A Banking Trojan License Available for $3,000–$5,000: Recorded Future Research Reveals
On Nov 2, Andrei Barysevich, Director of Advanced Collection at Recorded Future - an organization delivering contextualized threat intelligence in real time, wrote an interesing blog titled: "Dissecting the Cosst of Cybercriminal Operations."
It's both interesting and scary how every cybercrime activity can be sold and bought so openly. The Executive Summary of the blog is below and to read the entire blog, click on the link provided in the end of the blog:
Everything has its price on dark web, and almost anything can be sold or bought openly. Although sometimes it seems that to succeed in cybercrime, a person must be a Jack of all trades, in reality almost every criminal endeavor requires various tools and services provided by a network other members.
The cybercriminal underground is quite verticalized, with threat actors specializing in particular areas of expertise. It is this distribution of expertise that contributes to the underground market’s resiliency. Similar to drug cartels, once you remove one threat actor or forum, rivals will immediately take its place. As a result, to kickstart a campaign and move beyond a concept to the final execution and substantial profit, a puzzle game has to be completed first.
Some interesting and startling facts for your consideration are:
- A banking trojan license is one of the most expensive elements of a cybercriminal campaign and can be obtained from professional malware developers for $3,000–$5,000.
- Then to intercept banking credentials, web-injects for each target financial institution have to be acquired separately and can cost anywhere between $150–$1,000 per set. In the past year, we’ve seen a significant increase in the cost of web-injects targeting Canadian institutions, offered at the upper-level of the price spectrum, while the cost of malware targeting U.S.-based banks has remained the same.
- To maintain consistent visibility into the entire operation and to control an infected network of computers, bulletproof hosting in one of the unfriendly jurisdictions in China, the Middle East, or Eastern Europe is required. Monthly rental of a web-server in a datacenter favorable to criminal activity will usually cost $150–$200.
- To ensure the consistent payload delivery, and to remain undetected by antivirus products, the executable file must be “cleaned” and obfuscated daily and in the case of a very large-scale operation, several times a day. Such services are available for $20–$50 per single payload obfuscation; however, lower prices can be negotiated for large-volume orders.
- Steady web traffic redirected to the infected resource or email spam campaign are two primary delivery vehicles of malicious payloads. While it’s going to cost $15–$50 to get a thousand unsuspecting people to visit the infected web page, professional spam operators will charge $400 per million of successfully delivered emails.
- Once the malware is successfully planted and banking credentials intercepted, the perpetrator has to work with a chain of mule handlers and money-laundering intermediaries to receive a final pay-off. A money launderer with a stellar reputation and is capable of quick turnaround, will charge a hefty 50-60 percent commission from each payment transferred from a victim’s account. In some cases, an additional 5-10 percent commission might be required to launder the funds and deliver it to the main operator via preferred payment method, such as bitcoin, Web Money, or the Western Union.
To read the full blog CLICK HERE