Russian Site is One-Stop Shop for Cyber-Crime

Uploaded on 2016-09-02 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber situational awareness company Digital Shadows has unearthed an “all-in-one” outsourced online shop for cyber-criminals looking for low-cost entry methods to sell their ill-gotten assets.

The firm estimates the total number of shops hosted on Russian-language site Deer.io to be close to 1000, the majority of which selling products that are stolen or from compromised accounts. This is despite administrators insisting they warn their hosted shops not to sell illegal goods and deny all responsibility for any illegal items advertised.

However, the site has been detected as advertised on well-known criminal forums such as Xeksek, AntiChat, Zloy and Exploit, raising suspicions that organizers may be willing to turn a blind eye to some activity and listings.

“This is the continuation of a trend that we’ve been seeing for some time where the barriers to entry for cyber-criminals continue to be lowered,” James Chappell, founder and CTO of Digital Shadows, told Infosecurity. “In particular, this development improves the ability for criminals to sell much more readily.”

Deer.io offers services such as technical hosting including anonymity and security, payment handling, website design and distributed denial of service protection; things that hackers with little or no technical expertise often struggle to orchestrate themselves, so by providing them Deer.io is likely to be very attractive to users with low-technical capabilities, says Digital Shadows.

Chappell explained that this is the first time they have come across this type of ‘all-in-one’ outsourced online shop which provides hosting, design and a payment solution.

“It’s fair to say that the fact that all of these support services are wrapped into a one-stop shop marks a change and is a step up in terms of maturity in the marketplace. It’s also interesting to note that this exists on the surface web, which is a reminder that the dark web does not monopolize criminality.”

Deer.io also clearly seems to be a successful, profitable setup, claiming to have helped to generate more than 240 million rubles (RUB) (around $3.8 million USD) for its customers since at least October 2013. It charges a monthly fee of 500 RUB (approximately $8) to provide customer service and product development, and was observed giving prompt responses to queries. The breadth of offerings and responsiveness almost certainly contribute to the apparent popularity of the service.

Furthermore, the automatic payment system provided – available for Webmoney, Yandex Money and QIWI – enables transactions to occur 24/7 without requiring constant vendor attention.

“The ‘hands off’ nature of the way shops are run simply means criminal transactions can continue uninterrupted. The site seems to have focused on a high level of customer service,” Chappell added.

Infosecurity: http://bit.ly/2afwOy6

« CIA Sees Intel Data Flood As Both A Benefit And A Danger
Internet of Things Will Turn Hacks Into Disasters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

International Association of Professional Security Consultants (IAPSC)

International Association of Professional Security Consultants (IAPSC)

Members of the IAPSC represent a unique group of respected, ethical and competent security consultants.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

BlueAlly

BlueAlly

BlueAlly helps clients scale, optimize, and manage their IT resources to reach their business goals.

Beazley Security

Beazley Security

Beazley Security is a global cyber security firm committed to helping clients develop true cyber resilience: the ability to withstand and recover from any cyberattack.

Axiotrop

Axiotrop

AXIOTROP is a Cybersecurity firm offering leading services in assessment, remediation, and validation to protect the confidentiality, integrity, and availability of regulated information.