This month Dell SecureWorks released its annual underground hacker markets report. For the past three years, intelligence analysts at Dell SecureWorks have been tracking underground hacking forums and gathering intel. The annual reports provide an interesting insight into the world of cybercrime, and reveal just how little hackers are charging to conduct attacks.
Underground Hacker Markets Report Reveals Wide Range of Corporate Data Being Openly Sold on the Black Market
The underground hacker markets report shows that hackers are selling all types of stolen data, including passports, Social Security cards, driver’s license numbers, bank account details, airline points accounts, and credit card numbers. The latter can be purchased for just $7, while physical Social Security cards are being sold for up to $250.
Hacking services are also being offered cheaply, with the hacking of websites costing around $350, DDoS attacks being sold from $5 per hour to $555 per week, and doxing for under $20. Hacking tutorials are even being offered with multiple sessions available for under $40.
Cybercriminals wishing to launch their own attacks are being offered a wide range of malware at low prices. Remote Access Trojans (RATs) are being sold at cut price rates of $5 to $10 a time. Crypters are being sold for $80-$440, and the Angler exploit kit is available for between $100 and $135. The hackers are also offering total confidentiality and customer support.
The analysts also discovered whole business dossiers being sold via underground forums. The dossiers include email accounts, bank account numbers, and a range of logins and passwords. Those dossiers are being sold openly for as little as $547. With the type of information contained in the dossiers, criminals could drain bank accounts and even apply for credit in company names.
BEC Scams Have Increased 270% In the Past 3 Years
In the past few years business email compromise scams have increased substantially. According to a recent warning issued by the FBI, between October 2013 and August 2015 BEC attacks increased by 270%.
BEC scams are proving to be extremely lucrative for cybercriminals. Figures from the FBI suggest that $1.2 billion has been lost to BEC scams since October 2013. Mattel recently discovered by accident that criminals had succeeded in pulling off a BEC scam involving a $3 million transfer to hackers in China.
The scam took place at a time when the company was undergoing a corporate change, and it would have been successful had the transfer been made on virtually any other weekend in the year. The fact that the transfer was made on a bank holiday gave Mattel time to stop the transfer going through.
Attacks on this scale may not be pulled off regularly, but they are far from unusual. One of the biggest BEC scam losses was reported by the The Scoular Co., recently. The Omaha-based company lost $17.2 million to BEC scammers.
Cybercriminals no longer need to personally gain access to corporate email accounts to pull off these scams. For a very small investment they can buy access to CEO and executive email accounts.
The Dell underground hacker market report indicates cybercriminals can purchase a U.S. corporate email account for around $500, while Gmail, Hotmail and Yahoo accounts can be compromised for around $129.