A Quick Tour Of Cybercrime’s Underground

Uploaded on 2017-03-27 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

One of the strange features of cybercrime is how much of it is public. A quick search will turn up forums and sites where stolen goods, credit cards and data are openly traded. But a glance into those places may not give you much idea about what is going on.

"Everyone can join as long as you speak Russian," said Anton, a malware researcher at security firm SentinelOne, who has inhabited this underground world for more than 20 years.

"By Russian I mean the USSR, so there is Ukrainians, there is Kazakhstan, there is Belarus. The Romanians are doing all the dirty work like spam and maintenance so they are not really involved in developing malware," he said. "But, today, is it mainly Russian? Yes."

Those vibrant underground marketplaces have a long history and Anton adds that he tracks the malware makers to gain insights into what they might do next.

Analysis

Tony Rowan, chief security consultant at SentinelOne, which employs Anton to log what happens on crime forums and dark web marketplaces.

"It gives us an insight into the directions these communities are taking.

"We have to monitor these to understand what they are doing, the success they are having and what they are about to do next.

"You have to be prepared rather than just sit back and wait for it to happen to you. It's essential for us to have this kind of contact because without it we are blind."

Rick Holland, strategy head at security firm Digital Shadows, which tracks online hacker groups.  "There's a lot of criminality going on in the open web, particularly when you get into the Russian federation. They do not need to be on the dark web. Some are quite brazen and quite public whereas others have a much higher level of operational security.

"If we are tracking a criminal location and we find chatter about our clients that can be of value," he said. "In the longer term it's what's coming over the horizon. What are they dialing-up next?

"It's not trivial to do something like that, it's definitely not easy to do although I think there's definitely value in working out what they are doing."

The underground changed after the millennium turned and e-commerce took off. Forums popped up that talked about how to cash in via spam, phishing, malware and web attacks.

There was another big shift in 2007-08, said Anton, as the criminals sought a way to fleece people that gave better returns than the cruder techniques. The first wave, which started the modern era of cybercrime, used fake anti-virus software.

"They installed some really, really poorly written software on your machine," he said, explaining the scam. "It looked like anti-virus but it actually does nothing.

"It tells you: 'We just scanned your PC and we have found many problems. You need to fix it now, you need to buy this software. It only costs $35-40 (£28-32)'," he said.

This worked better than earlier scams, said Anton, but it took a lot of effort to catch people out and get them to pay.

Often, he said, when people paid via a credit card they reversed the transaction once they found out they had been tricked. Conversion rates, meaning the number of victims who handed over cash, stayed low.

"This meant they must do something better, something more scary."

Frightened people pay up, said Anton, adding that this drove the next evolution: lockers. "What they do is they attack your browser and put up a big page on your main desktop, saying you were found with illegal child pornography or something very, very scary," he said.

"People got afraid saying 'OK, maybe one of my kids did it, maybe, I'm not sure, I'll pay',".

The one-page attacks asked for more money, up to $200 (£160), and proved so successful that many police forces issued warnings that urged people not to pay.

The success, and also the publicity, forced the next stage of crime-ware - ransomware, Anton explained. "I call it an evolution because the same people that did the fake anti-virus before are doing ransomware now. And they were doing the fake police page in the years between 2010 and 2013," he said.

Ransomware has the best conversion rate, he said, because victims cannot ignore its effects.

"It's real damage so that you can see that your files are no longer working. And that's the best proof for the user that he must pay," he said.

Never Stop

Its rise has also been helped by the advent of virtual currency Bitcoin, because it has few of the drawbacks of credit cards or other payment systems.

"Today you cannot talk about ransomware without mentioning Bitcoin because that's what made this evolution come," said Anton.

The damage is not just limited to the amount people pay. Estimates from the FBI suggest that the 992 cases of ransomware carrier Cryptowall reported during a 14-month period cost victims $18m (£14.4m). Some of the cost was in the ransom, up to $10,000 (£8,000), but this was multiplied by lost productivity, legal fees and work done to remove the infections.

It is popular, he said, because of another shift in the way that the underground is organised. In the past the groups writing the malware sent the spam, analysed the results and fleeced the victims. Not any more, he said. Now, many groups writing ransomware run it as a service.

"They will give you the software with your affiliate ID so if you spread it they will know that it's from you and you will get a payout," he said. "You will get 70% and they will get the 30% out of each payment."

Competition among ransomware writers means some other groups give better returns.

But, he said, those groups may be producing poorly-written malware that struggles to get past the digital defences people and businesses use.

The evolution of the underground has hit a peak with ransomware and Bitcoin, said Anton, and their combined success has kicked off a gold rush.

"It's getting more and more people attracted to it, like from the criminal side. More and more people are starting to spread it."

They will not stop, either, he said. "I think if you get easy money and it just keeps coming, why not continue it, right? It's obvious."

BBC

UK Fraud Hits £1.1bn As Cyber Crime Soars:

The Dark Web Is Hidden In Plain Sight:

 

 

« Flight Ban On Laptops 'sparked by IS threat'
Security & Encryption After Edward Snowden »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Juniper Networks

Juniper Networks

Juniper Networks is the industry leader in network innovation. We provide network infrastructure and network security solutions.

SecDev

SecDev

SecDev is a consulting firm working at the intersection of geopolitical, digital, urban, energy and cyber risk.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Industry IoT Consortium (IIC)

Industry IoT Consortium (IIC)

The Industry IoT Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Cambridge International Systems

Cambridge International Systems

For more than 25 years, Cambridge has been fighting bad actors in both the cyber and physical worlds.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.