So a RIG manager sells the exploits both directly and to other resellers for a variety of prices.
The resellers then also sell to other hackers, likely for a higher price.
Mador explained that it's "very difficult to get in" to these forums.
Trustwave's VP of Security Research Ziv Mador has put together a presentation he gives to customers so they can get a better handle on how to protect themselves.
As he put it, it's just a "glance of what we find." But Mador has given Business Insider an exclusive look at the wheeling and dealing of hackers inside this secretive world — check it out below.
Much like the fine-tuned systems of mafias and gangs that act almost identically to businesses, hackers have also created their own extremely intricate systems — and the scale of their operations is astounding.
And how do hackers carry out their internal dealings with one another so as not to step on each other's toes?
So a hacker can rent the use of this kit for either a day, a week or a month, from anywhere from to 0.
0 may seem like a lot, but Mador assures us "it's really not a big expense." RIG's business model operates much like retail does, with a warehouse and resellers.The advertisement is written in Russian, but Trustwave translated the important parts.For instance, RIG brags that its exploit has the "ability to exploit large volumes of traffic." The pricing of these exploit kits are based on rental fees.Or, as Mador puts it, an "invisible web application that uses a cocktail of exploits." Exploit kits have become preferred by cybercriminals because of their heightened success rate.Before, an average of 10% of users were successfully hacked, but with new and better exploit kits being made the success rate has risen to as much as 40%.The information security company Trustwave has been doing just this for years.