Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/3/2014
05:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

In China, Cybercrime Underground Activity Doubled In 2013

Forget intelligence gathering. Financially motivated cybercrime is booming behind the Great Wall.

China has become infamous for politically motivated intelligence gathering, but new research from Trend Micro shows that a financially motivated, politically independent cybercrime underground is alive and growing behind the Great Wall, as well.

The new report shows that Chinese cybercrime underground activity doubled between 2012 and 2013. According to Trend Micro CSO Tom Kellermann, it has likely tripled since then.

Further, Kellermann says, these criminals are not just targeting victims in other countries. The targets include "the bourgeois, nouveau-riche Chinese elite who have profited from capitalism" in a country with a dwindling middle class.

The Chinese government "has been focused externally... on information dominance and espionage," Kellermann says. The technological skills cultivated by the country's leaders are coming back to hurt them in the form of new cybercriminals "who are not beholden to the regime. They believe money is God and believe that crime has evolved with technology."

Other recent Trend Micro research shows that the Chinese underground is largely focused on mobile device/services attacks -- Android-based products in particular -- and charges customers a premium for that work.

The most sought mobile crime products and services are SMS spamming, premium service numbers, and SMS servers. SMS spamming is relatively inexpensive, ranging from $50 for 5,000 text messages ro $460 for 100,000 messages. Premium service numbers -- used to subscribe mobile users to unwanted services and charge them a fee for it -- run from $2,500 per year to $36,000 per year. SMS servers -- radio frequency hardware that forces nearby phones to disconnect from legitimate base stations and connect to the attacker's SMS server instead -- cost $7,400.

The reasons for the higher price tags, says Kellermann, are that mobile attacks require more creative code and can offer bigger payoffs. For one thing, mobile payments are more popular in Southeast Asia than they are in the United States, which makes mobile devices more attractive.

"I'd pay more" for mobile attacks, "because I can hack your life," he says. "If the [mobile] device is an extension of yourself, then I can hack you."

In comparison, the most popular nonmobile attack tools are quite affordable. DDoS toolkits can be rented for $81 per month. RAT "licenses" range from $97 to $258 per year, depending on the software. Even the new DNS attack services cost only $323.

The attack products and services appear to be sophisticated and professional. However, the methods the criminal marketplace uses to communicate are not.

The communication tool of choice is QQ groups, a feature of the QQ instant messaging app. Unlike most organized criminals in Eastern Europe, who often rigorously vet customers before working with them, these Chinese groups make themselves quite available to the general public. A simple search of QQ groups turns up results like the "China DDoS and Hacking Service Group."

Download the full report here.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
9/5/2014 | 1:38:05 PM
Re: Very interesting ... not surprising
And anyway Sara well done, the post is very interesting as the choice of the argument.

We must share this data

Regards

Pierluigi
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
9/5/2014 | 1:36:57 PM
Re: Very interesting ... not surprising
Hi Sara,

experts at TrendMicro already published an excellent report on Chinese Mobile Underground that probably is the segment more prolific in the Chinese black market.

I anticipate you that also Brazilian underground is very prolific ... 

so stay tuned waiting further reports.

Warm regards

Pierluigi
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
9/5/2014 | 11:52:38 AM
Re: Very interesting ... not surprising
@securityaffairs  I'm glad that you're not surprised by the findings, but I expect that a lot of people WILL be. It seems that many people -- even those in the security community -- are confused by the very idea that there are hackers in China who are motivated by money, not nationalism.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
9/5/2014 | 4:14:45 AM
Very interesting ... not surprising
The report, as usual, is very interesting and full of precious data. I'm not surprised for the findings of the study, financially motivated attacks will continue to increase also behind the Great Wall.

Chinese underground is very prolific (as the Russian one), and technological evolution of the country will advantage the scaring escalation of criminal activities in China.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...