Criminal black markets are complex and mirror free markets in their unprecedented levels of maturity and growth.
According to a report by RAND and Juniper, the black markets have significant levels of economic sophistication, reliability, accessibility and resilience in the products, distribution channels and actors involved.
The report claimed that the black markets are growing in size and complexity and the hacker market has emerged as a playground of financially driven, highly organised and sophisticated groups. “Understanding this market in its entirety is complicated by the fact that it is geographically spread out, diverse, segmented, and usually hidden under the cloak of darknets, anonymisation and cryptographic features,” the report said.
“What can be surmised from interviews with expert observers is that the hacker market poses a formidable challenge and an increasing threat to businesses, governments, and individuals operating in the digital world.”
It said that there there has been a steady increase in the availability of goods and services offered, from stolen records and exploit kits to “stolen-to-order” goods, such as intellectual property and zero-day vulnerabilities, while prices for credit cards are falling because the market is flooded with records, and botnets and DDoS capabilities are cheaper because so many more options are available.
The report found botnets, which can be used to launch a Distributed Denial of Service (DDoS) attack, are sold for as low as $50 for a 24-hour attack, while transactions are often conducted in digital currencies.
Also, RAND found many parts of the cyber black market are well structured, policed and have rules like a constitution. In addition, those who scam others are regularly banned or otherwise pushed off the market while “rippers”, who offer services but do not deliver, are common.
RAND found some organisations can reach 70 to 80,000 people, with a global footprint that brings in hundreds of millions of dollars.
Nawaf Bitar, senior vice president and general manager of the security business at Juniper Networks, said: “The security industry, government and legal communities must come together to establish new norms for how companies can more vigorously defend themselves against cyber-attacks. We must address the root cause behind the accelerated maturation of the cyber-crime market – the very economics that drive its success.
“By disrupting the economics of hacking we can break the value chains that drive successful attacks. We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive. By using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers.”
Charles Sweeney, CEO of Bloxx, said: “There can sometimes be the misconception that hackers are amateurs, simply out to ‘have a bit of fun.’ This report smashes that illusion into a million little pieces and brings home the harsh reality by demonstrating just how well organised and connected cyber criminals are.
They run their enterprises like high performing businesses, constantly innovating and looking for new exploits. And unlike many of the major economies around the world, theirs is one that is booming. We say this time and time again, but businesses absolutely cannot afford to be complacent because complacency is what fuels this underground online economy.”