Cyber Black Markets Give Broad Access to Sophisticated Malware Tools

The tools and services needed to compromise networks and steal data have become a major market, and an increasingly sophisticated one, two studies find.

Online black markets for cyber-crime tools and stolen data have become more sophisticated, allowing even the least technical would-be cyber-criminals to gain access to complex software and sell their illicit gains, according to two reports on the underground economy.

In a report published on March 25, three researchers from RAND, a nonprofit research organization, surveyed the current state of black markets and found that the sale of increasingly sophisticated attack tools will make it harder for defenders to keep up with attackers. In addition, the markets' exodus to the "dark Web," described as anonymized locations on the Internet, will make it harder for law enforcement agencies to take down the cyber-crime sites.

"These markets are empowering cyber-crime and cyber-criminals," Lillian Ablon, lead author of the study and an information systems analyst at RAND, told eWEEK. "It is super easy to find where to buy these exploit kits or credit cards, and these markets are incredibly resilient to takedown by law enforcement."

Law enforcement has successfully shut down several credit-card—or carder—markets as well as the Silk Road marketplace, which—along with drugs—sold stolen credit and debit card numbers, exploit kits, attack tools and fake identification. In many cases, cyber-criminals have just relaunched the sites, or similar sites, and moved them to the dark Web, where the exact locations of the servers on which sites are hosted are hidden by anonymizing proxy servers and networks, such as the Tor network.

With the arrest of the author of the popular Blackhole exploit kit in Russia, the market has opened up to a large variety of other software programs for facilitating the infection and control of computers. Exploit kits such as Whitehole, Eleonore and Cool sell anywhere from hundreds of dollars for the software to $10,000 per month for an exploit service, according to the report.

While the tools are sophisticated, they do not use extremely advanced techniques. Instead, they harness small advancements and obfuscation to bypass security measures, said Charles Renert, vice president of security research for Websense, which will be releasing its own report on online black markets later this week.

"The market has responded to the need of the vast majority of criminals to attack, not with zero-days, but with techniques that are just slightly better than the defenses out there today," he said.

In fact, zero-day attacks, which use previously unknown vulnerabilities to break through defenses, are not necessary in the vast majority of cases, said RAND's Ablon.

Black markets for cyber-crime tools and criminal services follow the same economic laws as other markets, according to the RAND report. While large operations—like the digital fleecing of retail giant Target—garner headlines, they are less of a boon for the market, Ablon said.

"Big attacks, things like Target happen rarely, because when there is an influx of goods, it impacts price, and to keep the prices high, they need scarcity," she said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...