What's the price of a a stolen credit card number? How much does it cost to buy actual bank credentials and transform them into physical credit cards? Does it really matter from whom you're buying all the stolen data, and what really drives the underground's black market for stolen goods? Let's find out.
A newly released report by PandaSecurity entitled "The Cyber-Crime Black Market: Uncovered", details in depth the dynamic market interactions multiple market participants have with each other, and attributes the successful growth model to the rise of undetected trojan horses and crimeware used to steal financial data from infected users.
Highlights from the study:
The most common positions within a cybercrime enterprise:
Programmers, Programmers, Tech experts, Hackers, Fraudsters, Hosted systems providers, Cashiers, Money mules, Tellers, Organization Leaders.
The 8 stages purchasing process:
The product, The contact, Try & Buy, Online testing, Minimum orders and bulk discounts, Specialized online stores, Methods of payment, Customer services and support
From customer support, to discounts for bulk orders of credit card numbers, the cybercrime ecosystem still continues relying on basic economic principles, whether they realize and admit it at all. Take for instance risk-forwarding.
Risk-forwarding within the cybercrime ecosystem has to do with not only bulk sale of unverified and stolen financial data to unverified and low profile resellers, but most importantly, through the use of money mules. The process requires that average Internet users fall victims into quick cash earning schemes, where a bogus company manages to trick them into signing an agreement where they accept to receive and forward fraudulently obtained funds.
No study can give a definite answer even on the average price for a particular underground good or service, given how vibrant the cybercrime ecosystem is. This can be best described using price volatility thinking in the context of having multiple vendors selling the same item. Whereas for the experienced seller the item is now a commodity commanding a lower and more static price, new market entrants looking for ways to undercut the experienced sellers will offer a discount, in fact, bonuses in the form of access to alternative services in case the purchase ever takes place.
- Microsoft study debunks phishing profitability
- Microsoft study debunks profitability of the underground economy
- Study finds the average price for renting a botnet
- The current state of the crimeware threat - Q&A
What do you think? Do you believe that just because there are so many cybercriminals interested in committing cybercrime, they deny themselves the ability to better monetize infected hosts in terms of the internal competition? Is crimeware responsible for more leakage of financial data, compared to massive data breaches?