Story image

Exploring the cybercrime underground: Darknet markets - where cyber criminals trade

17 Feb 17

This latest report in our cybercrime series provides a glimpse of the darknet markets where cyber criminals buy and sell data which have likely been stolen directly by compromising victim computer systems or by the result of a large database compromise.

This blog focuses on explaining what darknet markets are, common payment model used, the type of digital data being bought and sold in the darknet markets and their typical costs. The objective of this blog is not to provide an exhaustive list of all the products and services being sold in the darknet markets but to shed light on how cyber criminals are utilising the darknet markets to trade with impunity.

It is important to understand the impact to the growing number of cybercrime campaigns and how the stolen data is monetised by the cyber criminals due to the demand in specific PII data in the darknet markets.

Many articles and research published by the information security industry discuss how cyber attacks can be broken down in phases which is widely known as the cyber kill-chain model. Darknet markets also play two important roles in the overall attack kill-chain.

First these markets allow cyber criminals to purchase tools which are then utilised in specific stages of the kill-chain. For example: Malware creation and exploit tools which are sold in the darknet markets aid cyber criminals during the 'weaponisation' and 'exploitation' phase of the kill-chain model respectively. The last phase of the kill-chain model 'Actions on Objectives', specify the objective or goal of an adversary.

Second, darknet markets allow cyber criminals to achieve their goal of making monetary profit by selling the data which may have likely been stolen from victim computer systems. It is also worth noting that not all digital data being sold in the darknet markets are gained from the result of successful cyberattacks.

Insider data theft can end up in a darknet market as well. Insiders with the knowledge and know-how on sensitive information can aid in creating fake identification products which look authentic. For example a former Australian police officer was arrested in November 2016, for creating and selling fake police IDs, security and maritime passes in a darknet market.

The darknet markets today have increased in numbers as well as the number of users - one of the primary reasons has been the anonymity the darknets provide to the users to perform their illicit and illegal trades as well as the decentralised architecture provided by the Tor network which makes it increasingly difficult for law-enforcements to take actions against darknet markets.

What are darknet markets?

Darknet markets are websites which are hosted on the deep-web and can be accessed typically using the Tor network. The products and services which are bought and sold in the darknet markets can range from stolen credit-cards, personal information & ID scans, personal credit reports, operating accounts of online payment systems, email accounts with stolen credentials, counterfeit items, malware & exploit kits, drugs and also weapons, among other illegal products.

Conclusion

Organisations should follow industry standards on securing data and implement security technologies to prevent cyber attacks and reduce the risk of data being stolen and traded in the darknet markets. Palo Alto Networks Next-Generation security platform provides a holistic solution to protect the digital way of life by safely enabling applications and preventing known and unknown threats across the network, cloud and endpoints.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.