A new report from Intel Security has shone a light on the shadowy world of Dark Web cybercrime markets, where everything from £1 Netflix accounts to critical infrastructure access is available.
The security giant’s McAfee Labs division revealed a cyber-criminal underground which mimics the real world—with sellers offering guarantees on stolen cards, and 'disreputable' members of illegal forums named and shamed.
Stolen credit and debit cards start at just $5 in the US, while online video streaming services are even cheaper, beginning at only $0.55.
Payment card info is there in abundance, with the basic package including account number, CV2 and expiry date. Prices then rise for additional information such as bank account ID number, date of birth, and billing address, which allows the cyber-criminal to conduct more types of fraud.
Other data bought and sold on such sites included bank log-ins, payment service account details and even loyalty card info, Intel Security claimed.
Hackers are even selling the means to launch cyber-attacks on large corporations or critical infrastructure systems.
The firm’s EMEA CTO, Raj Samani, argued that these underground markets are extremely volatile, with the recent spate of data breaches having precipitated a huge decrease in prices.
“When a breach occurs, stolen card credentials flood the market and prices can plummet. One recent breach resulted in details for over 100 million cards being stolen and overnight prices tumbled,” he told Infosecurity.
“However, the breadth of information being stolen goes far beyond payment cards. Almost everything that you can imagine is being sold. In such an enormous marketplace, sellers are also undercutting each other to try to ensure that their stolen data gets buyers’ attention.”
Far from being hidden away on anonymization platforms like Tor, many of these markets are easy to find, Samani added.
“A few seconds of digging using a standard search engine reveals that the majority of this data is not hidden away,” he claimed.
Nevertheless, businesses, should get more proactive in investing in advanced intelligence tools to scour both surface and dark web for signs of stolen data.
“You can’t work to protect and retrieve information if you don’t know it has been stolen,” Samani argued. “Any measure to protect valuable corporate information falling into the wrong hands is a step in the right direction.”