A 34-page report published by Positive Technologies reveals a high demand for malware creation on the dark web: Three times greater than the current supply. The report is based on 25 Russian and English-based dark web sites with around 3 million registered individuals to reveal the most-popular malware in use today, the cost of attack services, and more.
“Such utilities are becoming increasingly available as a result of partner programs, malware leasing, and as-a-service distribution models,” the firm states. “This trend is not only causing a rise in the number of cyber-incidents, but seriously hindering investigative efforts to properly attribute attacks.”
What is the dark web? Of all the internet pages available on the web, only four percent are indexed in search engines. The remaining “hidden” pages fall into the “deep web” consisting of private forums, databases and other resources both legal and illegal. It’s this illegal portion that falls under the dark web banner: A place you should never, ever visit without full protection.
On the dark web you’ll find the “shadow market,” a place where illegal products and services are sold. Most of what you’ll find on this market can be split into four categories: Malware (ransomware, miners), Exploits (known, zero-day), Data (credit cards, banking), and Access (user credentials).
Currently, the most widely used malware is the cryptominer, which seizes PCs and mines digital coins for hackers. In second place are hacking utilities followed by botnet malware, Remote Access Trojans, and ransomware. The remaining 55 percent deals with creation and distribution.
On the pricing front, the most expensive “service” can cost more than $4,500 for attacking an organization, depending on the difficulty. Malware designed for attacking ATM machines has a starting cost of $1,500 while compromising a website to gain full control can cost a mere $150. But that’s just a sample: Any type of attack is possible if you have the funds, such as a DDoS attack for around $50 per day.
According to the report, the most requested hack-for-hire request is finding vulnerabilities followed by accessing email accounts. Social network account and email hacks are at the top of the commonly offered services list, as these attacks are supposedly the easiest to perform.
The report also notes the prison time you’ll receive for hacks and attacks. For instance, hacking the accounts of U.S. government officials will land you a five-year prison sentence while conducting a DDoS attack requires a minimum of one year in prison. If you want a long-term stay, managing a shadow service will place you behind bars for 35 years.
Positive Technologies ultimately points out that the fight against cybercriminals is only getting harder. Just in the first quarter of 2018 alone, the number of hacker-related incidents was up 32 percent versus the same quarter in 2017. The fact that the demand for new hacking tools is greater than the current supply is alarming enough.
A good way to protect yourself is to routinely change passwords, use two-factor authentication, biometrics, and/or use physical USB-based security keys.