A new report from Dell SecureWorks into underground hacker markets has found that the underground economy is booming and many cyber criminals are selling their services with all the slickness of legitimate companies, offering 100% guarantees on stolen data and professing “excellent customer service”.
- Hackers can be hired to attack websites for between $100 and $200 a day, a drop in price compared to last year’s range of $100 to $300.
- A DDoS attack will cost $60 to $90 per day
- Doxing – a hacker being hired to gain all the information they can about a target – will cost between $25 and $100.
Malware for sale
- Remote access Trojans (RATs) will cost you between $20 and $50, a significant drop in price since last year, when they would have set you back between $50 and $250.
- Crypters can be yours from $50 to $150.
- Exploit packs such as Nuclear and Sweet Orange can be hired from $50 a day.
As well as hacking organizations themselves, hackers are being paid to teach others how to hack and commit fraud. Tutorial topics span from “Basic Carding” to “How to do ATM Hacks and Get Much More Money than you Withdraw”. Individual tutorials can cost as little as $1.
Stolen card information
2014 saw large-scale attacks hit numerous high-profile companies (see our monthly round-up for the latest information), and millions of card details stolen. The underground market has been inundated with card information as a result and the value of stolen credit cards has, understandably, dropped since last year’s survey. Buying in bulk is cheaper still: one hacker offered premium credit cards (platinum, gold, black, prestige, etc.) for $10 each when bought by the thousand.
- ‘Fullz’ – a full dossier of personally identifiable information that can be used to commit identity theft and fraud, including name, address, social security number and utility bill for identification – can be yours for as little as $350.
- If you need a counterfeit passport, it’ll cost between $200 and $500.
- A new driver’s license will be between $100 and $150.
As the criminal market makes it easier and easier to commit cybercrime, organizations need to establish adequate and fitting responses to the increasing risks they face. Failure to do so can result in regulatory fines, reputational damage and potential litigation. Sony, for example, is being sued by some of its employees over its recent data breach.
First, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is essential for all organizations that store, transmit or process cardholder data. For more information, click here >>
Second, organizations that want to protect themselves from data theft should implement an information security management system (ISMS), as described in the international standard ISO 27001.
ISO 27001 sets out the best-practice requirements of an ISMS, “a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives”.
An ISMS helps you coordinate all of your security efforts (both electronic and physical) coherently, consistently and cost-effectively. Click here for more information >>