Zero-Day Exploits Provide an Inside Look at the Cybercriminal Black Market
The Cyber Black Market: While it sounds like something out of a cheesy Hollywood movie, it is a real and thriving commercial hub built on the trade of hacking tools. Almost daily, reports surface that new zero-day exploits are being bought and sold in the underground marketplace, with price tags that typically range from $50,000 to $200,000.
Our team at McAfee Labs pays close attention to these reports, because zero-day exploits are, by nature and by name, brand new – never before seen in the wild. This means that the attack occurs on day zero of awareness of the threat, and that developers have had zero days to address and patch the vulnerability. This leaves systems at risk until a security update can be released to users.
The Bigger Picture: A Web of Illegal Online Commerce
While a few recent exploits have certainly thrown the cyber black market into the spotlight, the concept is not new to those of us in the security industry. It’s no exaggeration to say that we’re looking at the next frontier of organized crime, quickly creeping up on the illicit drug trade as one of the most lucrative criminal enterprises in the world. In 2011 alone, the trade of personally identifiable information like credit card numbers, email addresses, and phone numbers, earned hackers a cool $388 billion.
Particularly in Russia, hackers can now make a substantial living by building and selling malicious software known as malware. Just how easy is it for bad guys to get their hands on dangerous material? You might be surprised. A basic Distributed Denial-of-Service (DDoS) attack, which can completely paralyze critical websites and computers, may cost just $10 per hour – about the same as a light lunch.
ZeuS, a notorious financial services Trojan, is also sold on the black market. It allows hackers to siphon off passwords or steal confidential documents for the low, low price of $300. Even inexperienced hackers can buy their way into the game by purchasing sophisticated tools from seasoned professionals. For just $200, Average Joe down the street could launch a large-scale email phishing scam to install malware on all his neighbors’ PCs.
And for those hackers on a budget, there are plenty of free tools available online for creating malware along with “How To” videos on YouTube.
The Good News: All is not lost!
Users at home can take a bite out of cyber crime. There are a few simple steps that can help keep your computer and personal information safe.
- Use Security Software. The most important thing you can do to keep your computer safe is to install and keep up to date security software, which will help protect your computer from viruses, spyware, Trojans and other malware. Programs like McAfee All Access can both scan and remove viruses on computer and mobile devices as well as monitor for suspicious activity.
- Update Often. Equally important is making sure ALL software on your computers and mobile devices are up-to-date. While it may be tempting to put off a download for another day, many hardware and software updates contain critical security patches.
- Use Safe Search. There are lots of products available to notify you that you are going to a website that likely has malicious software that can be downloaded to your computer. SiteAdvisor is a free tool from McAfee that color codes your search results and social media links to protect you from going to bad websites.
- Know what to do if your information is stolen. If you suspect that any of your confidential information is at risk, acting quickly is the best way to limit the damage. From monitoring your accounts for unusual activity to creating an Identity Theft Report in the case of a serious breach, the FTC has put together detailed guidelines to help users take a stand against cyber crime.
For more information on this topic and other cyber security trends, be sure to follow our team on Twitter with @McAfeeConsumer.