Cyber criminals are using black markets to generate new business opportunities by selling access to compromised PCs, Cybereason CISO Israel Barak told ThreatPost.
“Multiple cybercrime organizations have diversified their business by selling compromised machines or compromised corporate assets on black market platforms,” Barak told the news site.
Attackers who specialize in commodity threats like click-fraud programs have discovered that access to the infected machines can be sold as a resource, explained Barak, who also presented a talk at Black Hat on the same topic.
Barak also explained the economics behind this new development. PCs that are infected with the right kind of programs, such as point-of-sale software, can sell for $1,000 per machine compared to a basic PC, which is priced around $10. Criminals can search black markets like xDedic for machines from specific verticals, geographies and processing abilities, among other search variables, he said.
Cybereason has found that approximately 100,000 computers are for sale on underground markets and that there are around a dozen of these platforms earning between $150,000 and $250,000 per day on these transactions.
“Crooks selling time on hijacked PCs for DDoS attacks and Bitcoin mining used to sell batches of a 1,000 PCs for $200 a day. By linking up with a platform such as xDedic they can sell each machine for $10 to $1,000,” Barak said to ThreatPost.