What Is Sold (and at What Price) on the Black Market Now
Yes, data is sold but so are data-based services, articles of incorporation, and attacks on your competitors.
September 16, 2019
A key part of security efforts is determining the value of information and goods on the black market in order to better gauge the risks for certain types of data. Two reports, one from Armor and another from IntSights, reveal what’s being sold on the black market and for how much in U.S. dollars.
The usual fare sold on the black market consists of the expected bank account credentials, credit card numbers, full identity packets for $40, and DDoS and spamming services. But Armor’s Threat Resistance Unit (TRU) research team took inventory on 12 different dark marketplaces under the Black Market umbrella to see what else was there.
They found some surprises on both English-speaking and Russian-speaking marketplaces. Among the unexpected were a service to erase a foreclosure from your credit report for $150, and another to have your competitor’s website taken offline for $60 an hour. Other surprises, the researchers said, included cash for pennies on the dollar, login credentials for unhacked Windows servers for use with Remote Desktop Protocol (RDP), and articles of incorporation.
Credentials for unhacked Windows RDP servers, a common point of entry for ransomware, start at $20 each. But criminals appear to be rapidly adjusting their business models to increase their earnings. Ryuk ransomware, which aims to steal confidential financial, military, and law enforcement files, is a prime example.
StealthBits’ Jeff Warren
“The most interesting thing to take away from this [Ryuk] malware is the simplicity in the techniques it leverages for identifying sensitive files; unfortunately, these techniques are likely to be highly successful,” said Jeff Warren, general manager of products at STEALTHbits Technologies.
“With nothing more than comparing file names to a list of 77 strings, the malware is able to identify and exfiltrate sensitive information. Without basic protections like encryption on these sensitive files, they are left completely exposed to anybody who is able to exfiltrate them. Moreover, the malware uses basic scanning to identify and mount additional shared folders, so anywhere a user has access is left completely vulnerable to these types of attacks,” Warren added.
Cybercriminals also are selling articles of incorporation and sole proprietorship papers to aid buyers in applying for an Employer Identification Number (EIN) and open a business bank account.
“A business bank account allows a criminal to move larger amounts of money in and out of the account, making it less likely that the bank’s fraud alerts will be triggered,” according to the Armor report.
Further, for a mere $800 in Bitcoin, a buyer can get $10,000 transferred to a bank account of their choice or wired to them via Western Union. This is the stuff of a perfect money-laundering or money-theft scheme.
Armor’s Chris Hinkley
“For those scammers who don’t possess the technical skills and a robust money mule network to monetize online bank account or credit card credentials, this is an offer that can be very attractive,” said Chris Hinkley, head of Armor’s TRU Team.
The threat actors are still selling financial account and credit card credentials outright, Hinkley added, “but this clever service gives them an additional channel for monetizing the large amounts of financial data available on the underground. Plus, they still reduce their risk because ultimately, they are not taking possession of the stolen funds.”
The IntSights research team focused more on the Black Market value of digital browser identities, which can consist of …
… any number of digital fingerprints including IP address, OS information, time zone and user behavior. Genesis and Richlogs are two top dark marketplaces specializing in the digital fingerprints trade, according to the IntSights report.
Prices are based on the amount of login data a digital browser identity file contains.
“A user who has only a couple of sites in the cache will be sold for a few dollars. A user with dozens of sites can be sold for about $200-$250,” according to the report.
IntSights’ Ariel Ainhoren
“The level of intrusion into a victim’s life that digital identities provide is alarming. It’s not just credit cards, bank accounts or PII at stake. Digital identities offer threat actors the ability to almost completely take over someone’s online browsing identity. This includes everything from accessing expenses, to tracking daily travel routes, to seeing tax information. The bigger the victim’s digital footprint, the more they can be impersonated by a threat actor,” said Ariel Ainhoren, head of research at IntSights.
“Digital identities, as they are sold on Richlogs and Genesis, offer the whole digital fingerprint of an individual on a plate, providing endless opportunities for fraud, scams, theft and access to the victim’s personal life,” Ainhoren added.
Digital identity theft is a driver for biometrics as a defense. But even that data has been subject to hacks and has already become an additional element in digital identity theft.
“Companies that collect any data bear a responsibility to protect it; however, we’re breaking new ground for the ethical, legal and financial responsibility of organizations that do not effectively protect biometrics. Imagine if the Capital One or Equifax data breach included biometric data, how could most of America change their fingerprint?” said Humberto Gauna, information security consultant at BTB Security.
Read more about:
MSPsAbout the Author
You May Also Like