Report details changing tactics and global demand for new malicious services like Deepfake ransomware and AI bots
Bengaluru, NFAPost: Trend Micro Incorporated, a global leader in cybersecurity solutions, released new data on cybercriminal operations and patterns for buying and selling goods and services in the underground.
Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization.
The underground market comes with a handful of staples: stolen accounts, fake documents, credit card credentials, and useable malware. Currently, the top offerings are stolen accounts (banking, social media, streaming services and music services), gaming-related content, and credit cards.
Commenting on the report, Trend Micro Chief Cybersecurity Officer Ed Cabrera said this report highlights the threat intelligence collects and analyses from global cybercriminal networks that enables to alert, prepare and protect corporate customers and partners.
“This research helps us inform businesses early about emerging threats, such as Deepfake ransomware, AI bots, Access-as-a-Service and highly targeted SIM-swapping. A layered, risk-based response is vital for mitigating the risk posed by these and other increasingly popular threats,” said Trend Micro Chief Cybersecurity Officer Ed Cabrera.
The report reveals that determined efforts by law enforcement appear to be having an impact on the cybercrime underground. Several forums have been taken down by global police entities, and remaining forums experience persistent DDoS attacks and log-in problems impacting their usefulness.
Loss of trust led to the creation of a new site, called DarkNet Trust, which was created to verify vendors’ and increase user anonymity. Other underground markets have launched new security measures, such as direct buyer-to-vendor payments, multi-signatures for cryptocurrency transactions, encrypted messaging, and a ban on JavaScript.
The report also reveals the changing market trends for cybercrime products and services since 2015. Commoditization has driven prices down for many items. For example, crypting services fell from US$1,000 to just $20 per month, while the price of generic botnets dropped from $200 to $5 per day. Pricing for other items, including ransomware, Remote Access Trojans (RATs), online account credentials and spam services, remained stable, which indicates continued demand.
However, Trend Micro Research has seen high demand for other services, such as IoT botnets, with new undetected malware variants selling for as much as $5,000. Also popular are fake news and cyber-propaganda services, with voter databases selling for hundreds of dollars, and gaming accounts for games like Fortnite can fetch around $1,000 on average.
Other notable findings include the emergence of markets for:
- Deepfake services for sextortion or to bypass photo verification requirements on some sites.
- AI-based gambling bots designed to predict dice roll patterns and crack complex Roblox CAPTCHA.
- Access-as-a-Service to hacked devices and corporate networks. Prices for Fortune 500 companies can reach up to US$10,000 and some services include access with read and write privileges.
- Wearable device accounts where access could enable cybercriminals to run warranty scams by requesting replacement devices.
Trends in underground marketplaces will likely shift further in the months following the global COVID-19 pandemic, as attack opportunities continue to evolve. To protect against the ever-changing threat landscape, Trend Micro recommends a multi-layered defense approach to protect against the latest threats and mitigate corporate security risk.
Darkweb Marketplace Users Lose Trust
Law enforcement entities have been rapidly shutting down underground marketplaces, particularly in 2019. Usually, after a major marketplace shuts down, users simply migrate to another coexisting space. However, there is currently no dominant and stable marketplace.
Forum users are quickly losing faith in underground forums and marketplaces. Along with law enforcement issues, there are also fears that administrators are planning exit scams. Sites are also having trouble maintaining stable operations. Empire, one of the few remaining top markets, is consistently battling login problems and distributed denial-of-service (DDoS) attacks, and users regularly express frustration because of these issues.
The marketplace community has been looking for ways to build trust. A new search site called DarkNet Trust was created to verify vendors’ reputations by searching through forums. Administrators are adding new security features, such as walletless markets, multisignatures on BTC and Monero, and no-Javascript policies. Some dark web forum users also suggested that blockchain technology could host decentralized marketplaces, since this supposedly makes sites less susceptible to law enforcement takedowns and surveillance.
Interest in Deepfake Scams Increase
Many online users have already heard or seen Deepfake images and videos. The AI-generated technology can create realistic images and sounds, credibly imitating a specific subject. And it has already been successfully used in criminal scams. In March 2019, an executive of an unnamed U.K.-based company was tricked into transferring €220,000 (US$243,000) to a scammer using Deepfake voice technology. The man conversed on the phone with someone he thought was his boss.
We’ve seen underground and forum posts selling services for still image and video fakes, but many users have expressed interest in finding different ways to monetize this technology. There are discussions on how Deepfakes can be used to bypass photo verification requirements on dating sites or for sextortion and eWhoring scams.
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints.
The company’s products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 6,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro secures your connected world.
