Cyber Criminal Underground In The Deep Web

Uploaded on 2016-03-30 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A new interesting report published by the experts at TrendMicro highlights the differences between the principal underground ecosystems worldwide.

Thinking of a unique “global” underground ecosystem is an error, every community has its own characteristics, the criminal crews that compose it are specialized in the provisioning of specific product and services.

The researchers who analyzed illegal activities in the Deep Web have identified at least six different cybercriminal ecosystems operating in Russia, Japan, China, Germany, in the United States and Canada (North America), and Brazil.

“Each country’s market is as distinct as its culture. The Russian underground, for instance, can be likened to a well-functioning assembly line where each player has a role to play. It acts as the German market’s “big brother” as well in that it greatly influences how the latter works. The Chinese market, meanwhile, boasts of robust tool and hardware development, acting as a prototype hub for cybercriminal wannabes. Brazil is more focused on banking Trojans while Japan tends to be deliberately exclusive to members.” states the report.    

The last report published by TrendMicro explains the differences, revealing the peculiarity of the offer in each ecosystem.

“Cybercriminals from every corner of the world take advantage of the anonymity of the Web, particularly the Deep Web, to hide from the authorities. Infrastructure and skill differences affect how far into the Deep Web each underground market has gone. Chinese cybercriminals, for instance, do not rely on the Deep Web as much as their German and North American counterparts do. This could, however, be due to the fact that the “great firewall” of China prevents its citizens (even the tech-savviest of its cyber-crooks) from accessing the Deep Web. The fact that Germany and North America more strictly implement cybercrime laws may have something to do with their greater reliance on the Deep Web, too.”

The Russian underground is defined “a well-functioning assembly line,” it is an ecosystem crowded by professional sellers that competing each other by providing goods in the shortest amount of time and most efficient manner possible. Marketplaces like fe-ccshop.su and Rescator that offer products and services for credit card frauds are very popular in the criminal underground worldwide.

These markets offer escrowing services or “garants,” that make them an important aggregator for the criminal demand, offering them a privileged environment where operate anonymously.

The Japanese underground is characterized by members only bulletin board systems, the criminals make large use of special jargon to evade the authorities. This market is characterized by the attitude in accepting more unusual kinds of payment, including gift cards and forum points instead of bitcoins or cash paid via money transfer.

The Chinese underground is focused on the provisioning of hardware several illegal activities rapidly responding to the cybercriminal demand.

“The Chinese underground is a teeming hub of prototypes. It not only sells the usual array of software and services found in its counterparts, but also hardware. It adapts the fastest to the latest in cybercrime trends and leads the way in terms of cybercriminal innovation. And true to its adaptive nature, it now boasts of uncommon offerings like leaked-data search engine privacy protection services that can only be dubbed “made in China,” states the report.

The North American underground is considered the most open to novices, it is visible to both cybercriminals and law enforcement, meanwhile the Canadian underground is focused on the sale of fake/stolen documents and credentials (fake driver’s licenses and passports, stolen credit card and other banking information, and credit “fullz” or complete dumps of personal information).

Germany’s underground is a subsidiary of the Russian one, the market heavy rely on DarkNets, the most popular forums use mirrors on the Tor Network. Deep Web.

Let’s close with the Brazilian underground, which is characterized by the presence of youngsters with no regard for the law. They use the Surface Web, exploiting popular social media for their activities.
The key findings of the study highlights:

The Japanese underground is the only market that does not focus on traditional crimeware. This underground scene caters more to the taboo.

The German underground takes cues from the Russian market.
    
The Chinese underground serves as a hotbed for crimeware (particularly hardware) prototypes.
    
For more details on the criminal ecosystem in the Deep Web give a look to the report “Cybercrime and the Deep Web”

Security Affairs:  http://bit.ly/25ushAz

« Swedish Police Investigate Media Cyber-Attacks
Shopping List: Cybersecurity Acquisitions In 2016 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Cybero

Cybero

Cybero offers professional corporate cybersecurity training tailored to your business requirements.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.