[BreachExchange] Hackers charge big bucks for stolen Aussie creds

Inga Goddijn inga at riskbasedsecurity.com
Wed Apr 6 16:31:24 EDT 2016


http://www.itnews.com.au/news/hackers-charge-big-bucks-for-stolen-aussie-creds-417823

Stolen Australian information for credit and debit cards and bank accounts
is growing in value in underground markets, according to a report by
security vendor Dell Secureworks.

Illict trading in digital credentials is thriving in 2016, the annual
'underground
hacker markets report
<https://www.secureworks.com/resources/rp-2016-underground-hacker-marketplace-report>'
has found, to the point where sellers are offering purchaser satisfaction
guarantees.

Credentials for Australian accounts held with ANZ Bank with balances of
US$18,000 (A$23,827), US$22,000 and US$62,567 were on sale for US$2250,
US$3800 and US$4750 respectively.

In comparison, American bank accounts with balances between US$1000 and
US$15,000 can be bought for US$40 to US$500, Secureworks said.

The cost of MasterCard and Visa cards with magnetic strip data went up to
US$25 compared to US$19-US$20 last year, with premium cards costing US$35
each.

Purloined credit and debit cards from European Union countries were the
dearest at US$40 each this year, and Japanese and Asian Visa and
MasterCards almost doubled in price to US$50 - in comparison, United States
cards commanded lower prices, US$7 to US$30 depending on type.

What the security vendor terms as "hacking services" have largely dropped
substantially in price.

Globally, hourly rates for denial of service attacks to disrupt networks
have gone up, costing US$5 to US$10 per hour, or double that of last year,
Secureworks said.

Longer attacks have halved in price, however, with day-long network
flooding going for US$30-US$55, and weekly runs for US$200 to US$555.

The report focused mainly on Russian and on English-speaking marketplaces
between the third quarter of last year, and the first quarter of 2016.

Beyond stolen account and credit card credentials, the underground
marketplaces also trade in identity documents such as social security
cards, driver's licenses and passports.

Counterfeit EU passports cost between US$1200 to US$3000, whereas United
States documents can be priced as much as US$10,000, Secureworks said.
Templates for US passports go for US$100 to US$300, with buyers having to
find their own printers to produce the identity documents.

Traders in stolen digital data appeared to be confident in their ability to
deliver the goods with impunity, with many advertising customer
satisfaction guarantees and payments being held in escrow until both
parties were happy with transactions.

'Try before you buy' attacks on webservers and networks are also available,
along with discounts for regular customers.

Hackers similarly offer to break into email accounts, with account details
for corporate mailboxes going for US$500 - four times as much as for
personal email accounts.

Malware such as remote access trojan horses, crypters and the Angler
Exploit Kit are also being traded in underground forums.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160406/132beb64/attachment-0001.html>


More information about the BreachExchange mailing list