Russian Site is One-Stop Shop for Cyber-Crime

Uploaded on 2016-09-02 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber situational awareness company Digital Shadows has unearthed an “all-in-one” outsourced online shop for cyber-criminals looking for low-cost entry methods to sell their ill-gotten assets.

The firm estimates the total number of shops hosted on Russian-language site Deer.io to be close to 1000, the majority of which selling products that are stolen or from compromised accounts. This is despite administrators insisting they warn their hosted shops not to sell illegal goods and deny all responsibility for any illegal items advertised.

However, the site has been detected as advertised on well-known criminal forums such as Xeksek, AntiChat, Zloy and Exploit, raising suspicions that organizers may be willing to turn a blind eye to some activity and listings.

“This is the continuation of a trend that we’ve been seeing for some time where the barriers to entry for cyber-criminals continue to be lowered,” James Chappell, founder and CTO of Digital Shadows, told Infosecurity. “In particular, this development improves the ability for criminals to sell much more readily.”

Deer.io offers services such as technical hosting including anonymity and security, payment handling, website design and distributed denial of service protection; things that hackers with little or no technical expertise often struggle to orchestrate themselves, so by providing them Deer.io is likely to be very attractive to users with low-technical capabilities, says Digital Shadows.

Chappell explained that this is the first time they have come across this type of ‘all-in-one’ outsourced online shop which provides hosting, design and a payment solution.

“It’s fair to say that the fact that all of these support services are wrapped into a one-stop shop marks a change and is a step up in terms of maturity in the marketplace. It’s also interesting to note that this exists on the surface web, which is a reminder that the dark web does not monopolize criminality.”

Deer.io also clearly seems to be a successful, profitable setup, claiming to have helped to generate more than 240 million rubles (RUB) (around $3.8 million USD) for its customers since at least October 2013. It charges a monthly fee of 500 RUB (approximately $8) to provide customer service and product development, and was observed giving prompt responses to queries. The breadth of offerings and responsiveness almost certainly contribute to the apparent popularity of the service.

Furthermore, the automatic payment system provided – available for Webmoney, Yandex Money and QIWI – enables transactions to occur 24/7 without requiring constant vendor attention.

“The ‘hands off’ nature of the way shops are run simply means criminal transactions can continue uninterrupted. The site seems to have focused on a high level of customer service,” Chappell added.

Infosecurity: http://bit.ly/2afwOy6

« CIA Sees Intel Data Flood As Both A Benefit And A Danger
Internet of Things Will Turn Hacks Into Disasters »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Cyber Intelligence (CI)

Cyber Intelligence (CI)

Cyber Intelligence is an award winning 'MSC status' cyber security education and training company.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

EBRAND Services

EBRAND Services

EBRAND, the European experts for brand protection on the Internet. We offer a full set of services including cybermonitoring, fighting counterfeiting offences and online security.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.