The 6 Pricing Trends on Dark Web

This article as sourced from Dark Reading, where the author quotes on how the Dark Web grows more profitable every day for cybercriminals.

According to Armor, this is especially true for stolen credit card data, where prices have increased anywhere from 33% to 83% from 2015 to 2018 in the United States, Canada, the United Kingdom, and Australia.

Corey Milligan, senior security researcher with Armor’s Threat Resistance Unit, says stolen credit card data has great value to cybercriminals because of the number of ways they can use it to commit fraud, for everything from purchasing high-end merchandise for resale to money laundering and funding other illicit activities.

But Brian Stack, vice president of engineering and Dark Web intelligence for Experian, says stolen credit card data is just the start. Cybercriminals, he says, are really after a victim’s full digital footprint.

There’s also a broader universe of stolen data and items available on the Dark Web that security pros need to defend against. That includes a developing dark market for cloned ATM cards, passports, and prescriptions and prescription labels – all of which have increased in importance over the past three years.

1. Credit Cards

Last year’s takedowns of AlphaBay and Hansa helped create a major price rise in the fraudulent credit card market on the Dark Web, says Armor’s Milligan. Following the takedowns, he explains, criminals had to spend more money on security, infrastructure, and bulletproof hosting, plus their risk increased dramatically due to more intense law enforcement pressure. “When these markets were taken down, the money tied up in these escrow services became unrecoverable,” Milligan explains. “A lot of people, buyers and sellers, lost money, and confidence in these markets has taken a hit.”

2. Online Bank-Account Credentials

Armor reports that prices increased in the online bank-account credentials market from 2015 to 2018 by around 10% to 20%. According to Milligan, the company saw only a moderate increase because demand is not as great for online bank-account credentials as for credit cards. The chance of success is also less because banks typically have much better security. On top of that, there’s much more overhead: More skill is required, plus profit is less because criminals need to hire money mules to complete the transactions or set up their own fraudulent accounts to siphon the funds.

3. Full Identities

According to Armor, prices for full identities (Fullz) rose between 10% and 39% for people living in Australia and parts of Europe, including France, Sweden, Spain, Italy, Denmark, and Ireland. Prices in the UK and Canada stayed the same between 2015 and 2018, while prices in the US decreased 23% between 2015 and 2018.

Armor’s Milligan says the dramatic price decline in the US was due to an overwhelming supply of personally identifiable information following several high-profile breaches. These include last year’s Equifax breach, as well the breach of the US Office of Personnel Management in 2015.

In a related trend, Brian Stack, vice president of engineering and Dark Web intelligence at Experian, cites great demand on the Dark Web for medical data. Hospitals and medical facilities have lax security compared with the financial sector, he says, and by stealing data from medical operations, criminals can get people’s Social Security numbers, names, addresses, phone numbers, and all their sensitive medical information.

4. Cloned ATM Cards

Armor cites a dramatic increase from 2015 to 2018 in the number of vendors offering cloned ATM cards. For example, in 2015 it found only one vendor selling cloned cards from $100 to $250 for accounts with balances ranging from $2,000 to $5,000. But by 2018, it found five vendors selling cloned cards from as low as $100 to $1,000 for accounts with balances ranging from $2,000 to $50,000.

Armor’s Milligan says cloned ATM cards have become a popular way for smaller cybercriminals to enter the cybercrime market. The sellers often package these cloned cards as a service offering that includes a how-to guide that explains how to commit the fraud and set up mules; they will even execute part of the service for a fee. Ed Cabrera, chief cybersecurity officer at Trend Micro, says he sees a lot of these cybercrime-as-a-service operations in which the sellers will offer a soup-to-nuts cybercrime campaign and also run the operation in exchange for a part of the take.

5. Passports

The market for passports has increased substantially from 2015 to 2018. Three years ago, Armor’s Milligan says, there weren’t as many vendors, and most of the activity was for scans that typically cost $50. But with increased interest in immigration to Canada and the US, and sizable refugee populations moving from places such as Syria and Africa to Europe, a great deal of additional activity is happening.

For example, sellers are offering complete packages: One seller offers a U.S. green card, passport visa, driver’s license, and insurance card for $2,000. Another vendor offers an Ontario driver’s license and Canadian passport for $1,000. Still another offers diplomatic passports from multiple countries for $2,000. Experian’s Stack adds that it’s inexpensive to obtain passport templates, and they can be reused many times.

6. Fraudulent Prescriptions and Labels

Although Armor did not have comparison data for prescription labels and actual prescriptions, it has documented recent cases in which they have been sold over the Dark Web. Often, Armor’s Milligan says, the sellers (no matter what they are peddling) will advertise “teaser” offerings on the Dark Web and try to meet the buyers in private chat rooms. In two separate cases, vendors were offering a single fraudulent label from well-known pharmacies for $62.40 and $60, respectively. By and large, they were trying to lure a customer to buy more. This tactic of providing only a bit of data was similar to a prescription Armor found on the Dark Web for codeine, which was advertised for $52 but did not specify a dosage.