Cyber Criminal Underground In The Deep Web
A new interesting report published by the experts at TrendMicro highlights the differences between the principal underground ecosystems worldwide.
Thinking of a unique “global” underground ecosystem is an error, every community has its own characteristics, the criminal crews that compose it are specialized in the provisioning of specific product and services.
The researchers who analyzed illegal activities in the Deep Web have identified at least six different cybercriminal ecosystems operating in Russia, Japan, China, Germany, in the United States and Canada (North America), and Brazil.
“Each country’s market is as distinct as its culture. The Russian underground, for instance, can be likened to a well-functioning assembly line where each player has a role to play. It acts as the German market’s “big brother” as well in that it greatly influences how the latter works. The Chinese market, meanwhile, boasts of robust tool and hardware development, acting as a prototype hub for cybercriminal wannabes. Brazil is more focused on banking Trojans while Japan tends to be deliberately exclusive to members.” states the report.
The last report published by TrendMicro explains the differences, revealing the peculiarity of the offer in each ecosystem.
“Cybercriminals from every corner of the world take advantage of the anonymity of the Web, particularly the Deep Web, to hide from the authorities. Infrastructure and skill differences affect how far into the Deep Web each underground market has gone. Chinese cybercriminals, for instance, do not rely on the Deep Web as much as their German and North American counterparts do. This could, however, be due to the fact that the “great firewall” of China prevents its citizens (even the tech-savviest of its cyber-crooks) from accessing the Deep Web. The fact that Germany and North America more strictly implement cybercrime laws may have something to do with their greater reliance on the Deep Web, too.”
The Russian underground is defined “a well-functioning assembly line,” it is an ecosystem crowded by professional sellers that competing each other by providing goods in the shortest amount of time and most efficient manner possible. Marketplaces like fe-ccshop.su and Rescator that offer products and services for credit card frauds are very popular in the criminal underground worldwide.
These markets offer escrowing services or “garants,” that make them an important aggregator for the criminal demand, offering them a privileged environment where operate anonymously.
The Japanese underground is characterized by members only bulletin board systems, the criminals make large use of special jargon to evade the authorities. This market is characterized by the attitude in accepting more unusual kinds of payment, including gift cards and forum points instead of bitcoins or cash paid via money transfer.
The Chinese underground is focused on the provisioning of hardware several illegal activities rapidly responding to the cybercriminal demand.
“The Chinese underground is a teeming hub of prototypes. It not only sells the usual array of software and services found in its counterparts, but also hardware. It adapts the fastest to the latest in cybercrime trends and leads the way in terms of cybercriminal innovation. And true to its adaptive nature, it now boasts of uncommon offerings like leaked-data search engine privacy protection services that can only be dubbed “made in China,” states the report.
The North American underground is considered the most open to novices, it is visible to both cybercriminals and law enforcement, meanwhile the Canadian underground is focused on the sale of fake/stolen documents and credentials (fake driver’s licenses and passports, stolen credit card and other banking information, and credit “fullz” or complete dumps of personal information).
Germany’s underground is a subsidiary of the Russian one, the market heavy rely on DarkNets, the most popular forums use mirrors on the Tor Network. Deep Web.
Let’s close with the Brazilian underground, which is characterized by the presence of youngsters with no regard for the law. They use the Surface Web, exploiting popular social media for their activities.
The key findings of the study highlights:
The Japanese underground is the only market that does not focus on traditional crimeware. This underground scene caters more to the taboo.
The German underground takes cues from the Russian market.
The Chinese underground serves as a hotbed for crimeware (particularly hardware) prototypes.
For more details on the criminal ecosystem in the Deep Web give a look to the report “Cybercrime and the Deep Web”
Security Affairs: http://bit.ly/25ushAz