Wannabe cybercriminals no longer are relying on dark web marketplaces to buy and sell their hacking tools, it seems.
The selection and prices of malicious software offerings on well known dark web markets has remained mostly unchanged since 2017, according to findings published Tuesday by the risk intelligence firm Flashpoint.
The mostly stagnant prices on these forums, which are most frequently used to buy and sell narcotics, is the latest proof that, even as cybercriminals continue to harass victims, skilled hackers are moving to more private channels to trade the most valuable techniques, suggested Ian Gray, Flashpoint’s director of analysis and research. The quality of the tools, like commodity malware and distributed denial-of-service rental services, also has remained steady, even as defenses have improved.
“There’s a lack of innovation we’re seeing in the kinds of goods and on the marketplaces,” Gray said. “It might be an indication they’re looking at more trusted cybercrime marketplaces.”
Flashpoint over the past two years examined sites including Dream Market, Wall Street Market, Nightmare, and others, most of which are now offline. DDoS attack services ranged in price from $1 to $100, up from the $27 it would have cost wannabe attackers in 2017 (one ad promising to DDoS any site charged $250). Meanwhile prices for exploit kits, the automated attack technique that first compromises a target site, has kept “relatively stagnant” at up to $100, $700 or $2,000 for daily, weekly, or monthly rentals, respectively.
Compare the use of these low-level hacking tools, typically used to cheat at online games or harass specific individuals, with emerging techniques, like the Ryuk ransomware or Magecart payment skimmers.
“A lot of the services here are baseline commodity services,” Gray said. “A large number of threat actors might sell them as services, and then the value goes down.”
Flashpoint’s research period coincided with a hectic time for dark web markets. Earlier this year, international law enforcement agencies shut down Wall Street Market and Valhalla. Administrators of Dream Market, which specialized in selling drugs and stolen personal information, announced in March they would shut down that site, among other activities.
Those incidents, and prior shutdowns like them, mostly affected the online drug market, as CyberScoop reported at the time. Other hacker-specific sites, like Exploit.in, continued to persist, requiring new users to demonstrate their ability to participate in criminal activity or earn an invitation to join.
Now that trend away from open dark web forums is poised to continue, Gray predicted, even if it means forum reviews will help buyers determine if they can trust sellers.
“One way to moving to encrypted chat applications,” he said. “You have a similar messaging experience but you don’t have the trust, or a way to check the credibility…I’ve seen some examples of that, but people haven’t gone there wholesale.”