Some cyber criminal tools and services have never been cheaper on the dark Web, reveals research by Trend Micro, which claims the prices for credit card numbers and botnet rentals have plummeted over the past five years.
The whitepaper, ‘Shifts in Underground Markets’ looks at a variety of dark Web marketplaces and underground cyber criminal forums, scrutinising trends and market movements within these selling environments.
Prices for various commodities have fluctuated since Trend Micro’s 2015 reports on the Russian and English underground.
Five years ago, generic botnets started selling at around US$200 in Russian underground forums, but cost only biout US$5 roday. Similarly, US credit cards were sold at US$20 in 2015, but prices start at a mere US$1 in 2020.
“The cost of some services and goods remained relatively stable,” says Trend Micro. “Ransomware has not changed — ransomware-as-service prices still start at US$5. Crypterlocker, which has been around since 2013, continues to demand a high price (around $100). Scanned document services, such as copies of driver’s licenses, passports, and bill statements, still start at US$5 — similar to the prices in 2015.”
Malware as a service
The cost of remote access tools (RATs) didn’t change much, starting at US$2 for malware-as-a-service (MaaS), and the NJRat, which has been around since 2012, is still found in multiple language forums for free. Online account credentials are still priced at around US$1, and the price of spam services has not altered much but is being sent in SMSes rather than e-mails.
A striking trend the company noted, is that accessible MaaS services for RATS, crypters, botnets and ransomware are on the rise, as the MaaS model delivers the full package, including infrastructure, support and updates. “These services are also affordable, with some MaaS offerings starting at around US$20 a month.”
Moreover, Trend says there is virtually no pricing barrier, and no major technical skills are needed for buyers to be able to set up attacks.
Language barriers
The research also highlighted that the cyber criminal underground is not as separated by language as much as it was five years ago.
“We spotted overlapping posts and cross-market advertising in forums of different languages. Russian actors regularly participated in English and Arabic forums, while Spanish actors participated in English forums."
It would also appear that attackers have taken a more global approach, as the research found that advertising in multiple language forums is essential if they wanted to earn more money.
“Still, the cyber criminal underground economy remains diverse, and different markets carry unique goods and services for the country or region to which they cater.”
A false plummet?
However, Ilia Kolochenko, founder & CEO ImmuniWeb, is of a different view.
“I think it’s a false plummet that substantially stems from a rapid proliferation of amateur and unskilled cyber criminals,” says Ilia Kolochenko, founder & CEO ImmuniWeb.
He believes that many young people have been earning a living by doing ad hoc programming and other IT work. “With the pandemic, demand for their services crashed, leaving them without a choice but to join the dark side. Unsurprisingly, their cheap services are often of substandard quality. When dealing with goods such as credit cards you will likely pay for blocked or expired ones or a duplicate that's already been sold to another client in the best-case scenario.”
Kolochenko adds that there are also several temporary fluctuations on the market due to the pandemic. One instance would be a dramatic reduction in card skimming attacks, which in turn would affect supply and demand.
“Most skilled cyber criminals feel very comfortable during the pandemic, enjoying countless new and unprepared victims and an innumerable number of exposed and unprotected devices and infrastructure,” he ends.
Share