RAND has published an interesting report on the cybersecurity black market. This report “Markets for Cybercrime Tools and Stolen Data” was sponsored by Juniper . (direct link to pdf).
This report is good reading for any security professional, worth to have a look!
Some highlights from the report
The hacker market has emerged as a playground of financially driven, highly organized, and sophisticated groups.
Black markets are organized and run for the purpose of cybercrime; they deal in exploit kits, botnets, Distributed Denial of Service (DDoS), attack
services, and the fruits of crime (e.g., stolen credit card numbers, compromised hosts).Gray markets, by our definition, are limited to the exchange of vulnerabilities and exploits, the dis-covery and development of which are not illegal per se (legitimate companies, for instance, often pay for information about vulnerabilities in their own products), but can nevertheless be troubling because they also complicate the life of system defenders.
Products include both goods (hacking tools, digital assets) and services (as-a-service hacking, digital asset handling).
The black market can be more profitable than the illegal drug trade: Links to end-users are more direct, and because worldwide distribution is accomplished electronically, the requirements are negligible.
Links
- Juniper page, including link to webinar
- Webinar Insight Into the World of Hacker Economics