Russian Site is One-Stop Shop for Cyber-Crime

Uploaded on 2016-09-02 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber situational awareness company Digital Shadows has unearthed an “all-in-one” outsourced online shop for cyber-criminals looking for low-cost entry methods to sell their ill-gotten assets.

The firm estimates the total number of shops hosted on Russian-language site Deer.io to be close to 1000, the majority of which selling products that are stolen or from compromised accounts. This is despite administrators insisting they warn their hosted shops not to sell illegal goods and deny all responsibility for any illegal items advertised.

However, the site has been detected as advertised on well-known criminal forums such as Xeksek, AntiChat, Zloy and Exploit, raising suspicions that organizers may be willing to turn a blind eye to some activity and listings.

“This is the continuation of a trend that we’ve been seeing for some time where the barriers to entry for cyber-criminals continue to be lowered,” James Chappell, founder and CTO of Digital Shadows, told Infosecurity. “In particular, this development improves the ability for criminals to sell much more readily.”

Deer.io offers services such as technical hosting including anonymity and security, payment handling, website design and distributed denial of service protection; things that hackers with little or no technical expertise often struggle to orchestrate themselves, so by providing them Deer.io is likely to be very attractive to users with low-technical capabilities, says Digital Shadows.

Chappell explained that this is the first time they have come across this type of ‘all-in-one’ outsourced online shop which provides hosting, design and a payment solution.

“It’s fair to say that the fact that all of these support services are wrapped into a one-stop shop marks a change and is a step up in terms of maturity in the marketplace. It’s also interesting to note that this exists on the surface web, which is a reminder that the dark web does not monopolize criminality.”

Deer.io also clearly seems to be a successful, profitable setup, claiming to have helped to generate more than 240 million rubles (RUB) (around $3.8 million USD) for its customers since at least October 2013. It charges a monthly fee of 500 RUB (approximately $8) to provide customer service and product development, and was observed giving prompt responses to queries. The breadth of offerings and responsiveness almost certainly contribute to the apparent popularity of the service.

Furthermore, the automatic payment system provided – available for Webmoney, Yandex Money and QIWI – enables transactions to occur 24/7 without requiring constant vendor attention.

“The ‘hands off’ nature of the way shops are run simply means criminal transactions can continue uninterrupted. The site seems to have focused on a high level of customer service,” Chappell added.

Infosecurity: http://bit.ly/2afwOy6

« CIA Sees Intel Data Flood As Both A Benefit And A Danger
Internet of Things Will Turn Hacks Into Disasters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Socura

Socura

Socura helps make the digital world a safer place; changing the way organisations think about cyber security through a dynamic, innovative, and human approach.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.