Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/7/2015
12:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Brazen North American Cyber Underground Offers DIY Criminal Wares For Cheap

Inexpensive and easily accessible cybercrime products and services as well as drugs, counterfeit documents, weapons, cater to would-be and existing criminals, new report says.

You don't have to be a stealthy hacker or member of organized crime to buy and sell goods in the North American cyber underground: it's a wide open, easily accessible cyber marketplace that makes it easy for anyone to illegally buy weapons, crimeware, and botnets.

What sets the North American underground economy apart from that of Russia and other more stealthy cyber-based crime conduits is that it's easy for novices to access -- there's no limited access like in the Russian underground. And that means it makes it easy for anyone to conduct cybercrime or access the tools for physical crime, a new report from Trend Micro has found.

"It's more of an Amazon [type] shopping mall for goods and services, a one-stop shop for anything nefarious," says Tom Kellermann, chief cybersecurity officer at Trend Micro.

Many of the underground sites studied by Trend Micro are searchable via the Web. All it takes is the right search query, and a novice can access what he or she needs to perform criminal acts, such as guides for how to use VPNs or TOR for nefarious purposes, and goods and services for cybercrime (stolen payment card information), physical fraud (fake passports), drugs, and even murder. "You can get ransomware in the US for $10," Kellermann notes.

But the brazen openness of the North American cyber underground also means it's in the sights of law enforcement, a tradeoff the peddlers and buyers seem willing to risk. They get around getting busted by constantly changing up their sites: "Although several criminal transactions are done out in the open, they are very fickle. The life span of most underground sites is short. They could be up one day and gone the next. Investigations will have to keep up with this fast pace," Trend Micro's report says.

There's also rampant competition among the vendors, which has made the purchase of these wares relatively inexpensive.

[When you think cybercrime, Japan probably isn't top of mind. But like anywhere else, the bad guys there are following the money, and an emerging yet highly stealthy underground economy is growing in Japan. Read Japan's Cybercrime Underground On The Rise.]

One of the trademark offerings in the North American underground is crypting services, which offer bad guys a way to camouflage their malware from anti-malware systems. They submit their malware, and the providers check it against security tools and then encrypt it such that it's no longer detectable. That service is available from $20 for a one-shot deal to $1,000 for a monthly offering.

The Xena RAT Builder crimeware kit is price anywhere from $1 to $50, and offers two levels of customer service:  silver ($15) and gold ($20). Gold encrypts it so it's undetectable. Would-be cybercriminals can buy a worm from between $7 and $10; botnet or botnet-builder tools for between $5 and $200; ransomware for $10; and the Betabot DDoS tool for $74.

There also are DDoS-as-a-service options, which start as low as $5 for 300 seconds of a 40 gigabits-per-second DDoS attack, to $60 for a 2,000-second 125Gbps DDoS. Bulletproof hosting services are also available for $75 per month.

A phony US passport costs $30, and a phony US driver's license, $145, Trend Micro's researchers found.

"They're [the sellers] trying to enable anyone with criminal intentions. That's problematic," Trend Micro's Kellermann says. "It speaks to more crime having a duality to it, and with cyber-components."

Unlike the Russian underground, North America's has no organizational structure, he says. "Germany's is the most sophisticated in operational security … Russia is selling the most zero-days and advanced attack platforms."

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.