Cyber Crime, What is it worth?

Black market economy

Have you ever wondered what the financial incentive for cyber criminals is? Many experts are reporting a staggering $1 billion was taken in from ransomware alone in 2016 not counting the other options for cyber crime.

For years we have repeatedly seen stories in the media about shadowy criminals making purchases with your credit card online and the onus being put onto the financial institution to identify,block and refund these transactions. Today things have escalated drastically and the black market for information has a broad range of options from online reward point accounts, medical records, auction site accounts and tutorials for new people interested in cyber crime. This escalation also means that the responsibility for online security is shifting to the personal side instead of solely the vendor.

Below are a few examples of the many ways cyber criminals are making money online from your accounts and information. Whether they are taking a website down to stop trade, extorting hospitals with sensitive patient information, auctioning hacking tools and guides for new criminals or just use of your netflix subscription, there is a market for it and it is thriving.

• Bank details

Selling credit card numbers has been a classic source of revenue for cyber criminals. Although the market is starting to lean towards more specific details like medical records for social engineering and fraud purposes, credit card information is still a strong source of revenue.  As can be seen below from a 2016 McAfee report, full card and personal details for a little as $40.

“Everything is available. We see bank-to-bank transfers offered for sale, and the availability of banking login credentials.”

Bank credentials for a specific account to drain funds has a higher value which runs as a percentage of the account balance. Usually around 1% – 5% of the available balance.

• DDoS Rental Services

A DDoS attack will overload a victims website causing it to crash and prevent access until the attack stops. A frozen website can cause an instant halt to sales and have ongoing reputational damage. In 2016, 84% of Australian small and medium businesses are online with that percentage expected to increase in 2017.

The average cost to the victim of a DDoS attack is around $500USD per minute, the mean cost to the attacker is only $66 per attack.  The cost to launch a DDoS attack is so low that the barrier to entry for attackers is practically nil – and that means that any organization can potentially be the target of a DDoS attack. What is a DDoS attack?

Russian DDoS advertisement

• Exploit kits

Exploit kits are designed to be a ready to launch hacking tool, with many different variations available online for the budding cyber criminal to purchase and start causing mischief. One case of a student in Virginia, USA is facing a 10 years prison sentence after creating a key logger tool which records keystrokes and ultimately account information on the victim’s system. The student offered the nefarious tool for sale at $35 USD and sold to around 3,000 people who, in turn, infected over 16,000 victims, the U.S. Attorney’s Office said.

Using those numbers, his personal incentive for the key logger tool was approximately $105,000 USD which is certainly an attractive figure for any would-be cyber criminal.

Ransomware is malicious software which once it has infected a system the software will encrypt important files rendering the operations frozen until the victim pays a ransom usually demanded in bitcoin. Multiple ransomware kits have been found for rent in online marketplaces for as little as $1,000USD a month or $100USD for 48 hours.

Insure your business against cyber crime.

Get a quote today!

• Online rewards programs

Online rewards programs such as account information for airline points have also been found for sale on cyber crime marketplaces. According to the report 300,000 airline points for as low as $90USD which is very concerning after the recent reveal that 90% of airline booking systems are insecure.

“Flight bookings worldwide are managed by the so-called Global Distributed Systems (GDS) that connect travel agencies, online booking websites, airlines and passengers. Amadeus, Sabre, and Travelport, the three largest GDS networks, administer more than 90 percent of the bookings as well as numerous hotel, car, and other travel reservations, according to Security Research Labs (SR Labs), a Berlin-based hacking research collective.”

• Compromised organisation & infrastructure access

Other types of data for sale include access to systems within organizations’ trusted networks. The types of entry vary, from very simple direct access (such as login credentials) to those that require a degree of technical competence to carry out (such as vulnerabilities). We can see the availability of vulnerabilities that allow potential buyers access to bank and airline systems located in Europe, Asia, and the United States.

A recent report by cyber crime expert Idan Aharoni suggests that the types of systems criminals sell access to now include critical infrastructure systems. In his article “SCADA Systems Offered for Sale in the Underground Economy,” Aharoni included one example in which a seller provided a screenshot that appears to be a French hydroelectric generator as evidence that the seller had access.

Stolen enterprise data is also for sale, we have seen sellers offering data stolen from a university.

• Medical Records

One of the fastest growing areas of data theft is the medical industry. Client records have been shown to be extremely valuable in the black market community for a number of reasons. One reason is the level of detail which medical records hold. Most medical records hold sensitive information which financial institutions are not privy to for example full name, age, family history, government ID numbers and other details used for social engineering.

Another reason medical records have increased in value is their extortion value to the holding hospital or medical practitioner. “A breach happens at one of these companies. The hackers go direct to that company and say, ‘I have your data.’ The cost of keeping this a secret is X dollars and the companies make the problems go away that way,” said Greg Virgin, CEO of the security firm RedJack.

• Online Subscription Services

Netflix, HBO, Spotify, etc are just a few of the online subscription services for digital content that are available to purchase for a low as $1 USD. High demand for these accounts can be seen from the widespread listings in the marketplace despite their seemingly low value.

video streaming services are in high demand. Even premium professional sports streaming services can be purchased for $15. We also found other online accounts being sold, including lifetime subscriptions to premium pornography accounts, as well as free referral links to the dark web market Agora.

Insure your business against cyber crime.

Get a quote today!

It is unclear how 2017 will unfold with reports already saying 123456 is still the world’s most popular password but if that is any indicator of the state of personal security, 2017 is going to be a very lucrative year for cyber criminals.