Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
According to Flashpoint’s annual research of the pricing trends seen on dark web marketplaces, a wide gamut of tools and service offerings are available for sale at an affordable cost. Last year’s dark web crime statistics revealed that dark web activity has increased by 300% since 2017. This is encouraging entry-level and intermediate hackers to conduct new attacks.
From ransomware exploit kits and legacy ransomware bundles to tailored phishing pages and RDP server access — the dark web marketplace is thriving as bad actors look for software and programs to commit fraud and cybercrime.
Dark Web Hacking Tools
Exploit kits for phishing, ransomware and others
During their research, Flashpoint researchers found various types of prepackaged exploit kits being sold on the marketplace. These automated tools allow hackers to first exploit websites and compromise visitors’ browsers to carry out their attacks. Below are the kits getting a regular stream of new listings.
Ransomware exploit kit
The cheapest among the lot, the ransomware exploit kit allows hackers to exploit known vulnerabilities in applications or systems. A hacker can use them to secretly launch attacks as victims are surfing the web to inject and execute some form of ransomware. Most ransomware exploit kits rely on an array of unique code obfuscation techniques to escape detection.
Legacy ransomware (bundle of 9 types)
Certain dark web sellers are also offering potent forms of ransomware in a bundle deal. These bundles contain some of the most dangerous file-encrypting malware that has terrorized companies in the past, like SamSam, XiaoBa, Satan, Maniber and more. And besides ransomware, the bundles include tutorials and guides on how to conduct attacks and even exploit specific vulnerabilities.
Tailored phishing page with tutorial
The name says it all. Hackers get a tutorial for creating a custom phishing page based on their target’s preferences. Victims are redirected to these pages by sending links and provoking them to click on the URLs. The hack intends to steal banking credentials, account passwords and other confidential information.
Office 365 exploit kit
This is the most expensive exploit kit on the dark web marketplace, and it’s easy to understand why. Being one of Microsoft’s most ubiquitous business products, Office 365 is protected by a range of advanced security technologies that are hard to exploit. As such, kits capable of crippling Office 365 defenses are classified as “premium” and often priced higher than other exploits. The kits typically work by setting up a phishing page or exploiting vulnerabilities in the Office 365 web portal.
DDoS-for-hire
The growth of DDoS-for-hire services comes at a time when distributed-denial-of-service attacks are becoming difficult to defend against. Considering how these services are priced (typically in the range of $20-$100 per day based on duration and bandwidth requirements), many hackers can afford to invest in them to cripple the defenses of their target organization.
The upper-tier DDoS-for-hire services include taking down larger websites via custom-crafting, which is necessary due to the widespread use of CDNs and DDoS protection improvements. In terms of popularity, DDoS-for-hire services that charge hourly rates take the top spot. Although booters remain prevalent, the need for customization and real-time support makes subscription choices more attractive to buyers.
Buyers can also purchase advanced DDOS-for-hire services that utilize scripts to bypass private OVH and Cloudflare implementations. And a fully managed package is also available for $165.
RDP with server access
Remote desktop protocol (RDP) clients and server software are also in demand. Attackers can use them to execute various attacks, including payment fraud, ATOs (account takeover attacks) and remain undetected while conducting their surveillance on security researchers and law enforcement agencies. Here’s a list of RDP clients and server access sold on the dark web.
Bank drop RDP via PayPal
Bank drops, or fraudulent bank accounts made using stolen credentials, have been used to support cash-outs and other fraud schemes in the past. Bank Drop RDP via PayPal is an exploit created using a clean RDP linked to a verified PayPal account. Hackers can use it to bypass the stringiest security measures banks have in place, with the PayPal account acting as a catalyst for account checks and other verification.
Hacked RDP
Some RDP sale items also include compromised RDP, which are predominately ports from infiltrated servers. Hackers can leverage these ports to move laterally across an organization’s network. Ports become vulnerable when they’re left open due to misconfigurations or oversight. And it doesn’t help that companies often leave RDP passwords as standard.
