The dark web is a one-stop-shop for anyone looking to buy or sell illicit items including drugs, guns and ammunition, and other outlawed services including fake passports and cybercrime related services. Manipulating the anonymisation techniques, Darknet markets offer thousands of users a more straightforward method to buy and sell everything from credit cards to DDoS attack services.
A new survey by monitoring a plethora of dark web transactions occurred between 2017 and 2019 suggests that how the dark web is actively contributing to the global threat landscape.
The survey observed the most popular cybercrime marketplaces pricing range and pattern to figure out the prevailing trends of the deep and dark web.
Dark web a global threat
The detailed analysis has found out some shocking statistics truth about the money-motivated cybercrime industry is becoming affordable to the wannabe and amateur hackers to execute a massive cyberattack in exchange of a few dollars. For instance, you can buy a legitimate-looking US passport at just $18, or a Sweden citizen passport only at $5, or carry out a lethal DDoS attack by just paying between $1 to $100. The price range varies upon the bandwidth and the duration of the attack.
The wide range of available services can be grouped into four categories of cybercrime: selling compromised PII (Personally Identifiable Information), compromised financial information including bank logs and credit cards, forged nationality related documents and offering Cybercrime-as-a-Service.
DDoS Attack Services
Encouraged by the Software-as-a-Service business models, Cybercriminals are offering DDoS (Distributed Denial of Service) attacks service and bots since long. The price for the DDoS attacks usually varies on the bandwidth and duration of attacks and number of Bots the clients wish to have.
For lodging large scale DDoS attacks against Government and Enterprises, cybercriminals charges a hefty amount, while the price falls for the low scale attacks. The research claims, DDoS attack services are available at $165, while renting an HTTP-based IoT botnet for a day would cost $25. And if anyone wishes to hire a cybercriminal to lodge an attack against a given website, the cost would be around $250 for an attack for 5 hours.
Exploit Kits are widely popular for launching various type of malware, including ransomware attacks. For the uninitiated, Exploit Kits manipulates vulnerable software, including browsers, to spread malware. Using an Exploit Kit usually requires some knowledge of network and coding. But in the dark and deep web, the services can be availed at a daily rental between $80 to $100. The cybercriminals charge around $500-$700 for a week and between $1400-$2000 for a month.
In the cybercrime shop of the dark web, attackers are offering Remote Desktop Protocol (RDP) of various operating systems for remotely connecting to a system or network. The RDP hacks are available for sale for as low as $5 and can go up to $250. The RDP exploits are getting sold based on country, operating system, Admin access, already hacked, carding, and bank drops, to name a few.
CAV and Crypto's Services
The CAV or Counter Anti-Virus service and Cryptor services are another most popular item for sale on the dark web. The service offers you to stay your malware under the radar from any security software, anti-virus engine and firewall.
Credit Cards and passports
The analysts claimed Fulz or Full Package of personal information and fake passports are two most widely available services in the dark web. One set of Fulz offers the Social Security Number (SSN), bank account numbers and other personal details of a person. Fulz can be purchased at as low as $4, while a Fulz with victims financial information costs between $30 to $65.
For a US passport PSD (Photoshop Document) template is available at $18, and a package of driving license, passport and a few other certificates costs $1000. To know more about the detailed analysis, you can download the report from here.