This article is more than 1 year old

Malware targeting cash machines fetches top dollar on dark web

Demand massively outstrips supply, researchers find

The market for cyber criminal services on the dark web continues to thrive – demand for malware is running at around three times greater than the supply.

Positive Technologies experts analysed over 10,000 hack-for-hire and malware-related postings on dark web markets. The researchers examined the costs of cybercrime services and found that compromising a site and obtaining full control over a web application may cost a mere $150. The most expensive ready-to-use "package" was malware targeting ATMs, with prices starting at $1,500.

Pulling the plug

What can $10 stretch to these days? Lunch... or access to international airport security systems


The trend of multiple threat actors using the same malware is likely to complicate attribution of future attacks. The analysis included 25 dark web sites, in Russian and English, with a total registered user base of approximately three million. The researchers looked at the completeness of dark web offerings and whether the advertised tools and services would be enough for a real attack. In general the barrier to entry for would-be cybercrooks is falling. Miscreants do not require deep technical knowledge and any type of attack is now feasible given sufficient funding.

A targeted attack on an organisation, depending on difficulty, can cost more than $4,500.

The leading type of malware available was crypto-miners (20 per cent), followed by hacking utilities (19 per cent), botnet malware (14 per cent), Remote Access Trojans (12 per cent), and ransomware (12 per cent). The majority of malware demand (55 per cent) was for creation and distribution.

Researchers found that demand for malware creation outstrips supply by a factor of three, while demand for distribution is twice the supply. This mismatch has led to interest among criminals in new tools, which are becoming more readily available in the form of partner programmes that include "malware-as-a-service" and distribution-for-hire.

Most hack-for-hire requests involve finding site vulnerabilities (36 per cent) and obtaining email passwords (32 per cent). From sellers, the most commonly offered services are hacking social network accounts (33 per cent) and email (33 per cent). From a technical standpoint, hacks that allow miscreants to read the electronic correspondence of their targets are among the easiest for attackers to perform.

Defenders would be well advised to keep abreast of the trends and tools found on the dark web before they show up on client systems, hence the value in this kind of research.

A Royal Air Force MQ-9 Reaper drone. Crown copyright

US military manuals hawked on dark web after files left rattling in insecure FTP server


Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said: "It is important to take these findings into account when analysing the techniques and tactics used for any particular incident.

"Perhaps darkweb intelligence will even involve enabling preventive action, as increasing purchases of certain types of illegal software or services can indicate pending attacks."

In related news, security reviews site Top10VPN published a dark web market price index for hacking tools on Thursday.

It found wannabe fraudsters can get their hands on hacking tools on the dark web for little more than the cost of a takeaway coffee. Among the cheapest are phishing pages and other tools designed to exploit customers of brands such as Apple, PayPal, Facebook and Netflix, which typically go for £2 or less each.

The report added that even comprehensive hacking toolkits – giving rookies everything they need to start committing fraud – can be picked up for around £100. ®

More about

More about

More about


Send us news

Other stories you might like