Cyber black markets have reached a very high level of maturity and growth, according to a new global report, sponsored by Juniper Networks and conducted by the RAND Corporation.
The hacker black markets may include organizations employing 70 to 80,000 people, have a global footprint and make hundreds of millions of dollars with their "business."
RAND's report, "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," indicates that these black markets, react to market forces such as supply and demand, and continue to evolve.
Criminal services can be purchased to launch elaborate and advanced attacks. Botnets available for $50 can launch a 24-hour Distributed Denial of Service (DDoS) attack.
"The security industry, government and legal communities must come together to establish new norms for how companies can more vigorously defend themselves against cyber-attacks," said Nawaf Bitar, senior vice president and general manager, security business, Juniper Networks. "We must address the root cause behind the accelerated maturation of the cyber-crime market - the very economics that drive its success."
Making personal connections
All thieves in the cyber black market use personal connections to get to the top so they can make more money in this business.
These players in the market follow rules that ban them from cheating their fellow businessmen. Those found to scam others are banned or removed from this organised market.
Those who are new or want to learn the game can use the resources on the black markets that teach to hack. Availability of instructions for exploit kits has helped increase entry into the hacker economy.
Digital crypto currencies are used for transactions in the cyber black markets such as Bitcoin, Pecunix, AlertPay, and PPcoin. RAND also found that cybercriminals from China specialize in intellectual property and are typically known for quantity in malware attacks.
"By disrupting the economics of hacking we can break the value chains that drive successful attacks. We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive," added Bitar. "By using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers. Active defense is a promising and exciting approach for addressing the rapidly evolving threat landscape."
Sign up for Computerworld eNewsletters.