Cyber criminals who aren’t savvy or skilled enough to create their own malware need look no further than the Dark Web. Up for sale on underground storefronts and forums are many of the tools any attacker needs to mount their own malicious campaign.
Though some of these tools are pricey, others can be had at relatively bargain basement prices. A report released Saturday by Privacy Affairs looks at the average prices for different types of malware.
For its “Dark Web Price Index 2020,” Privacy Affairs scanned an array of Dark Web marketplaces, forums, and websites to devise an index of average prices for a range of products. The site looked at different types of content, including malicious tools, Distributed Denial of Service (DDoS) campaigns, personal data, stolen account credentials, and forged documents.
- TikTok removed nearly 90 million videos globally in the second half of 2020In total, from July 1 to December 31 last year, … Read More
- Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyMastercard and MTN announced a strategic partnership to enable millions of consumers in … Read More
- Using lessons learnt in 2020 to combat the security threats in 20212020 saw a boom in cyberattacks with cybercriminals taking advantage … Read More
For malware, Privacy Affairs examined malicious tools installed on operating systems such as Windows and Android designed to give attackers access to the system. These tools are often installed via fake online casinos, social networks such as Facebook, and warez websites that offer pirated or copyrighted software.
In some cases, these malicious tools may be used to steal your credentials for a certain website; in other cases, they can use your computer for cryptocurrency and other activities. Privacy Affairs categorized these tools based on their quality, success rate, target region, and number of installs. All of the tools listed by the site are designed for 1,000 installs.
At the low end of the list, malware tools aimed at a global audience sell on average for as little as GHC4200. However, this particular batch is sold as low quality, slow speed, and a low success rate. Further up the line, a set of tools that target the US with medium quality and a 70% success rate goes for GHC54,000 on average.
Scaling higher, a set considered high quality aimed at Canada sells for GHC9000, while a high-quality batch aimed at the UK goes for GHC12,000. Tools aimed at Europe that are deemed high quality but aged sell for GHC8,400, while another set that targets Europe and is considered high quality but promoted as fresh sells for GHC13,800. Finally, at the high end is a set of premium malware tools that go for GHC36,000.
For its research, Privacy Affairs also analyzed DDoS campaigns. As listed for sale on the Dark Web, these types of attacks can help anyone easily take down a website by flooding it with more requests than it can handle.
- TikTok removed nearly 90 million videos globally in the second half of 2020In total, from July 1 to December 31 last year, the company said it removed … Read More
- Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyMastercard and MTN announced a strategic partnership to enable millions of consumers in 16 countries across Africa to … Read More
- Using lessons learnt in 2020 to combat the security threats in 20212020 saw a boom in cyberattacks with cybercriminals taking advantage of the coronavirus pandemic and … Read More
- Cybercrime and the pandemic – Read Now!A new report from BlackBerry shows that as our digital habits have changed over the past year … Read More
- Here is why enterprise security isn’t just an IT problemThey say a chain is only as strong as its weakest link; when it comes … Read More
In this area, a product designed to overwhelm an unprotected website with 10,000-50,000 requests per second for one hour sells for just GHC60. The same type of attack that lasts for a whole week goes for GHC2400, while one that runs for a month sells for GHC4800. A DDoS campaign aimed at a premium protected website with multiple elite proxies deploying 20,000-50,000 requests per second for 24 hours can be had for just GHC1,200.
Of course, the Dark Web being a shady underground, many of the sellers are scammers themselves, so the actual, verified prices are tough to determine without actually ordering a product. Buyers may not necessarily get a product at the advertised price, or they may not get a product at all in return for their money.
Beyond malware tools and DDoS campaigns, the Dark Web is brimming with stolen and hacked account credentials, personal financial data, forged documents, and counterfeit money, among other content. To protect your own accounts from theft, compromise, and identity fraud, Privacy Affairs offers the following advice:
- When answering your phone, make sure to never give sensitive information (such as your SSN, your debit card number, passwords) to anyone regardless of whether this is a requirement for some process. If it’s that important, do it in person.
- Whenever you visit an ATM, make sure the card reader doesn’t have a skimmer. Skimmers read a card before it’s inserted into an ATM, providing a criminal with a clone of your card’s magnetic strip. Skimmers are often made to imitate the material around the ports, but they’re delicately mounted so they’ll move when pressed with a small amount of pressure. Press around the sides of the card port and see if anything feels loose. Check for glue around the edges or tape. If you see any glue material, stay away from that ATM and call the bank. Similarly, if you have difficulty putting your card into the machine, stop trying and stay away from it.
- Check an ATM’s keypad by slightly lifting around its edges. Fake keypads are sometimes placed over the legitimate one to record your PIN. They’re often very loosely mounted. If it jiggles around a bit, or you notice the keypad is off-center, avoid using it.
- Check often for malware on your computer to ensure that your data isn’t being recorded as you input it. Use an anti-malware tool and make sure it’s set to automatically update.
- Avoid public or unsecured Wi-Fi. If you must log into an account on a network you don’t trust 100%, use a VPN to encrypt all communications. Even bank websites can be forged to be almost undetectable if an attacker has administrative access to the network you’re using.
- Delete accounts you don’t think you’ll use anymore. Old accounts can be compromised, and this leads to problems in the future. This is especially an issue if you use the same password for multiple accounts.
- Never use the same password for multiple accounts. This is the easiest way for an attacker to gain access. When a major list of account details is dumped on the Dark Web, your own details can be checked against other services such as email or banking.
- Use a password manager, and you’ll always have strong security for all your accounts but need remember only one master password.
source/reference: TechRepublic: Lance Whitney