Dark Web Marketplace and Cybercrime Pricing EOY 2020

New Dark Web Pricing Analysis from Flashpoint

As a result of the COVID-19 pandemic and its enormous impact worldwide, demand for malicious and illicit goods, services, and data has reached new peak highs across dark web marketplaces (DWMs). 

Earlier today, we released our annual research deep dive into pricing trends seen on these dark web marketplaces. In this pricing analysis report, we highlight the common purchase prices for a wide gamut of cybercriminal data and service offerings, and further contextualize the pricing information with our own analysis and historical trending.

Download our new research, “Pricing Analysis: Dark Web Marketplaces, 2020”

We also report on what can only be described as the shrewd and technologically impressive innovation in the offerings sold throughout the cybercrime ecosystem. For instance, targeted ransomware and advancements in DDoS-for-hire services are just two enhanced offerings now clearly part of adversary arsenals and offered for sale throughout DWMs. 

Key Research Highlights

Below, we breakdown our key findings and analysis from our research. Download the full report for all of the in-depth DWM pricing information and analysis.

Coverage Breakdown—by Dark Web Data and Service Type

For easy navigation and data consumption, Flashpoint organized this pricing analysis report into the following seven categories:

1. Government-issued IDs, passports, and driver licenses
2. DDoS-for-Hire services
3. Exploit kits: phishing, ransomware, and others
4. RDP server access
5. Payment card data
6. Bank logs and routing information
7. Fullz (i.e., all-in-one packages)

High Turnover and Pricing Volatility on Dark Web Marketplaces

In recent years, there’s been significantly higher turnover in dark web marketplaces. Today it can even seem like the entire cybercrime economy is a neverending carousel of dark web marketplaces that routinely open and close. As popular ones shut down and new ones spin up in their place, it results in major, albeit temporary, spikes and drops in dark web list pricing and service availability. 

The increasingly transient nature of DWMs is also a leading factor explaining the asymmetrical market dynamics of the cybercrime economy and the often wide variations in DWM pricing. It’s also a key reason why all DWM pricing information is uniquely challenging to normalize. On the other hand, its high and growing activity rates are also important indicators of just how strong the cybercrime economy is today—on both supply and demand sides.

Tailored Phishing Kits and Legacy Ransomware Sold in Bulk

Phishing exploit kits sold on DWMs are increasingly packaged with dedicated support to help the buyer customize the design of phishing lookalike webpage. They also often include detailed “how-to” styled instructions to train the buyer to launch successful phishing attacks. Specific exploit kits targeting Office365 vulnerabilities are more highly sought after, frequently priced into low triple figures ($100+). 

Conversely, ransomware exploit kits remain inexpensive in comparison as buyers tend to prefer fully-managed ransomware attack offerings and Ransomware-as-a-Service (RaaS) in particular. Meanwhile, vendors sell bundled legacy ransomware exploit kits for cheap, typically costing about $12 for nine legacy exploits.

Bank Logs, Payment Card, and “Fullz” in High Demand

The cost of sensitive data to execute a range of identity fraud schemes and populate automated cyberattacks is again on the rise. For example, the per-record cost of so-called payment card “dumps”—which is full card information including magnetic strip track 1 and track 2 data—increased by 225% since 2018.

This strong demand for stolen personal data also includes Fullz listings, which package together various combinations of identity and banking data, such as bank logs, routing numbers, payment cards, government-issued IDs, as well as personally identifiable information (PII) such as US social security numbers (SSNs) or date of birth (DoB) records.

Download the Report

We only scratched the surface of our research findings. For all of the in-depth dark web marketplace pricing data and analysis download the report, “Pricing Analysis: Dark Web Marketplaces, 2020.”

See Our Threat Intelligence for Yourself

If this dark web pricing analysis piqued your interest, see our entire threat intelligence database in action and sign up for a demo with Flashpoint today.

In a matter of minutes, we can show you how Flashpoint brings immediate value to your most pressing security initiatives. From SOC analyst productivity to compromised credentials monitoring to CVE prioritization to ransomware response, Flashpoint will take your security program to the next level.