Threat Management, Incident Response, TDR

Black market tactics mirror those of legit business

Given all the nefarious activity on the internet today, it comes as no surprise that online underground markets are booming, but a new study shows that the black market has adopted many traits of the legitimate marketplace, including offering hacker tutorials and 100 percent satisfaction guarantees.

In the Hacker Markets Report 2014, researchers at Dell SecureWorks Counter Threat Unit (CTU) found that hackers took “a cue from legitimate business” and “figured out that not only could they make money performing services, but they could make a little extra money teaching others.”

CTU Director of Malware Research Joe Stewart expressed surprise at that finding in a Monday email correspondence with “What surprised [us] this year is not only the jump in the number of hackers selling payment cards and other stolen credentials, but the big increase in the number of hackers going the extra mile to make sure they are providing their clients with excellent customer service and live, high-value credit cards and other data,”said Stewart. With so many “vendors” of stolen information “jumping into the game” sellers were forced “to adjust their business model, just like any legitimate business must do when the competition gets fierce.”

As a result, the Dell SecureWorks researchers found that promises like “'100% Satisfaction Guarantees' or ‘Your Product will be Replaced' and ‘Price Cuts and Freebies for Repeat Customers and Large Purchases' is definitely one of the new trends,” he added.

Manual tutorials sell for around $30 while, the report noted, “individual training tutorials can run as low as $1.”

Stewart and fellow researcher SecureWorks Network Analyst David Shear called out another significant trend. The number of hackers selling premium cards rose, though the report noted that increase was not surprising given the number of breaches reported in 2014 and the resultant flood of compromised credit and debit cards. Platinum and Gold MasterCards with Track I and Track II data are currently selling for about $35 each, the researchers found, while Premium Visas cost $23.

Of course, malware is on tap and plentiful in 2014, though prices have dropped significantly—the going rate for remote access trojans (RATs) is $20-$50 while last year's prices ranged from $50-$250.

The biggest difference between 2013 and 2014, the researchers found, was the sheer volume of counterfeit documents used to perpetuate fraud such as social security cards, new identity kits, and utility bills as well as passports and driver's licenses.

Stewart called that another another surprising discovery. You name it, you can buy it: Social Security cards, passports and driver's licenses to your specifications and new identity kits with corresponding utility bills,” he said. That boost in the sale of counterfeit credentials is likely an attempt” to help criminals commit more in-person fraud and to also assist their buyers in getting past additional security protocols being implemented by merchants taking payment cards, such as presenting identification when using a credit card in person,” Stewart said. 

He recommended a layered approach to safeguarding information, including using firewalls around web applications, continuous monitoring, gathering and updating intelligence on threats, encrypting email, backing up data and educating employees to recognize threats.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.