Light Dark
March 26, 2018 By Shane Schick 2 min read

Would-be cybercriminals only need $10 to send distributed denial-of-service (DDoS) attacks that could cripple an organization, according to a recent research report.

Security firm Armor provided an in-depth examination of the emerging cybercrime-as-a-service sector in “The Black Market Report: A Look Inside the Dark Web.” Instead of trying to steal data or cause damage for their own purposes, the report found, some threat actors are now offering their services on demand.

Cybercriminals For Hire

For this study, Armor monitored underground forums and markets during the fourth quarter of 2017. The report suggested that cybercriminals for hire take their work very seriously, whether it’s packaging script kiddies into affordable bundles, tutoring customers on how to make the best use of their tools or offering after-sale support.

While an hour-long DDoS attack only costs $10, a day-long attack might cost $200, the report found. Cybercriminals also offer three month’s use of a remote desktop protocol (RDP) to break into an individual victim’s machine for $35, while more sophisticated exploit kits such as Disdain range from $500 a week to $1,400 a month. Not surprisingly, banking Trojans were among the priciest weapons, available for $3,000 at the low end and $5,000 at the high end.

Criminals aren’t just selling ways to steal data, however. They’re also making credit card details and bank card information available for purchase, with Visa and Mastercard data going for as little as $7. Again, prices go up as the information becomes more detailed and personally identifiable. In fact, some fraudsters will charge an additional $15 to verify a bank information number (BIN).

Cybercrime-as-a-Service Lowers the Barrier to Entry

As cybercrime-as-a-service becomes more pervasive, many threat actors are increasingly trying to show that they are as easy to work with as they are powerful. Security firm Proofpoint recently reported that one such service, BlackTDS, runs malvertising and other spam campaigns on behalf of customers who don’t have their own server or the necessary technical background.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 19, 2024

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature