{"uuid": "5812b9f3-ae7a-4832-a717-58182e0defb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/15024", "content": "http://feedproxy.google.com/~r/Securityweek/~3/XBNDgTtf0k8/you-can-ddos-organization-just-10-hour-cybercrime-report\n\nThe cost of having an organization targeted by a distributed denial of service (DDoS) attack for an hour is as low as $10, cybersecurity firm Armor says.\nThe low cost of launching such attacks results from the proliferation of cybercrime-as-a-service, one of the most profitable business models adopted by cybercriminals over the past years. It allows criminals-wannabe to employ the resources of established cybercriminals for their nefarious purposes, including malware distribution, DDoS-ing, spam, and more. \nAll that miscreants have to do is to access underground markets or forums and hire the desired cybercrime service to conduct the malicious actions for them. And while the incurred financial losses total billions or even more for affected organizations, the price of hiring such a service is highly affordable to anyone. \nAccording to Armor\u2019s The Black Market Report (https://event.on24.com/wcc/r/1630121/C5E9D26D11A30024CBB36E365850C694?partnerref=news): A Look into the Dark Web (PDF), anyone can DDoS an organization for only $10 an hour or $200 per day. Remote Desktop Protocol (RDP) access for a system for three months costs only $35. \nThe data was collected through the analysis of dozens of online underground markets and forums during the fourth quarter of 2017 and reveals a slight increase in prices compared to a couple of years ago. Considering how powerful DDoS attacks have become lately, however, the cost of launching an attack remains incredibly low.\nDDoS-for-hire services, however, are only one example of how cheap cybercrime services are on the dark web. The Disdain exploit kit could be rented for $80 a day, $500 a week or $1,400 a month, Armor has discovered. A botnet capable of webinject and other nefarious actions was available at $750 or $1,200 a month, with support available at an extra $100 or $150 a month.\n\u201cWhen source code is offered, there is a trend toward offloading risk by selling malware or exploit code to someone else and then selling support as well. In the spirit of helping others, some sellers have taken to hawking hacker tutorials and known exploits in bundles at relatively low cost, most likely to low-skill hackers known as script kiddies,\u201d the security firm says. \nArmor's researchers found a Microsoft Office exploit builder targeting the CVE-2017-0199 vulnerability available at $1,000. A banking Trojan license, on the other hand, was available at $3,000 to $5,000, while a remote access Trojan was seen selling for $200. \nOn underground forums, buyers can also find code-signing certificates (a Class 3 code-signing certificate was selling for $400, while an Extended Validation (EV) certificate was offered for $2,500), account hacking programs (for as low as $12.99), WordPress exploits (at $100), password stealers ($50), Android malware loader ($1,500), ATM skimmers ($700 - $1,500), and various other tools as well. \nCredit card skimmers and magnetic stripe readers were found selling for as little as $700 and $450, respectively. Credit card data is available for purchase as well, with prices starting as low as $7 for US Visa cards. \nCard numbers sold with additional identifying information are a bit more expensive: $18 vs $10-$12 at the same vendor. Customers looking to verify the bank information number (BIN) may be charged as much as $15 for the operation, Armor has discovered. American Express and Discover card numbers were available at $12 to $17 with BIN verification. \nThe cost of credit card information was also influenced by the credit limit on the card: one with a $10,000 limit was available at $800, while another with a $15,000 limit was $1,000. Access to bank accounts too is priced in line with the available balance, ranging from $200 to $1,000 for accounts at Wells Fargo, JPMorgan Chase and Bank of America with balances between $3,000 and $15,000.", "creation_timestamp": "2018-03-22T18:34:43.000000Z"}