Wicked Dark Web Wish List

Uploaded on 2019-02-12 in GOVERNMENT-Law Enforcement, FREE TO VIEW

The Dark Web is a lawless place, but even the most hidden corners of the darknet are not immune to the laws of supply and demand.

 Malware programs, cyber-criminal services and stolen data can skyrocket in popularity on the underground market just as quickly as they can fall out of favor, same as any product sold in the legitimate economy.

A couple of black market cyber trends truly took off in 2018 with experts predicting a few new ones will spring up in 2019.

Malicious Software and Services

It happens all the time: A pioneering hacker or sophisticated threat group becomes the first to introduce a new malware or exploit, and suddenly a whole clowder of copycats emerges. As demand for these malicious tools grow on the darknet, developers and buyers begin to offer the same functionality, sometimes in the form of malware, other times as malware-as-a-service.

Take, for example, Magecart, the e-commerce payment card skimmer toolset that turned into a high-profile threat last year after multiple cybercrime groups used it to carry out major attacks against British Airways, Ticketmaster and Newegg.
By December, researchers at Armor reported the discovery of what they identified as the first-ever Magecart-like tool available for sale on the dark web.

This sequence of events fits a common pattern, according to Corey Milligan, senior security researcher with Armor’s Threat Resistance Unit (TRU), who says that there is a “tendency for certain attack types [and] techniques to spike in conjunction with an increase in open-source reporting, including news coverage, detailing their successful use.”

Of course, this is but one example. Other categories of malware also continue to see spikes and dips in dark web demand.
In 2018, crypto-miners in many respects surpassed ransomware in terms of cyber-criminal demand. Now, just as suddenly, researchers believe we could see a reserving of that trend in 2019.

“Among criminal actors, expect crypto-mining to fall off and ransomware to return,” says Allan Liska, senior solutions architect at Recorded Future.

“Crypto-mining has not been as profitable for many cybercriminals as originally intended. Unless an attacker can infect tens or hundreds of thousands of devices it is difficult to make even close to the money that can be made from a successful ransomware campaign.”

Armor’s TRU team has also observed the ransomware market steadily increasing, while crypto-miner demand on the dark web continues to decline from its peak in May-June 2018.

Black market buzz for certain types of cyber weapons can also be influenced by security professionals’ and law enforcement’s latest activity. Wherever the good guys are training their focus on or bolstering defenses, the bad guys want to be somewhere else.

Allison Nixon, director of security research at Flashpoint, believes DDoS services are losing steam in underground marketplaces “as more and more targets are able to successfully mitigate attacks. Attacks are still happening, but you don’t hear about major outages happening nearly as often anymore.”

On the other hand, the demand for criminal proxy services that can disguise where the real attack is coming from is on the upswing because “We haven’t seen much law enforcement attention yet against criminal and shady proxy networks,” Nixon explains.

Stolen Data

The digital-age business philosophy that “data is king” applies to the criminal underworld as well. Information equals money, the right stolen data in the wrong hands can be used to hijack a bank account or spoof an email address to help perpetrate a financial scam.

If it’s sensitive information you’re after, investing in a malware service to collect it may not even be necessary. There’s plenty of stolen data already available on the dark web, including highly prized credentials, payment card numbers and Social Security numbers.

If you’re lucky or devious enough to get your hands on a particular victim’s complete set of personally identifiable information (PII), then you’ve really hit the jackpot. Scammers call such packages “fullz.”

For law-abiding citizens, such threats to their personal data begin at an early age. More than ever, in fact, it starts as early as birth.

“I’m… watching for an increase or steady supply of younger personal information, infant data, particularly,” says Emily Wilson, vice president of research at Terbium Labs.

“We’ve seen isolated listings for infant fullz and child SSNs pop up over the last few years. I’m expecting to see that market grow over time, shifting from a novelty item to a specialty item: available regularly, but with lower supply and a higher price.”

Fullz even remain valuable after death, not death of the person, necessarily, but of his or her payment cards.

Wilson explains cyber-criminals are increasingly finding worth in “dead fullz,” which refers to fullz containing data for payment cards that have expired or were cancelled.

Even though they can’t use the payment cards to score quick cash, attackers can still take advantage of these fullz because the stolen information can be used to compromise other accounts that do remain active.

In a recent report predicting dark web trends in 2019, Terbium Labs prognosticates that the advent of new technologies such as biometrics, Internet of Things (IoT) devices and autonomous vehicles will only expand the array of sources from which data can be stolen.

Biometric data in particular could become a hot-ticket item, the report states, because such data lasts for the victim’s entire lifetime, and cannot be altered, even if there is a breach.
 
“Compromised payment cards are simply canceled and reissued; no similar recourse exists for compromised fingerprints or retina scans,” the report says.

“Criminals on the dark web look for data they can monetise; right now, there is not sufficiently broad adoption of biometric technologies to warrant mining and marketing that data on criminal markets,” the report says.

“Once we see increased use of biometric technologies across multiple industries, however, especially if biometric tech becomes a favored replacement for passwords or two-factor authentication, expect to see that data make its way into the dark web economy.”

SC Magazine

You Might Also Read:

Dark Web Dealers Voluntarily Ban Deadly Fentanyl:

 

« The Top 5 Malware Attack Types
Foreign Hackers Target Canadian Government & Banks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Blue Frost Security

Blue Frost Security

Blue Frost Security provides high-level IT security consulting, penetration testing services, ISO 27001 Solutions, PCI compliance solutions and training.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

At-Bay

At-Bay

At-Bay is the world’s first InsurSec provider designed from the ground up to help businesses tackle cyber risk head on.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

SGNL

SGNL

SGNL redefines identity-first security by integrating business context, closing critical gaps, and transforming how enterprises manage privileged access for a secure, adaptive future.