Botnet sold from 100 dollars on the dark web

Experts at Kaspersky Digital Footprint Intelligence analysed botnet sales on the dark web and illegal Telegram channels and discovered that perpetrators can obtain ready-made solutions from as little as $99. In addition to individual purchases, botnets can be rented or acquired as leaked base code for a nominal price. In some cases, custom botnet development is also available.

"A botnet is a network of devices infected with malware, from smart toothbrushes to advanced industrial internet devices, which perpetrators use to orchestrate automated mass attacks such as DDoS. "Mirai is one of the most notorious examples of a botnet. It scans the internet for IoT devices with weak default passwords, uses a set of known default credentials to gain access and infects them. The infected devices then become part of the botnet, which can be remotely controlled to perform various types of cyberattacks," explains Alisa Kulishenko, security analyst at Kaspersky Digital Footprint Intelligence.

Botnets such as Mirai are created by cybercriminals to sell and distribute customised infection procedures, malware types, infrastructure and evasion techniques. The scammers sell them to other criminals on the illegal market, with botnet prices depending on quality; this year the lowest bids started at $99 and the highest bids reached $10,000.

Botnets are also available for rent. Prices range from $30 to $4,800 per month. "The potential profits from attacks using botnets for rent or sale can exceed the associated costs. They enable activities such as illegal cryptocurrency exploitation or ransomware attacks and more. Sources report that an average ransom payment amounts to two million dollars! In contrast, renting a botnet costs significantly less and can pay off with a single successful attack," adds Alisa Kulishenko. Since the beginning of 2024, Kaspersky experts have observed more than 20 offers for botnets for rent or sale on dark web forums and Telegram channels.

Other options: leaked bots and custom development

Apart from buying a ready-made solution, there are cheaper ways to access botnets from malicious actors. Just as legitimate data can be leaked, the source code of a botnet can also be made public by malicious actors. Access to this leaked code can be obtained for free or for a fee of $10 to $50, based on information from about 400 dark web and shadow Telegram posts observed since early 2024. However, leaked botnets are generally considered an option for less experienced actors, as they are more likely to be detected by security solutions.

A threat actor can take over the development of a botnet from scratch. Development costs start at $3,000 and are not limited to a specific price range. "Most of these deals are done privately, through personal messages, and partners are usually selected based on reputation, such as forum reviews," Alisa Kulishenko clarifies.

To avoid the threats associated with criminal cyber-attacks on the dark web, it is worth implementing the following security measures:

• Use Kaspersky Digital Footprint Intelligence to help security analysts explore an adversary's view of company resources and immediately discover the potential attack channels available to them. This also helps raise awareness of existing cybercriminal threats so you can adjust your defenses accordingly or take timely countermeasures and remediation measures.
• Choose a trusted endpoint security solution, such as Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection and anomaly checking capabilities for effective protection against known and unknown threats.