Black and gray markets for computer hacking tools, services and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments and individuals, according to a new RAND Corporation study.
One dramatic example is the December 2013 breach of retail giant Target, in which data from approximately 40 million credit cards and 70 million user accounts was hijacked. Within days, that data appeared — available for purchase — on black market websites.
“Hacking used to be an activity that was mainly carried out by individuals working alone, but over the last 15 years the world of hacking has become more organized and reliable,” said Lillian Ablon, lead author of the study and an information systems analyst at RAND, a nonprofit research organization. “In certain respects, cybercrime can be more lucrative and easier to carry out than the illegal drug trade.”
The growth in cybercrime has been assisted by sophisticated and specialized markets that freely deal in the tools and the spoils of cybercrime. These include items such as exploit kits (software tools that can help create, distribute, and manage attacks on systems), botnets (a group of compromised computers remotely controlled by a central authority that can be used to send spam or flood websites), as-a-service models (hacking for hire) and the fruits of cybercrime, including stolen credit card numbers and compromised hosts.
In the wake of several highly-publicized arrests and an increase in the ability of law enforcement to take down some markets, access to many of these black markets has become more restricted, with cybercriminals vetting potential partners before offering access to the upper levels. That said, once in, there is very low barrier to entry to participate and profit, according to the report.
RAND researchers conducted more than two dozen interviews with cybersecurity and related experts, including academics, security researchers, news reporters, security vendors and law enforcement officials. The study outlines the characteristics of the cybercrime black markets, with additional consideration given to botnets and their role in the black market, and “zero-day” vulnerabilities (software bugs that are unknown to vendors and without a software patch). Researchers also examine various projections and predictions for how the black market may evolve.
What makes these black markets notable is their resilience and sophistication, Ablon said. Even as consumers and businesses have fortified their activities in reaction to security threats, cybercriminals have adapted. An increase in law enforcement arrests has resulted in hackers going after bigger targets. More and more crimes have a digital component.
The RAND study says there will be more activity in “darknets,” more checking and vetting of participants, more use of crypto-currencies such as Bitcoin, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions. Helped by such markets, the ability to attack will likely outpace the ability to defend.
Hyper-connectivity will create more points of presence for attack and exploitation so that crime increasingly will have a networked or cyber component, creating a wider range of opportunities for black markets. Exploitations of social networks and mobile devices will continue to grow. There will be more hacking-for-hire, as-a-service offerings and cybercrime brokers.
The Latest on: Hackers
[google_news title=”” keyword=”Hackers” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Hackers
- Cerebral Valley Hackers Build $20 Open Source Smart Glasseson May 15, 2024 at 10:50 am
A five-person team at a San Francisco hackathon created an open source approach to Meta's AI-powered Ray-Bans.
- About 900K patients are victims in Mississippi hospital data breach. What did hackers take?on May 15, 2024 at 9:25 am
According to Comparitech, a publication reporting cybersecurity news, Singing River “more than tripled the victim count from an August 2023 data breach. The Mississippi healthcare provider has sent ...
- Hackers target website of Christie’s auction house in UKon May 15, 2024 at 6:35 am
UK-based auction house Christie’s faced a cyberattack Thursday, prompting it to take down its website and reschedule one live auction, reports The Record, a news site by cybersecurity firm Recorded ...
- Helpful tips to protect your passwords from hackerson May 15, 2024 at 5:38 am
Most of us realize that passwords are important to protect our many online accounts, yet so many people take the easy way out by using common, simple passwords that anyone ...
- Dan Haar: Hackers stole a disabled CT couple's SNAP food aid. Now they're out $1,373on May 15, 2024 at 2:00 am
Angela Daniel, a New Britain grandmother, had her federal food aid benefits hacked five times and is fighting a limit on reimbursements.
- Why are food delivery accounts extremely attractive to hackers?on May 14, 2024 at 2:41 pm
Hackers are hungry to get into food delivery accounts. New data from Sift found that 20 percent of food delivery accounts have been targeted by hacking attempts. That’s compared to an average of 2.5 ...
- Hackers really, really like trying to take over your food delivery appson May 14, 2024 at 10:05 am
One-fifth of food delivery accounts from services like DoorDash and Uber Eats have been targeted by hackers, Sift said — more than other industries.
- RSAC: 4 Things We Learned About AI, Hackers, and Securing Our Dataon May 14, 2024 at 7:34 am
Luminaries of the security industry converged on San Francisco for the RSA Conference this month to exchange ideas and examine the latest security technology. Surprise: AI had a starring role.
- Hackers hit another New Jersey school districton May 14, 2024 at 5:47 am
Major cyberattack targets Union Township School District, NJ. Superintendent Benaquista assessing damage as schools nationwide face rising ransomware threats.
- Russia directing hackers to attack UK and west, says director of GCHQon May 14, 2024 at 5:12 am
Anne Keast-Butler ‘increasingly concerned’ by growing links between Russia and proxy hacker groups that pose risk to UK ...
via Bing News