adimas - Fotolia
The analysis, by researchers at Positive Technologies, included 25 sites on the dark web in Russian and English, with a total registered user base of about three million people.
The researchers examined whether the advertised tools and services would be enough for a real attack and how much technical knowledge was required by prospective clients.
They found that cyber criminals no longer require deep technical knowledge and that any type of attack is now feasible given sufficient funding.
The researchers also examined the costs of cyber crime services across the dark web and found that compromising a site and obtaining full control over a web application costs as little as $150, for example.
However, a targeted attack on an organisation, depending on difficulty, can cost more than $4,500, while the most expensive malware was for targeting banks’ automatic teller machines through ATM logic attacks, with prices starting at $1,500.
The leading type of malware available was cryptocurrency miners (20% of the total), followed by hacking utilities (19%), botnet malware (14%), remote access Trojans (RATs) (12%), and ransomware (12%).
The majority of malware demand (55%) was for creation and distribution, the researchers found.
While current demand for malware creation exceeds the supply by three times, the demand for malware distribution is twice the supply, the researchers found.
This mismatch of supply and demand has led to interest among criminals in new tools, which are becoming more readily available in the form of partner programs that include “malware as a service” and malware distribution-for-hire, the research showed.
Most of the hacker-for-hire requests from would-be buyers involve finding site vulnerabilities (36%) and obtaining email passwords (32%), while the most commonly offered services are hacking social network accounts (33%) and email (33%).
Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said: “This research shows a burgeoning and evolving dark web market for cyber crime.
“As a consequence, approaches to cyber incident investigations have to adapt accordingly. It is important to take these findings into account when analysing the techniques and tactics used for any particular incident.”
To have a deep understanding of attacker toolkits, defenders have to study the trends and tools found on the dark web before they show up on client systems, said Galloway.
“Perhaps dark web intelligence will even enable preventive action, as increasing purchases of certain types of illegal software or services can indicate pending attacks,” she said.
However, the researchers said the trend of multiple threat actors using the same malware is likely to complicate attribution of future attacks.