Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Researcher relays sticker prices for some of today's hottest hacks
2 Min Read
For that hacker who has everything -- why not get him an exploit this holiday season? Potential criminal offenses are available in all price ranges, from just $7 to more than $50,000.
If you know where to look, online shopping for hackers could be just this easy and affordable, according to researchers at Trend Micro. Through its own unnamed sources, the security vendor recently cracked into a major marketplace for buying and selling online exploits, and earlier today officials shared their findings with Dark Reading.
"It's amazing what's available for sale," says Raimund Genes, CTO of Trend Micro. "We estimate that the malware industry now generates more revenue for criminals than the content security industry generates for vendors and service providers." The latter figure was about $26 billion last year, he says.
This week, Trend Micro got a glimpse at one of the fleeting online marketplaces used by attackers to buy and sell online exploits. Genes emphasized that the prices he saw were the offer prices, and that, unlike eBay, the marketplace did not show whether or not anyone had purchased the exploits at these prices. "Still, it gives you a sense of the relative value and economics of these exploits."
At the high end of the market was a zero-day exploit for Microsoft Vista, which was priced at $50,000. Other zero-day exploits were selling for around $20,000 to $30,000 each. Bots that allow users to self-generate botnets were priced at $5,000 and up.
But exploits aren't just for those with deep pockets. The marketplace also yielded a variety of more affordable holiday gifts, including:
$1,000-$5,000: Customized trojan program, which could be used to steal online account information
$500: Credit card number with PIN
$80-$300: Change of billing data, including account number, billing address, Social Security number, home address, and birth date
$150: Driver's license
$150: Birth certificate
$100: Social Security card
$7-$25: Credit card number with security code and expiration date
$7: Paypal account log-on and password
Online marketplaces such as these pop up periodically, then are quickly disassembled and moved to avoid detection, Genes says. "Prices like these can change quickly as demand and the availability of exploits shifts."
The lowest-priced exploits, such as credit card numbers and Paypal account information, are becoming commodity items because of the widespread success of spam-based phishing campaigns, Genes says. In recent spam statistics, Trend Micro has found some ISPs, particularly in Europe, that are handling more than 1 billion spam messages per day.
"It's really a little bit scary," Genes says.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
More Insights
Webinars
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
