How-to hacking tutorials and ‘100% guarantees’ on stolen data are just two of the ways cyber-criminals are hoping to differentiate their service in an increasingly competitive underground marketplace, according to Dell SecureWorks.
The managed security services firm revisited the hacker underground markets a year after its previous report to see if anything had changed, and discovered an even greater variety of goods and services being traded online.
Hacker training tutorials start at just $1 and cover topics such as ‘Basic Carding’, ‘How to do ATM Hacks and Get Much More Money than you Withdraw’ and ‘How to Have 100% Successful Bank Transfers.’
Other lessons cover different types of malware and exploit kits and explain how much they should cost, the report claims.
Another sign of the increasing professionalism of the cyber-criminal underworld is the attention some are now paying to customer service.
One hacker highlighted by the report offers a ‘100% valid rate’ on stolen premium cards (with high credit limits) and promises that “all dead ones will be replaced.”
The report continued:
“The same seller offered “Credit Card Guarantees”, which guarantees that if a credit card doesn’t pass for a $200 charge, the seller will do a check using Try2Check (a popular underground credit card verifying application), and should the card fail on a $200 charge, the card will be replaced. He also guarantees that all the credit cards he sells are premium cards, and if you get anything lower than a Platinum Card (like a Classic/Standard) then those cards will be replaced.”
As competition heats up on the criminal underground forums, prices have dropped.
Remote Access Trojans (RATs) are now selling at $20-$50, whereas last year they ranged from $50-$250, the report claimed.
However, the price of renting bots has increased, although this comes with increased specificity over where they are geographically located.
A 1000-machine botnet in the US will cost $140-$190, whereas in the UK it will be priced at $100-$120, and in Asia cheaper still at $4-$12.
The report authors suggested that this may be because some financial sites like Coinbase require a US IP address to access.