Potential dangers in e-commerce

Among the various illegal products sold on the dark web, some of the most notable are services for hackers to try malware or denial of service (DDOS) attacks, which can cause large-scale online traffic disruptions and website outages. A June 2022 study found that a high-quality malware attack can sell for $5,500 per 1,000 installations on a dark market or vendor. Conversely, a DDOS attack on an unprotected website that lasts for a month has an average price of $850.

As of November 2021, Dark0de, Torrez, and OpenRoad are the darknet markets with the most listings. Dark0de offers over 69,100, while Torrez offers approximately 57,300. A dark market is an online marketplace that operates on the dark web.

Dark0de is one of the darknet markets with the most fraudulent resources. As of November 2021, nearly 23% of listings offer illegal products or services involving fraudulent methods, bank account logins, stolen identities, counterfeit money, etc. On the Torrez site, fraudulent resources account for 14.5% of the total.

On these markets, darknet sellers offer stolen passports in physical format, which can go for $6,500 if they are Maltese citizens, and around $3,800 if they are EU passports such as France, the Netherlands, Poland or Lithuania. Other illegal digital products for sale include hacked social media accounts and social media followers, which can go for as little as $4 per 1,000 followers on Instagram or Twitch, credit card details, e-wallets and cryptocurrency verified accounts, and many other types of hacked accounts. The list of products available on the darknet is endless.

Major e-commerce platforms, including some of the world’s highest-grossing companies, are perfect targets for threat actors in all parts of the web. One of the strategies fraudsters use to cash in on the good name of legitimate online retailers and marketplaces is called “domain spoofing.” It involves creating a website that resembles some of the most established brands on the market, mimicking their domain names to gain access to information from unsuspecting customers. Chinese platforms Taobao and Alibaba were found to be among the most spoofed e-commerce domains in the world, with nearly 5,000 fake websites each.

To operate, e-commerce companies store databases and intranets on the deep web. Hackers may find vulnerabilities in these repositories and illegally retrieve private data, such as administrator logins, to exploit themselves or sell on the dark web. By the end of 2022, companies such as Wayfair or Aliexpress had more than 4,000 employee credentials leaked in the deep web. By tracking mentions of their brands on the deep web, e-commerce companies can monitor the interest of dark agents in hacker forums and implement countermeasures to prevent future data breaches and other cybersecurity threats.