RDP, country-specific
Country-specific RDP can help hackers bypass geo-blocking and carry out attacks on local organizations and governments. Flashpoint pricing analysis revealed that these RDPs go for $26 and are helpful in specific cybercrime groups.
RDP global admin access
The least expensive RDP on the list is one with global admin access. Hackers can use this to steal the sensitive data of multiple private and public organizations. As the findings from Flashpoint’s research indicate, data like bank logs, payment card information and digital copies of government-issued IDs carry a decent price tag. Hackers can list the spoofed credentials on the dark web or even hold them and demand ransom from victim organizations.
Hands-on threat intel training
Learning about dark web hacking tools
As we have seen, the dark web marketplace is home to numerous tools that a hacker can purchase to carry out attacks. The information about dark web hacking tools is extremely valuable for law enforcement and companies who constantly strive to improve their security defenses. Additionally, pentesters can use this list to conduct ethical white hat hacking so that they can see vulnerabilities from a hacker’s point of view and address them before they’re exploited.
References
In this Series
- Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
- Dependency confusion: Compromising the supply chain
- BendyBear: A shellcode attack used for cyberespionage
- ATP group MontysThree uses MT3 toolset in industrial cyberespionage
- BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs
- Top 9 cybercrime tactics, techniques and trends in 2020: A recap
- KashmirBlack botnet targets WordPress, Joomla and other popular CMS platforms
- BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group
- Linux security and APTs: Identifying threats and reducing risk
- Top 6 ransomware strains to watch out for in 2020
- 2020 Verizon data breach investigations report: Summary and key findings for security professionals
- How hackers use CAPTCHA to evade automated detection
- The State of Ransomware 2020: Key findings from Sophos & Malwarebytes
- Dark web fraud: How-to guides make cybercrime too easy
- Top 6 malware strains to watch out for in 2020
- Top Cybersecurity Predictions for 2020
- Malware spotlight: What is click fraud?
- What does dark web monitoring really do?
- ThreatMetrix Cybercrime Report: An interview
- Are dark web monitoring services worth it?
- Cybercrime and the underground market [Updated 2019]
- Verizon DBIR 2019 analysis
- Common causes of large breaches (Q1 2019)
- The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide
- Russian Cyberspies Target 2018 U.S. Midterm Elections
- The Increasing Threat of Banking Trojans and Cryptojacking
- Leaders’ Meetings: A Privileged Target for Hackers
- Fraud as a Service (FaaS): Everything You Need to Know
- All about SamSam Ransomware
- The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware
- Mechanics Behind Ransomware-as-a-Service
- The Art of Fileless Malware
- ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS
- Which Are the Most Exploited Flaws by Cybercriminal Organizations?
- 5 New Threats Every Organization Should be Prepared for in 2018
- Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever
- Open source threat intelligence tools & techniques
- Global Cost of Cybercrime on the Rise
- An Enterprise Guide to Using Threat Intelligence for Cyber Defense
- The Five Largest Ransomware Attacks of 2017
- Intellectual Property Crimes in the Dark Web
- Top 5 Smartest Malware Programs
- Is Russian Intelligence Using Tainted Software to Access Corporate and Government Networks?
- Vault 7 Leaks: Inside the CIA's Secret Kingdom (July-August 07)
- DragonFly 2.0: The Alleged Nation-State Actor Hits the Energy Sector Again
- Russian APT Groups Continue Their Stealthy Operations
- Massive Petya Attack: Cybercrime or Information Warfare?
- SAP SECURITY FOR CISO: SAP Attacks and Incidents
- Role of Threat Intelligence in Business World
- WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community
- Past and Present Iran-linked Cyber-Espionage Operations
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Threat Intelligence
Threat Intelligence
Threat Intelligence
ATP group MontysThree uses MT3 toolset in industrial cyberespionage