A new report by HP Wolf Security, HP’s cyber division, reveals that cybercriminals’ dark net markets rely on dispute resolution services, escrow payments, guarantees and “license to sell” worth up to $3,000 to secure transactions “fairness”
The report presents the infrastructures according to which the trade is carried out, which include methods and services known from the world of legitimate online retail. In addition, the report shows that cybercriminals use “plug and play” malware that makes it easier to carry out the attacks.
Only last June, an attempted attack by malicious software was detected in Israel by sending an email that allegedly came from the Israel Postal Service to the email address. This AsyncRAT type of malicious software is actually a Trojan horse with remote access that can monitor and control the infected computer, which includes various data collection and disposal functions .
The researchers studied for three months the trading markets on the dark web in cooperation with the organization Forensic Pathways, one of the world’s leaders in the field of legal innovation. During the research, over 35 million markets and forums of cybercriminals were analyzed in order to understand how they operate, gain trust and build their image.
The main findings
Malware is cheap and readily available – over three-quarters (76%) of malware advertisements and 91% of exploits (a piece of software that exploits a security hole through code that gives attackers control over systems), retail for less than $10.
The average cost of acquiring passwords for compromised Remote Desktop Protocol privileges is only $5.
Only 2-3 percent of players in the dark web are advanced programmers – vendors sell bundled products with plug-and-play malware kits, malware-as-a-service, training and mentoring services that reduce the need for technical skills and experience Complex and targeted attacks.
77% of markets require a vendor bond and license to sell with prices reaching up to $3,000. 85% of markets use trust funds. 92% of markets offer a third-party dispute resolution service for cybercriminals.
Each marketplace provides vendor feedback scores – cybercriminals try to stay one step ahead of law enforcement by transferring reputation between sites – this is because the average lifespan of a Dark Net Tor site is only 55 days.
Cybercriminals focus on finding gaps in the software that will allow them to gain a foothold and take over the systems, by accurately locating known weaknesses in popular software such as the Windows operating system, Microsoft Office, various management systems, web content, web servers and mail.
Malware kits that exploit vulnerabilities in niche systems command the highest prices (typically between $1,000-$4,000). According to HP’s cyber experts. Zero Days vulnerabilities (those not yet known to the public) sell for about 10 thousand dollars on the dark web markets.
Report author Alex Holland, senior malware analyst at HP Inc.: “It has never been easier to be a cybercriminal. In the past, complex attacks required serious skills, knowledge and resources. Today, the technology and training are available for the price of individual liters of fuel.
“Ransomware has created a new ecosystem of cybercriminals that rewards small players with a share of the profits. This is how a production line of cybercriminals is created who launch attacks that are very difficult to defend against, and put all of our organizations in the crosshairs.”