Positive Technologies experts analyzed ten of the most active forums on the darknet, where services for hacking sites, buying and selling databases and access to web resources are presented. In total, more than 8,000 users are registered on these forums, more than 7,000,000 topics have been created, in which more than 80,000,000 messages have been published.
It turned out that in 90% of cases on the forums devoted to hacking sites, they are looking for an executor-hacker who can provide the customer with access to the resource or unload the user base. In 7% of entries, there are offers of services for cracking sites. The rest of the messages are aimed at promoting services and programs for hacking sites and finding like-minded people in hacking.
Service offers are advertisements posted by service owners and hacker groups. They cannot act as indicators of supply and demand, as they are often placed once. The amount of demand for the above services can be roughly judged only by individual requests from users who, for various reasons, did not use the information about the services offered.“Starting in March 2020, we have seen a growing interest in the topic of website hacking,” says Yana Yurakova, an analyst at Positive Technologies. – This is evidenced by the growth in the number of announcements on forums in the dark web. This trend could be caused by an increase in the number of companies represented on the Internet, which was provoked by the coronavirus pandemic. Organizations that previously worked in offline sites were forced to switch to the online format in order not to lose customers and profits, and cybercriminals could not help but take advantage of this situation. “
According to the study, in 69% of cases of hacking sites, the main goal is to gain access to a web resource. Attackers can not only steal confidential information, but also sell access to a web application to so-called buyers. In second place (21% of ads) in terms of popularity are requests aimed at obtaining databases of users or clients of the attacked resource: competitors and spammers are primarily interested in acquiring such information, who collect address lists for targeted thematic mailing targeted at a specific audience. According to the analysis, custom databases can cost up to $ 20,000.
Also, hack forums are sometimes looking for performers who can place malware on a web resource (4% of ads) and hack the site in order to remove certain data on it (3% of ads).
Among the sold and bought accesses, the sites of online stores are in high demand, the prices for access to which vary in the range from 50 to 2000 US dollars. According to experts, this is due to the fact that when paying for goods, the user enters his bank card details. Thus, it is enough for a hacker to inject malicious JavaScript on the site, which will intercept the information entered by the buyer and use the information received for personal gain. Another way to cash in on users is to get privileged access to the online store in order to place orders using the data of someone else’s bank cards or without paying for them at all.