6 Dark Web Pricing Trends
For cybercriminals, the Dark Web grows more profitable every day.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltca95be3b4fd0f33c/64f0d64af6f80e60374faed3/Slide1CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
For cybercriminals, the Dark Web grows more profitable every day. According to Armor, this is especially true for stolen credit card data, where prices have increased anywhere from 33% to 83% from 2015 to 2018 in the United States, Canada, the United Kingdom, and Australia.
Corey Milligan, senior security researcher with Armor's Threat Resistance Unit, says stolen credit card data has great value to cybercriminals because of the number of ways they can use it to commit fraud, for everything from purchasing high-end merchandise for resale to money laundering and funding other illicit activities.
But Brian Stack, vice president of engineering and Dark Web intelligence for Experian, says stolen credit card data is just the start. Cybercriminals, he says, are really after a victim’s full digital footprint.
There’s also a broader universe of stolen data and items available on the Dark Web that security pros need to defend against. That includes a developing dark market for cloned ATM cards, passports, and prescriptions and prescription labels – all of which have increased in importance over the past three years.
Last year's takedowns of AlphaBay and Hansa helped create a major price rise in the fraudulent credit card market on the Dark Web, says Armor's Milligan. Following the takedowns, he explains, criminals had to spend more money on security, infrastructure, and bulletproof hosting, plus their risk increased dramatically due to more intense law enforcement pressure. "When these markets were taken down, the money tied up in these escrow services became unrecoverable," Milligan explains. "A lot of people, buyers and sellers, lost money, and confidence in these markets has taken a hit."
Armor reports that prices increased in the online bank-account credentials market from 2015 to 2018 by around 10% to 20%. According to Milligan, the company saw only a moderate increase because demand is not as great for online bank-account credentials as for credit cards. The chance of success is also less because banks typically have much better security. On top of that, there's much more overhead: More skill is required, plus profit is less because criminals need to hire money mules to complete the transactions or set up their own fraudulent accounts to siphon the funds.
Armor cites a dramatic increase from 2015 to 2018 in the number of vendors offering cloned ATM cards. For example, in 2015 it found only one vendor selling cloned cards from $100 to $250 for accounts with balances ranging from $2,000 to $5,000. But by 2018, it found five vendors selling cloned cards from as low as $100 to $1,000 for accounts with balances ranging from $2,000 to $50,000.
Armor's Milligan says cloned ATM cards have become a popular way for smaller cybercriminals to enter the cybercrime market. The sellers often package these cloned cards as a service offering that includes a how-to guide that explains how to commit the fraud and set up mules; they will even execute part of the service for a fee. Ed Cabrera, chief cybersecurity officer at Trend Micro, says he sees a lot of these cybercrime-as-a-service operations in which the sellers will offer a soup-to-nuts cybercrime campaign and also run the operation in exchange for a part of the take.
Although Armor did not have comparison data for prescription labels and actual prescriptions, it has documented recent cases in which they have been sold over the Dark Web. Often, Armor's Milligan says, the sellers (no matter what they are peddling) will advertise "teaser" offerings on the Dark Web and try to meet the buyers in private chat rooms. In two separate cases, vendors were offering a single fraudulent label from well-known pharmacies for $62.40 and $60, respectively. By and large, they were trying to lure a customer to buy more. This tactic of providing only a bit of data was similar to a prescription Armor found on the Dark Web for codeine, which was advertised for $52 but did not specify a dosage.
Although Armor did not have comparison data for prescription labels and actual prescriptions, it has documented recent cases in which they have been sold over the Dark Web. Often, Armor's Milligan says, the sellers (no matter what they are peddling) will advertise "teaser" offerings on the Dark Web and try to meet the buyers in private chat rooms. In two separate cases, vendors were offering a single fraudulent label from well-known pharmacies for $62.40 and $60, respectively. By and large, they were trying to lure a customer to buy more. This tactic of providing only a bit of data was similar to a prescription Armor found on the Dark Web for codeine, which was advertised for $52 but did not specify a dosage.
For cybercriminals, the Dark Web grows more profitable every day. According to Armor, this is especially true for stolen credit card data, where prices have increased anywhere from 33% to 83% from 2015 to 2018 in the United States, Canada, the United Kingdom, and Australia.
Corey Milligan, senior security researcher with Armor's Threat Resistance Unit, says stolen credit card data has great value to cybercriminals because of the number of ways they can use it to commit fraud, for everything from purchasing high-end merchandise for resale to money laundering and funding other illicit activities.
But Brian Stack, vice president of engineering and Dark Web intelligence for Experian, says stolen credit card data is just the start. Cybercriminals, he says, are really after a victim’s full digital footprint.
There’s also a broader universe of stolen data and items available on the Dark Web that security pros need to defend against. That includes a developing dark market for cloned ATM cards, passports, and prescriptions and prescription labels – all of which have increased in importance over the past three years.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024