat actors to wreak massive havoc in an organization, stealing money, corporate espionage, computer theft, seeding malware and the deployment of ransomware.
Bank details are also among the items that will fetch the highest price on the dark web. The price per account ranges from $100 to $3,000, and the price is directly related to the amount of money accessible through the account.
The purchase bank account information allows the buyer to access online, as well as the account entry and routing number, as well as information about the owner’s name and signature, telephone number and billing address. The owner’s IP address as well as the operating system used to access the account may also be included in the purchase. With this information, criminals could visit a financial institution and withdraw cash in person, but typically the information is used for digital access to an account.
Different types of payment cards have different prices, which depend on the credit limit. Obviously, the higher the limit, the higher the price of the card. Credit cards are also one of the most expensive items advertised on forums. Another factor that influences the pricing of stolen credit cards is the bank’s reputation for detecting fraud and its proactiveness in blocking illegitimate card use. Credit cards from banks that quickly block illegitimate use will be sold at a lower price.
In addition to different types of credit cards, hackers also offer the so-called “fullz”. This includes additional personal information about the victim – their name, address, social security number, etc. – in one package. This helps the buyer to use the stolen credentials effectively.
Why are data thieves selling disks on the dark web instead of using them themselves?
With bank details at their disposal, it’s natural to wonder why sellers don’t use them themselves. The simplest answer is convenience: threat actors often sell credit card and driver’s license information in bulk, helping them avoid the time and hassle of using these assets, while still making a financial gain.
Also, malware gangs usually divide their activities into different business roles. There are a few threat actors who seek information, some implement cyberattacks, others sell stolen data or extract user information, while some only focus on using data to get money. If a cybergang doesn’t know how to use the information it has stolen, it will sell it to someone who does.
Criminals often sell credit card information in bulk, which helps them grow their business and maximize their revenue. Additionally, investigations revealed that in many cases, buyers do not get first-hand hacked data, but receive data that has already been sold to others. This could lead to conflicts if the data is no longer viable or has been used before. Some organized crime groups offer refund policies for data that turns out to be unusable.
Cybercriminals could misuse the individual’s data to further gain access to their employer. For example, SpiderLabs finds advertisements on the dark web requesting access to a corporate network. Threat authors sometimes mention the industry they want to target, but the price of access is usually determined by company revenue. Our researchers found one ad on the dark web asking for $5,000 for access to a corporate network while another priced $2,500 for VPN credentials from a Korean company with a turnover of estimated at $7 billion.
Additionally, criminal gangs have a well-structured pricing model in place before selling information on the dark web. They analyze the profits their customers can make and decide the selling price of their items accordingly.
The price of bank details or credit card details depends on the country where the stolen information comes from. For example, there are different categories of credit cards (Classic, Gold, Corporate, World, Platinum, etc.) and they are sold between $30 and $140 in the United States but at a slightly lower price in Europe and Asia. .
Many criminal gangs sell similar products on the dark web. So what do the different gangs need to stay ahead of their competition?
Creativity is essential for criminal gangs
It is essential to understand that most of these gangs make their living by stealing information and reselling it on the dark web. Cyber defenders try to learn from previous cyberattacks and analyze how threat actors might think about taking effective measures to protect their businesses.
Cybercriminals must therefore be extremely creative. They must also update, adapt and modify their strategies to penetrate the perimeter of an organization. These gangs are very technical and always find new ways to infiltrate an organization.
For them, adapting to new strategies is all about profit, and it’s surprising to see the endless level of originality and sophistication as they constantly search for new ways to break through.
Organizations therefore need to work harder to understand how they can stay ahead of and defend against these attacks. Gone are the days of organizations prioritizing prevention, now they need to focus on how they can reduce the impact in the event of a cyberattack.
Minimize the hit of a cyberattack
Network segmentation and regular anomaly checking will help an organization by limiting access to its network.
A company whose employees have a basic cybersecurity knowledge can help recognize malicious content and help prevent an attack. Having a basic knowledge of enterprise-wide cyber threats is imperative for an organization to have a strong security posture and therefore a company’s culture must embrace a healthy level of cyber literacy. .
Organizations must also take a risk-based approach. This will enable them to identify, prioritize and manage security controls aligned with a company’s risk management framework. This will help an organization recognize high-level, high-risk information to help the business implement necessary measures to minimize the impact of a cyberattack.
A company must recognize who is responsible for certain information and associated security controls. This will help a company establish clear governance processes that will allow managers to understand where security controls should be applied. A strong cybersecurity strategy is necessary to reduce the impact that a cyberattack can have on an organization.
Criminals can buy and sell any type of information on the dark web. The underground economy has developed a well-defined price structure, providing a boon for cyber attackers when potential returns are taken into account.
Organizations and individuals must remain vigilant and well trained to spot suspicious content, which will in turn protect them from any form of fraud. With the ever-increasing pace and precision at which threat actors plan their attacks, it has become necessary for organizations to not only stay informed, but also be prepared for any type of cyberattack.