Terbium Labs Report Analyzes the Latest Offerings
“Fraud guides” designed to assist cybercriminals in carrying out schemes that leverage stolen financial or personal data are the most common offerings on three prominent dark net marketplaces, according to security firm Terbium Labs.
When Terbium Labs analysts examined three dark net forums that offer stolen financial and personal data, as well as other cybercriminal services, for sale, they found that that these “how-to” fraud guides accounted for about 49 percent of all listings.
The forums examined were Canadian HeadQuarters, Empire Market and White House Market, according to Terbium Lab’s the new research report.
‘How To’ Guides
Fraud guides are written for specific purposes, such as how to use stolen credentials to open up a phony account at a bank or another financial institution. Others are dedicated to data theft, system takeover, account compromise, phishing attacks and business email compromise schemes, according to the report.
The average costs of these guides is $3.88, with a bundle of guides selling for about $12.
Cybercriminals buying up stolen credentials or payment card information might also purchase a how-to guide to put that stolen data to work, says Tyler Carbone, chief strategy officer at Terbium Labs.
“If, for example, you have access to a set of bank drop credential data, you might buy up some guides that discuss how to safely monetize that data,” he says. “In a similar vein, sometimes the sellers of such data will offer accompanying guides for free, or at reduced prices.”
New Source of Revenue
One reason why interest in fraud guides is increasing is that as the price of stolen personal and financial data has fallen, cybercriminals are looking for new ways to monetize this information.
“We’ve seen the volume increasing,” Carbone says. “This is partially due to the falling price of stolen data – as criminals look to make money in other ways – and partially due to increased customer demand, as more criminals are shopping for guides to help them better monetize their efforts.”
Carbone suggests that companies study these fraud guides to help them identify and then fix vulnerabilities and flaws that attackers are likely to exploit.
“For any valuable guides that contain valid exploits, the best defense is to understand the contents as quickly as possible, and close any vulnerabilities before additional criminals can purchase those guides and exploit them,” Carbone says.
Other Stolen Data for Sale
In addition to fraud guides, the Terbium Labs researchers found a wide range of stolen personal and financial data available for sale on the three dark net forums.
Stolen data for sales on the Canadian HeadQuarters dark net site (Source: Terbium Lab)
Personal data, which can include name, address and Social Security number, accounted for about 15 percent of the listings on these three dark market sites, according to the report. Nonfinancial accounts and credentials represented about 12 percent of listings, while financial accounts and credentials accounted for about 8 percent of all listings.
The researchers also noted that fraud tools and templates accounted for 8 percent of all listings, while payment card data represented about 7 percent of listings.