The Deep & Dark Web facilitates an expansive and dynamic underground economy shaped by the diverse skills and motivations of a wide range of adversaries. The forums and marketplaces where illicit goods and services are exchanged have come to play an influential role in today’s cyber and physical threat landscape by providing access to the means to carry out various attacks and schemes.
The availability of illicit goods and services on the Deep & Dark Web enables a more efficient and democratised cybercriminal underground where adversaries can pay other actors to fill gaps in their own capabilities.
To provide defenders with enhanced context surrounding the current state of the underground economy, Flashpoint analysts gathered observational research to provide pricing examples for the following goods and services:
- Fullz: These complete sets of personally identifiable information (PII), which are typically used to support a wide variety of fraudulent schemes, are abundant and inexpensive for purchase on the Deep & Dark Web.
- Exploit Kits: Often used to deliver payloads containing ransomware, banking Trojans, and other types of malware, exploit kits have become increasingly popular among less-skilled adversaries seeking to infect multiple users with relative ease.
- DoS-for-Hire: Like exploit kits, the introduction of DDoS-for-hire services to Deep & Dark Web forums has significantly reduced barriers to entry for amateur adversaries keen on waging an attack.
- Remote Desktop Protocol (RDP) Servers: Over the past several years, compromised RDPs have become increasingly popular commodities on the Deep & Dark Web because they can serve as a vector for initial penetration of a targeted network.
- Card Data: Many Deep & Dark Web card shops offer both “cards” and “dumps,” often sourced directly from malware-infected or skimmed point-of-sale (POS) terminals.
- Bank Logs: Access to online bank accounts is typically sold at a price that reflects the bank account’s available balance.
- Passports: Illicit U.S. passports are sold in three formats on Dark Web marketplaces: digital scans, templates, and physical travel documents.
The inner workings of this underground economy continue to shape many of the risks facing organisations today. While the prices of the goods and services exchanged within these forums and marketplaces can be complex, unstable, and laden with unexplained discrepancies, gaining insight into the context surrounding such pricing can and should inform the security and risk strategies of organisations across all sectors.
For a more in-depth look at how these illicit goods and services are priced on the Deep & Dark Web you can download our latest research paper.
Article by Olivia Rowley, Analyst, Flashpoint
Olivia Rowley is an Intelligence Analyst at Flashpoint. She speaks fluent Spanish and specialises in analysing threats emerging from the Spanish-language underground with an emphasis on Latin America.
Prior to Flashpoint, Olivia’s passion for Latin America and the Middle East led her to pursue extensive research on the languages, culture, and political climate of these regions. She has studied abroad in Madrid, Spain and holds a bachelor’s degree in International Relations with a concentration in International Security from Tufts University.