Stolen Data Prices on Dark Web Slug Due to Changing Data Breach Trends
- It now costs less than $10 for full credit details on a consumer and $50 for access to a US bank account.
- Over 78 percent of the illicit trade of stolen cards can be attributed to only a dozen of Dark Web markets.
A research report by Flashpoint suggests that the rise in data breaches over the years has adversely affected the market for stolen financial information and hacker tools on the Dark Web.
Reason: Rise in data breach events
More than 3800 data breaches (~20/day) potentially exposed more than 4.1 billion records in the first half of 2019. Most of the breaches were powered by tools and information available on the Dark Web for sale.
Take yesterday’s incident for example. BriansClub—one of the web’s largest marketplace for trading stolen credit card data, was hacked only to reveal over 26 million credit and debit card records. The surprising fact is about 7.6 million records were uploaded to the marketplace between Jan - Aug 2019 alone. It tells a lot about why data price has gone sluggish in Dark Web.
"With over 78 percent of the illicit trade of stolen cards attributed to only a dozen 'dark web' markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," Andrei Barysevich, co-founder and CEO of Gemini Advisory, told security journalist Brian Krebs, who discovered the breach.
Trends of stolen data pricing
FlashPoint’s annual survey of prices for services on the Dark Web disclosed how the underground market has inundated itself with data with the surge in the number of breaches every year. Below are the pricing observations (slightly high, almost stable) found by the security intelligence company.
Fullz - for complete digital profiles and financial information (slightly high)
- Data on US residents was available at very cheap rates with one record costing between $4 to $10, slightly higher than in 2017.
- Details, such as social security number and date of birth of personnel, needed to carry out new account fraud cost just $5.
Bank account credentials (stable)
- Typically priced depending on the amount of money in the account, the information is sold between $25 to $75, nearly the same as 2017.
- European deals for bank credentials usually cost more in the marketplace.
Exploit kit rentals (stable)
- Rental of exploit kits varied between $80 to $100 per day, about the same as 2017.
DDoS-for-hire services (increased)
- Slightly more expensive DDoS attacks; ones that costed around $27 in 2017, shot up to $100 in 2019.
- While attacking websites, cybercriminals use DDoS attacks to charge more for the greater bandwidth and additional application-layer attacks required.
Additionally, research from Armor last year exposed that the cost of credit card data from 2015 to 2018 saw a significant increment from 33 percent to 83 percent respectively. It varies depending on the country from where the data comes from.
The shifting trends of data breaches, crackdowns on underground sites, and breaches affecting hacker forums point towards a shaky future for illicit trade of stolen data.