Cybercrime , Fraud Management & Cybercrime , ID Fraud

Cybercrime Tool Prices Continue to Rise on Darknet Sites

Payment Card and Passport Data Are Most Sought-After Commodities, Report Finds
Cybercrime Tool Prices Continue to Rise on Darknet Sites

Over the last two years, prices for various cybercriminal and hacking tools have continued to rise on so-called darknet sites as attacks, such as ransomware, have grown more sophisticated, according to research published this week by security firm Flashpoint.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

In one example, the researchers noticed that the price of a distributed denial of service botnet ranged from $1 to $100 across various forums. This is an increase from two years ago, when the high-end prices for these botnets stood at about $27, depending on the bandwidth and duration of the attack, the report shows.

At the same time, payment card and passport data remain a sought-after commodity for criminals on these various underground forums, the research shows.

For example, Flashpoint researchers found that the price for so-called full identity packets - "fullz" - ranged from $4 to $10, a slight increase from when Flashpoint analysts conducted similar research in 2017. Fullz is a stack of information that includes details such as a person's name, social security number, date of birth, account numbers, which can then be used by fraudsters to commit identity theft and other cybercrimes, the study notes.

The report does note, however, that prices can vary dramatically across different forums, especially if cybercriminals are looking for something specific, such as a victim with a high credit score.

"Fullz with a credit score of 700 or higher are typically priced at $40," the report states. "In our previous survey, actors were soliciting $60 typically for credit scores of 700 or higher, while 800 or better were priced at $80."

Passports in Demand

At that same time, the report notes that passport data also remain a significant commodity on darknet sites, and that physical passports are the so-called "holy grail" of these forums since they are difficult to produce and extremely valuable to those committing identification theft and financial fraud.

The study notes that physical passports with additional forged documents to substantiate the passport's validity are being sold for $1,000 or more on various underground forums.

In most cases, passports are likely not used to create fake travel documents, but used instead to open up bank accounts and commit other types of financial crimes, says Ian Gray, director of Americas research and analysis at Flashpoint, who wrote the report.

"[Passports are] likely being used to create an identification document that can be used to verify name, nationality, or location when attempting to open a bank account for bank loan fraud," Gray tell Information Security Media Group. "These documents may not need to be shown in person when opening accounts, so a template or scan may be acceptable. However, it is unclear how effective these documents could be in attempting to open bank accounts and bypass [Know Your Customer] standards."

Prices May Vary

While prices for various cybercrime tools and stolen data have increased on average over the last two years, this trend is not universal across these various underground forums, which are typically only accessible through the anonymizing Tor network.

For instance, the price of exploit kits continued to stay stagnant between 2017 and 2019 as other tools and techniques have become more popular. In most cases, hackers are not buying but renting these kits either by the day, week or month, the report found.

The report found that exploit kit renting prices range from $80 to $100 per day.

At the same time, Remote Desktop Protocol access remains in demand on the darknet with prices ranging anywhere from $26 to $350 for access to a hacked service, the report shows. Recently, however, prices have fluctuated due to the take down of the Russian language cybercrime marketplace and forum xDedic Marketplace by an international police investigation (see: Stolen RDP Credentials Live On After xDedic Takedown).

In addition, on May 3, the FBI along with Europol took down dark web marketplace portals Wall Street Market and Silkkitie, which was also known as Valhalla Marketplace These types of law enforcement actions can cause even more prices to change (see: Darknet Disruption: 'Wall Street Market' Closed for Business).

"Several large marketplaces have either shut down, or been shuttered by law enforcement," Gray says. "The vendors may choose to keep price low in order to attract new buyers that may otherwise be deterred by the threat of law enforcement."

Thriving Underground

The Flashpoint report give credence to similar reports that have found thriving underground marketplaces for various hacking and cybercriminal tools despite increasing attention from law enforcement.

And while prices might be increasing, security researchers say most malicious tools and stolen data remain relatively inexpensive for those motivated to find them on the darknet.

In September, cloud security vendor Armor released its own report that found an array of offerings on these underground forums that included access credentials for bank checking and savings accounts, full identity packets, distributed denial-of-service and spamming services, stolen medical records, as well as remote desktop protocol credentials for as-yet-unhacked Windows servers.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.