Cyber black markets mature

Cyber black markets have reached a very high level of maturity and growth, according to a new global report, sponsored by Juniper Networks and conducted by the RAND Corporation.

The hacker black markets may include organizations employing 70 to 80,000 people, have a global footprint and make hundreds of millions of dollars with their "business."

RAND's report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," indicates that these black markets, react to market forces such as supply and demand, and continue to evolve.

Criminal services can be purchased to launch elaborate and advanced attacks. Botnets available for $50 can launch a 24-hour Distributed Denial of Service (DDoS) attack.

"The security industry, government and legal communities must come together to establish new norms for how companies can more vigorously defend themselves against cyber-attacks," said Nawaf Bitar, senior vice president and general manager, security business, Juniper Networks. "We must address the root cause behind the accelerated maturation of the cyber-crime market - the very economics that drive its success."

Making personal connections

All thieves in the cyber black market use personal connections to get to the top so they can make more money in this business.

These players in the market follow rules that ban them from cheating their fellow businessmen. Those found to scam others are banned or removed from this organised market.

Those who are new or want to learn the game can use the resources on the black markets that teach to hack. Availability of instructions for exploit kits has helped increase entry into the hacker economy.

Digital crypto currencies are used for transactions in the cyber black markets such as Bitcoin, Pecunix, AlertPay, and PPcoin. RAND also found that cybercriminals from China specialize in intellectual property and are typically known for quantity in malware attacks.

"By disrupting the economics of hacking we can break the value chains that drive successful attacks. We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive," added Bitar. "By using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers. Active defense is a promising and exciting approach for addressing the rapidly evolving threat landscape."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags securityRAND Corporation

More about Juniper NetworksJuniper Networks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anuradha Shukla

Latest Videos

More videos

Blog Posts