Skip to main content

Kaspersky finds botnet prices starting at $100 on dark web market

3 July 2024

Kaspersky Digital Footprint Intelligence experts analyzed botnet sales on the dark web and shadow Telegram channels, and discovered that attackers can acquire ready-made solutions starting at $99. Besides one-time purchases, botnets can be hired or acquired as leaked source code for a symbolic price. In some cases, custom botnet development is also available.

A botnet is a network of devices infected with malware, ranging from smart toothbrushes to advanced industrial internet devices that attackers use to organize automated mass attacks such as DDoS. “Mirai is one of the most infamous examples of a botnet. It scans the internet for IoT devices with weak default passwords, uses a set of known default credentials to gain access, and infects them. The infected devices then become part of the botnet, which can be controlled remotely to perform various types of cyberattacks,” explains Alisa Kulishenko, security analyst at Kaspersky Digital Footprint Intelligence.

Botnets like Mirai are created by cybercriminals to sell and have individually tailored infection processes, malware types, infrastructure, and evasion techniques. The fraudsters sell them to other criminals on the shadow market, with botnet prices depending on quality; this year the lowest offers started at $99 and the highest reached $10,000. 

bb

An example of a dark web offer featuring a botnet for sale

Botnets are also available for hire. Prices range from $30 to $4,800 per month. “Potential earnings from attacks using botnets for hire or sale can exceed the associated costs. They allow for activities such as illegal cryptocurrency mining or ransomware attacks, and more. Open sources report that an average ransom payment is two million U.S. dollars! In contrast, renting a botnet costs significantly less and can pay off with just one successful attack,” adds Alisa Kulishenko. Since the beginning of 2024, Kaspersky experts have observed more than 20 offers for botnets for hire or sale on dark web forums and Telegram channels.

Other options: leaked bots and custom development 

Besides purchasing a ready-made solution, there are cheaper ways for nefarious actors to access botnets. Just as legitimate data can be leaked, the source code of a botnet can also be publicly released by malicious actors. Access to this leaked source code can be obtained for free or a fee of $10 to $50, based on information from approximately 400 dark web and shadow Telegram posts observed since the beginning of 2024. However, leaked botnets are generally considered an option for less sophisticated actors, as they are more likely to be detected by security solutions.

A threat actor can commission a botnet to be developed from scratch. Development costs start at $3,000 and are not confined to any specific price range. “Most of these deals occur privately, through personal messages, and partners are typically chosen based on reputation, such as forum ratings,” elaborates Alisa Kulishenko. 

b

To avoid threats related to cybercriminal activities in the shadow internet, it is worth implementing the following security measures:

  • Use Kaspersky Digital Footprint Intelligence to help security analysts explore an adversary’s view of their company resources and promptly discover the potential attack vectors available to them. This also helps raise awareness about existing cybercriminals threats to adjust your defenses accordingly or take counter and elimination measures in a timely manner.
  • Choose a reliable endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.

Kaspersky finds botnet prices starting at $100 on dark web market

Kaspersky Digital Footprint Intelligence experts analyzed botnet sales on the dark web and shadow Telegram channels, and discovered that attackers can acquire ready-made solutions starting at $99. Besides one-time purchases, botnets can be hired or acquired as leaked source code for a symbolic price. In some cases, custom botnet development is also available.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases