Cyber criminals are selling everything from personal identities to stolen financial data, according to a new report from Intel Security, with UK banking credentials are sold for as little as $20 (£12) on the dark web.
The Hidden Data Economy report (PDF) analysed the popularity of cybercrime-as-a-service and how criminals exploit the anonymity provided by Tor to spread products and services.
The team at Intel Security examined how the underground marketplaces are structured by analysing the price and availability of stolen credit and debit card details, banking credentials, personal identity information and even media subscription log-ins.
The theft of financial information remains one of the most lucrative options for cyber criminals, according to the report, and the average price for stolen UK credit and debit details ranges from $20 to $35.
The report stressed that the figures are estimates, but said that the average cost of online payment service account details is $200 to $300 for an account containing $5,000 to $8,000.
However, it is perhaps the sale of personal identity information that is of most concern. This information often includes names, addresses, email accounts and an extensive list of social media log-ins.
"A prospective buyer could take control of this individual's digital life: social media, email and more," the report said.
Interestingly, Intel Security revealed that cyber criminals now use legitimate web platforms to advertise products such as YouTube.
"Sellers who employ sophisticated sales and marketing efforts are leveraging YouTube to advertise their wares to potential customers," the report said.
"The videos often attempt to provide some degree of visual confirmation for prospective buyers that they can be trusted, although such approaches can backfire through comments associated with the videos."
Raj Samani, chief technical officer for Intel Security EMEA, explained that the cybercrime ecosystem has evolved quickly over the years.
"This cybercrime-as-a-service marketplace has been a primary driver for the explosion in the size, frequency and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay," he said.
Sean Sullivan, security advisor at F-Secure, told V3 there are two types of dark web market: anonymous user-based markets on the open web, and hidden service marketplaces accessible via technologies such as Tor.
"There are criminal forums that exist on the open web if you know where to look. Their users operate via anonymous handles and they use a variety of proxies to make their connections. Everything from DDoS services to credit card dumps are available in such forums. The motive is profit," he said.
"Then there are hidden service marketplaces. You'll also find cybercrime services for sale on such markets. But in addition, a lot more real-world contraband can be purchased."
However, the use of Tor means that these underground markets are difficult to police.
"When selling digital cyber services, the buyers and sellers aim to be anonymous. When the marketplace focuses on real-world goods, it also attempts to hide the location of its server, as such knowledge can help law enforcement in its investigations," Sullivan said.
Catalin Cosoi, chief security strategist at Bitdefender, told V3 that because these services operate on paltforms like Tor they are difficult to identify.
"There is no constantly updated list of black market websites that can be accessed by newcomers. Instead, these URLs are usually passed down between criminals via forums or other such gathering places and have limited availability," he said.
"Consequently, law enforcement has a hard time finding these websites and catching/identifying the ones operating them."
Furthermore, Cosoi indicated that the scope of illegal operations on the dark web far surpasses financial and identity theft.
"Some of the most common items that are sold on the dark web involve drugs, weapons and even criminal services such as contract hitmen," he told V3.
"An interesting aspect is that most of these websites have been known to have a great user interface, user reviews that offer insight into the quality of the products and of the vendor's services, and even customer support and home delivery."
The latest UK crime statistics revealed that that more than seven million frauds and cyber crimes are committed every year.
The findings come despite an overall decline in traditional crime by eight percent, suggesting that cybercrime has overtaken physical offences for the first time.
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
But there are three times as many CDOs as there were in 2014
Companies never used to hold big launch events to announce minor upgrades, did they?
Only 35 per cent of IT decision makers regularly review their data formats