Research conducted by Positive Technologies suggests that cybercrime markets on the Dark Web are thriving. Demand for malware, in particular, is around three times the supply.
Researchers analysed over 10,000 hack-for-hire and malware-related postings on 25 Dark Web market sites totalling around three million users. The analysis found that the demand for criminal malware products is growing at an alarming rate.
Experts from Positive Technologies examined the “completeness” of Dark Web offerings to establish whether advertised tools and services would be enough for a real attack. Additionally, they examined the falling barrier to entry, where they found that cybercriminals are no longer required deep technical knowledge and are capable of any type of attack given sufficient funding.
The low cost of cybercrime across the Dark Web is now enabling a new breed of cybercriminal, according to the research. It found that compromising a site and gaining full control over a web application may cost as little as £120. A targeted attack on a specific organisation can cost more than £3,400 depending on the difficulty of the task.
The most expensive software researchers examined was malware for ATM logic attacks, with prices starting at a bargain price of £1,135.
Dark Web Malware Demand
Currently, the demand for malware creation on the Dark Web exceeds the supply by three times, while demand for malware distribution is twice the supply. Both statistics point toward an alarming growth in popularity for malware, which has caused a number of high profile cybersecurity incidents in 2018 so far.
The current state of supply and demand is forcing criminals to consider new tools, creating a more readily-available supply chain of partner programmes that include “malware-as-a-service” and malware distribution-for-hire.
Hack-for-hire requests are becoming increasingly common, according to researchers. The majority of which involve finding site vulnerabilities (36%) and obtaining email passwords (32%).
From sellers, the most commonly-offered services focus on the hacking of social media accounts (33%) and email (33%). These numbers, Positive Technologies claims, are due to the growing interest in accessing and reading correspondence.
The leading type of malware available on the Dark Web was cryptominers, accounting for 20% of the total. Cryptomining malware has surged in popularity in the past 18-months, with high profile security breaches taking place in the UK.
In February, cryptomining malware took advantage of UK Government websites, including the Information Commissioner’s Office site. In all, more than 4,000 sites worldwide were believed to have been affected by this, which used the victim’s devices to generate cryptocurrency, Monero.
Hacking utilities (19%), botnet malware (14%), Remote Access Trojans (RATs) (12%) and ransomware (12%) have all seen a marked increase in popularity on Dark Web markets.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, said: “This research shows a burgeoning and evolving Dark Web market for cybercrime. As a consequence, approaches to cyber incident investigations have to adapt accordingly.
“It is important to take these findings into account when analyzing the techniques and tactics used for any particular incident. To have a deep understanding of attacker toolkits, defenders have to study the trends and tools found on the Dark Web before they show up on client systems.
“Perhaps Dark Web intelligence will even involve enabling preventive action, as increasing purchases of certain types of illegal software or services can indicate pending attacks.”