How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime
2024-11-25 22:0:0 Author: www.trustwave.com(查看原文) 阅读量:9 收藏

3 Minute Read

Finding the exact price of any product is now easier than ever. A quick check with your favorite online retailer will show that a GE Profile Dryer goes for $989, a 10-pack of Play-Doh can be had for $7.99, and a loaf of Pepperidge Farm Farmhouse Hearty White Sliced Bread is $3.59.

Unfortunately, a glance at certain less legitimate online sites on the Dark Web is just as easy. It will show that buying someone’s personally identifiable information (PII) starts at $5, and all the data needed to access a stolen bank account can be had for as low as $200.

Trustwave SpiderLabs’ researchers regularly track activity in these markets and in its just-released report Retail Sector Deep Dive: Fraud Targeting Retailers, which is a supplement to the broader 2024 Trustwave Risk Radar Report: Retail Sector, breaks down the price of various types of stolen information.

Prices of information on the Dark Web are shaped by multiple factors ranging from database security to the specific vulnerabilities in stolen data. The rarity, freshness (how recently the data was stolen), validity (whether credentials are still functional), and quality (level of access or potential for misuse) all play significant roles in determining the value of illicit goods.

In 2024, Dark Web pricing for stolen data reflects factors such as demand, data rarity, and the risk level associated with specific database security vulnerabilities.

Here’s an overview of key categories.

Gift Cards

Value: $20–$1,000+

On Dark Web forums, gift cards from popular retailers like Amazon and Walmart are often sold at a percentage of their face value. Factors like balance, vendor popularity, and ease of cash-out contribute to the pricing strategy. These cards are highly sought after for their anonymity and ease of use in laundering money, making them a staple commodity in the Dark Web trade.

Fullz (Complete Identity Sets)

Fullz, consisting of complete PII sets, are highly valued on the Dark Web as they more easily enable identity theft and fraudulent activities. Criminals can use Fullz to open bank accounts, apply for loans, or conduct other forms of financial fraud. Medical records, in particular, are even more sought after since they contain PII and sensitive health data, making them useful for insurance fraud. The detailed nature of medical records allows for more complex fraudulent schemes, increasing their price and demand.

  • Basic PII (Name, Address, Email): $5–$15
  • Full Identity Profiles (Fullz) with SSN and DOB: $20–$100+
  • Medical Records: Up to $500+

Credit Card (CC) Numbers

Credit card prices vary significantly based on geographical location, fraud detection systems, and the security of banking databases. Here’s a breakdown by country:

  • US Cards: Average $10–$40. With a large supply and fewer barriers, US credit cards are often cheaper.
  • UK Cards: $10–$60, driven higher by a smaller supply and higher fraud detection rates.
  • Australia: $15–$50, reflecting lower availability and higher demand.
  • Germany: $10–$50, among the most expensive due to strict EU data protection laws.

The card’s credit limit, inclusion of the CVV, billing information, and source reliability all impact prices. Regions with stringent fraud detection and advanced cybersecurity measures, such as Germany and the UK, see higher prices due to the increased difficulty of exploiting stolen cards. In contrast, US cards, while more accessible and cheaper, are still valuable due to the ease of fraud.

Bank Account Access

Criminals highly value access to bank accounts because of the direct financial benefits they offer, which is direct access to a person's money. The price of an account depends on several factors, including the account balance, the bank’s location, and whether the account includes additional information, such as security questions or transaction history.

Accounts with higher balances are more expensive, as they provide a greater potential payoff for attackers. Banks that are preferred targets often have weaker security measures or systems allowing quick transfers. US banks and international institutions with lenient fraud detection systems are particularly popular. Additionally, attackers favor accounts from banks that have high transaction or withdrawal limits.

  • Low-balance accounts: $200–$500
  • High-balance accounts: $1,000 or more
  • Bitcoin/crypto wallets: $100–$1,000+, depending on the balance

The Dark Web operates as a shadow marketplace, with prices for stolen data influenced by the interplay of database security vulnerabilities, demand, and risk. From gift cards to full identity profiles and bank account access, each category reflects the nuanced economics of cybercrime. Understanding these dynamics is crucial for organizations to stay ahead of attackers, mitigate risks, and fortify their defenses against an ever-changing threat landscape.

As we have seen, Dark Web pricing reflects a combination of database security weaknesses, demand for specific data types, and the effectiveness of fraud detection systems worldwide. As cybersecurity improves in certain areas, the market adapts, creating variable pricing across regions and data types.

For access to all of Trustwave SpiderLabs research please see:

Additional reports can be found on the Trustwave Resources page.


文章来源: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/how-prices-are-set-on-the-dark-web-exploring-the-economics-of-cybercrime/
如有侵权请联系:admin#unsafe.sh