Darknet as a shopping mall: How cybercriminals cash in

Drugs, weapons, serious crime: the darknet is rightly regarded as an international hub for illegal activities. Hackers and cybercriminals are also increasingly using the digital black market as a buying and selling platform. This is the conclusion of security manufacturer ESET, which has scoured the darknet for current trends "Malware in itself is a lucrative business," says security specialist Thomas Uhlemann. "But now criminals are cashing in doubly by selling or renting out the successful tools after their attacks." Even inexperienced criminals are able to carry out dangerous attacks.

Malware with full service

Selling malicious code of all kinds is nothing new on the Darknet. With complete full-service offerings ranging from malware distribution and illegal infrastructure leasing to financial processing, no hacker's wish remains unfulfilled. Ultimately, the "customer" only has to decide what level of service he can afford. Even for those on a tight budget, there are enough opportunities to enter the market as a micro-criminal. "The days are definitely over when teenage pranks threatened the Internet. Cybercrime is a highly organized business - with service, marketing, advertising and detailed operating instructions, many gangs operate more professionally than many a legal business," says Uhlemann. Behind them are large international mafia-like gangs that have successfully made the transition from the analog world to the darknet.

Ransomware serves as an ideal example of this. A wide range of ransomware packages is available on the Darknet as if it were selling legitimate software. Updates, technical support, access to C&C servers and a range of payment options are just some of the features offered. Everything is possible, from a simple one-time purchase to a subscription. For example, "Ranion" offers subscription plans at different prices and durations. They start at 120 US dollars for just one month and end in an annual subscription for 900 US dollars per year - the luxury package costs 1,900 US dollars.

Rent infrastructure instead of buying

For malware distribution, criminals inevitably need servers to get the business rolling. Of course, they can also be rented - from criminals who certainly haven't asked the rightful owner for permission. There are several services on the darknet that deliver login credentials to servers all over the world via Remote Desktop Protocol (RDP). Prices are in the moderate range of 8-15 US dollars per server. User-friendly, the offered servers can be filtered by country, operating system and even payment sites accessed by users from that server. Nothing then stands in the way of sending ransomware or malware such as banking Trojans and spyware.

Denial-of-service attacks are also on offer. The price of these varies depending on how long the attack is to last (between one and 24 hours) and how much traffic the botnet can generate during that time. A three-hour attack is available from some providers for $60.

Oldie but Goldie: Sale of PayPal and credit card accounts

Cybercriminals who have already carried out successful phishing attacks usually do not take the risk of using the stolen accounts themselves. It is profitable enough and much safer for them to resell the accounts to other criminals. For this service, they usually charge about 10% of the total available balance in the stolen account. On top of that, some sellers like to show the tools and fake websites they use to conduct their phishing activities. "Due to the extensive anonymization and payment via Bitcoin, law enforcement agencies have a hard time arresting cybercriminals," balances ESET's Thomas Uhlemann. "In plain language, this means that because of the new possibilities, we expect to see more and more digital gangsters and even more attacks. Because the incentive to drive a Porsche without having to work, and to hardly get caught, attracts them.

Source: ESET