The news today is full of stories about financial damage caused by the dark web, cyber crime and hacker attacks against organisations, or about hundreds of thousands of user accounts being leaked from some website.
Yet there’s never any information about how much it costs to prepare and launch such attacks. But since the point of any work, including cyber crime, is to make a profit, hackers will simply switch to other, more lucrative pursuits if the costs of an attack are comparable or exceed the potential revenue.
In a new report on current cyber threats, Positive Technologies noted an increase in the number of
major cyber incidents: Q1 2018 saw 32% more detections than in Q1 2017.
What’s more, most malware attacks involved the use of programs for data theft and hidden cryptocurrency mining. Meanwhile, information keeps appearing online about the code for various Trojans being made open-source. The availability of ready-made malware is, in the view of the report, the reason behind the significant rise in the number of attacks.
The aim of this study is to investigate the cost of such software and the complexity of acquiring it, as well as analyse the market supply and demand.
Positive Technologies analysed in detail the market for cyber-criminal services and tried to assess whether cyber criminals need a wide range of specialised knowledge, or whether everything can be outsourced to the shadow market: hackers of websites and servers, malware developers and distributors, botnet owners, and other practitioners.
During the analysis, Positive Technologies repeatedly encountered situations where the login credentials for systems and web shells for remote management of large companies’ servers were up for sale.
They immediately passed on the relevant information to the compromised organisations,
warning about the need to take protective measures and carry out an investigation. For the objects of the study, they selected the 25 most popular shadow trading platforms, whose names are not disclosed, with a total number of registered users in excess of 3 million.
There was an analysis of more than 10,000 ads in total – without taking into account obvious scams – which inundate the grey market like any other. Then calculated the minimum and average cost of various tools and services sold on such sites, and estimated the supply–demand ratio and the adequacy of the services provided for conducting a full-scale cyber attack.
Instead of in-house products and services, most modern cyber attacks deploy ones purchased and leased from third parties. This not only lowers the cyber crime entry threshold and simplifies carrying out attacks, but also makes it difficult or impossible to accurately attribute targeted attacks.
The diagram below presents some common types of attacks, as well as their minimum cost in US dollars, assuming that the attack masterminds purchase all necessary means and tools with money. For example, the cost of a targeted attack against an organization, depending on its complexity, can start from $4,500, including hiring an expert hacker, leasing infrastructure, and purchasing the relevant tools.
Hacking a site and gaining full control over a web application costs only $150, yet we found ads for
the targeted hacking of sites with prices climbing to $1,000.
The study showed that cryptominers, hacking utilities, botnet malware, RATs, and ransomware Trojans are widely available in the shadow cyber services market, while the highest demand is typically for malware development and distribution. The market offers more than 50 different categories of goods and services, which together can be used to organise any attack.