Demand for dark web malware exceeds supply
Malware writers have been using a free market model to sell their wares for some time. The success of this approach is clear from new research by Positive Technologies that finds demand for malware creation on the dark web is three times greater than supply.
Demand for malware distribution is twice the supply. This mismatch of supply and demand has led to interest among criminals in new tools, which are becoming more readily available in the form of partner programs that include malware-as-a-service and malware distribution-for-hire.
The analysis included 25 dark web sites, in Russian and English, with a total registered user base of approximately three million people. The researchers' looked at the completeness of dark web offerings (whether the advertised tools and services would be enough for a real attack) and the falling barriers to entry.
The costs of cybercrime continue to fall, compromising a site and obtaining full control over a web application may cost a mere $150. A targeted attack on an organization, depending on difficulty, can cost more than $4,500. The most expensive software was malware for ATM logic attacks, with prices starting at $1,500.
The leading type of malware available is cryptominers (20 percent of the total), followed by hacking utilities (19 percent), botnet malware (14 percent), Remote Access Trojans (RATs) (12 percent), and ransomware (12 percent). The majority of malware demand (55 percent) is for creation and distribution.
Most hack-for-hire requests involve finding site vulnerabilities (36 percent) and obtaining email passwords (32 percent). From sellers, the most commonly-offered services are hacking social network accounts (33 percent) and email (33 percent).
"This research shows a burgeoning and evolving dark web market for cybercrime," says Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies. "As a consequence, approaches to cyberincident investigations have to adapt accordingly. It is important to take these findings into account when analyzing the techniques and tactics used for any particular incident. To have a deep understanding of attacker toolkits, defenders have to study the trends and tools found on the dark web before they show up on client systems. Perhaps dark web intelligence will even involve enabling preventive action, as increasing purchases of certain types of illegal software or services can indicate pending attacks."
You can find out more in the full report, available from the Positive Technologies site.