Full Report
The cost to hire a hacker can be incredibly cheap. Use this cybersecurity guide to learn about the major activities of hackers.
Analysis Summary
# Main Topic
The low and often surprisingly cheap cost of hiring hackers for various illicit activities available on the Dark Web, demonstrating the accessibility of cybercrime services.
## Key Points
- Hacker-for-hire services are abundant on the Dark Web, often utilizing cryptocurrency for anonymous payments.
- The cost structure for services varies, including flat rates, hourly rates, or monthly retainers.
- Services range from technical attacks (DDoS) to personal sabotage and academic fraud.
- Research from Crowe and Avast highlights the scale of the Dark Web marketplace, indicating ease of recruitment.
## Threat Actors
- **General Hackers for Hire:** Individuals or groups offering specialized cyber services for payment. (No specific named threat actor groups were attributed to the services discussed.)
- **Motivation:** Financial gain, servicing client requests (e.g., revenge, sabotage, cheating).
## TTPs
The document outlines several types of services offered by these actors:
- **Distributed Denial-of-Service (DDoS) Attacks:** Ranging from targeting unprotected websites (10-50k requests/sec for 1 hour) to premium protected sites for 24 hours.
- **Search Engine Manipulation:** Changing search result rankings (raising or lowering site rankings).
- **Content Removal:** Removing user-posted content from social networks.
- **Website Security Audits:** Identifying and potentially exploiting vulnerabilities.
- **Personal Attacks/Defamation:** Actions resulting in financial sabotage, legal trouble, or public defamation. A tactic mentioned includes framing a victim as a buyer of child pornography.
- **Credential/Information Theft:** Gaining access to personal information, addresses, phone numbers, emails, and relatives' names.
- **Academic System Intrusions:** Hacking into school/university databases to alter grades or steal exam answers.
- **Attacking Scammers:** Although less common, some offer "scammer revenge" or "fraud tracking."
## Affected Systems
- Websites (protected and unprotected)
- Social Network platforms (for content removal)
- School/University Grading Software Databases
- General Personal Information Databases/Records
## Mitigations
- **Vigilance:** Individuals and businesses must remain constantly vigilant regarding the dangers posed by low-cost hacking services.
- **Information Monitoring:** Monitor resources like the Dark Web Price Index to track trends in attack pricing and services.
- **Employee Awareness Training:** Implement cybersecurity awareness programs for personnel.
- **Robust Antivirus Measures:** Deploy and maintain strong endpoint protection solutions.
- **Penetration Testing:** Proactively conduct penetration testing to identify and remediate organizational vulnerabilities.
- **Ethical Hacking:** Employ ethical hackers to simulate attacks and secure systems before malicious actors exploit weaknesses.
## Conclusion
The accessibility and low entry cost for hiring hackers represent a significant and pervasive threat, requiring organizations and individuals to adopt a multi-layered and proactive defense strategy focused on awareness, technical hardening, and continuous validation of security posture.