The dark web is home to a large hive of shady online marketplaces where people can buy and sell all kinds of products and information. Beyond trading in physical items such as drugs and guns, these marketplaces offer stolen user credentials, credit card data, and hacking tools and templates. But one type of item in great demand are fraud guides.
Providing tips and tricks on how to hack organizations and scam people, these guides are a hot commodity precisely because they can help even amateurs learn how to become professional cybercriminals. In a report released Thursday, Terbium Labs looks at how fraud guides and other information are bought and sold on the dark web and how this activity impacts organizations and individuals.
SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened (cover story PDF) (TechRepublic)
Among the array of dark web marketplaces, three were covered in the report: “The Canadian HeadQuarters,” “Empire Market,” and “White House Market.” In its analysis, Terbium Labs found that these stores run very much like legitimate online retailers, such as Amazon and eBay. They offer search capabilities to track down the right product, e-commerce options to make buying easier, and even seller ratings to back up their claims.
Based on the analysis, fraud guides were the hottest product on dark web marketplaces, compromising 49% of the listings. Aimed at anyone from novice to experienced criminal, these guides typically require little or no prior knowledge on the part of the buyer to carry out an attack. Fraud guides can impact organizations by teaching people how to launch phishing attacks, business email compromises, account takeovers, and credential harvesting.
Fraud guides also come cheap. The average cost of a single guide was just $3.88, while a collection of guides was found under a single listing selling for $12.99. The average price across all listings was just $7.80.
Credentials for financial accounts and non-financial accounts are also much in demand on the dark web, collectively making up 20.4% of the listings found by Terbium Labs. These include usernames and passwords for bank and credit card accounts along with those for more general accounts. Selling financial account credentials can be a lucrative business with an average price of $33.16 per record. Though some sell for as little as $5, others go as high as $500.
The theft of account credentials can lead to account takeovers, fraud, and credential harvesting. By taking over an account, a criminal can update shipping addresses, change account passwords, make fraudulent purchases, and even transfer money to other accounts.
Another common item sold on the dark web is personal data, accounting for 15.6% of the listings. Personal data can include names, addresses, phone numbers, email addresses, ZIP codes, and even Social Security numbers. The theft of personal data is used to trigger phishing attacks, business email compromises, and account takeovers in which criminals can impersonate their victims. Like fraud guides, personal data comes cheap on the dark web. The average price for a single personal record was $8.45, but some cost as little as $1.00.
To supplement fraud guides, criminals also sell hacking tools and templates on the dark web. Accounting for 8% of the listings, these tools range from malicious mobile apps that mimic legitimate banking apps to phony HTML templates that help hackers create malicious websites to mimic actual banking sites. These vary in price from $2 to $724, with an average cost of $52.
“We routinely see stolen data for sale on these markets for surprisingly low prices, considering how expensive the consequences of stolen data can be to an organization,” Tyler Carbone, chief strategy officer of Terbium Labs, said in a press release. “The missing piece here is the way criminals buy that data and make use of available knowledge and tools to exploit it. It is incredibly important for organizations to detect and respond to stolen data earlier–when it’s at that ‘raw material’ stage–in order to reduce damage and prevent it from ever being used effectively as an instrument for expensive cybercrime.”