THE DARK WEB – you hear the term said in a deep, ominous voice in commercials aimed at the average consumer. On this unmonitored, anonymous Internet, you can buy almost anything, including all things illegal or in an ethical gray area. Among those things you can purchase, are DDOS attacks for the low, low price of $10 USD per hour.
We’ve talked numerous times about Ransomware as a Service (RAAS) - NemeS1S, for example, Satan, and Datakeeper – which allows malicious attackers with no technical skills at all to extort funds from unsuspecting victims. The availability and affordability of these DDOS attacks is yet another example of how easy it really is to run automated, successful attacks.
This new report released today by cloud security and compliance solutions firm Armor points to a slight increase in cost since the Dell SecureWorks INTEL Team report from years prior.
It shouldn’t be a surprise to discover that credit card data is the most widely available “nefarious” cybersecurity information found on the Dark Web (cue Gingivitis Voiceover). You can also buy bank account data for various fees, depending on the available funds in said accounts.
What other goodies are freely available on the Dark Web? Forged passports, fake IDs, and other fraudulent government-issued documents that you’d expect to find large quantities of in a super spy’s 60s-era briefcase.
None of this is new, of course, but Armor’s report does a great job of providing details and illustrating the breadth of the problem. There is another side to this story which takes things even further: a large portion of the sites selling nefarious good to electronic ne’er-do-wells are fraudulent/scam sites. It seems even criminals buying illegal/malicious data and attacks can get scammed. It’s not uncommon for clones/replica sites to pop up claiming to sell drugs, personal data, murder-for-hire, etc. only to steal funds or credentials from the would-be buyer.
Even that reality is old news in today’s ‘Dark Web’ landscape. In order to fight against DDOS attacks and banking fraud, get your basic cybersecurity measures in place:
- Use a password manager to generate and store strong passwords
- Generate unique passwords for each login
- Place secure passwords or locks on all of your devices
- Use soft-token two-factor authentication (2FA) applications such as Google Authenticator, Authy, or Duo instead of SMS-based 2FA solutions
For your banking transactions, make sure that you:
- Embrace 2FA where available
- Never conduct banking transactions on non-secure networks (open WiFi) or in untrusted locations (i.e. airports, coffeeshops, AirBnB/hotel networks, etc.)