Black markets for cyber criminals are expanding and facilitating the development of cyber attacks against businesses and governments

Black markets for cyber criminals (darknets) are facilitating innovation and development of cyber attacks on businesses and governments, according to not-for-profit research organisation, RAND.

Greater anonymity capabilities in malware and a wider adoption of crypto-currencies, such as Bitcoin, will further support the lucrative underworld for hackers. As a result, experts predict the ability to stage a cyber attack will outpace the ability to defend against one.

RAND information systems analyst and lead author of RAND’s research report, Markets for Cybercrime Tools and Stolen Data, Lillian Ablon said: “What makes these black markets notable is their resilience and sophistication. Even though consumers and businesses have fortified their activities in reaction to security threats, cyber criminals have adapted.

“In certain respects, cyber crime can be more lucrative and easier to carry out than illegal drug trade.”

The report found hackers are trading the tools and spoils from online criminal activity such as malicious software that can create, distribute and manage attacks, and botnets, which are compromised or infected computers, controlled remotely.

Stolen data can also be purchased on darknets, as was the case in December 2013 when US retail giant, Target, found the data of approximately 40 million credit cards and 70 million user accounts available for purchase within days of it being stolen. Since the breach was discovered, a string of class action lawsuits have been filed against the retailer by affected banks and individuals.

RAND’s research involved more than two dozen interviews with cyber security and related experts, including academics, security researchers, news reporters, security vendors and law enforcement officials.

The report makes recommendations to fight the growth and success of cyber crime, including the exploration of lawfully counter-attacking hackers and buying back stolen data.