Researchers from Google and several academic institutions are devising ways to fight organized cybercrime by targeting the support infrastructure and financial services used by threat actors to conduct illegal activities.
The goal of the effort is to try and discourage fraudulent activity to the extent possible by making it costlier for criminals to operate, Kurt Thomas and Elie Bursztein, two members of Google’s Anti-Fraud and Abuse Research said in a blog post Thursday.
The two researchers pointed to several examples where Google and others have already begun taking such actions to try and disrupt the cyber underground.
By studying and understanding how cybercriminals are abusing the phone verified account system to do bulk registration of fraudulent accounts, Google for instance, has been able to make its accounts 30 to 40 percent costlier to register in the black market, Thomas and Bursztein said.
Similarly, by studying the methods used by a group of 26 underground merchants to register fake Twitter accounts, researchers at the University of California, Berkeley, George Mason University and Twitter were able to develop a method for retroactively detecting the fake accounts.
With Twitter’s help, the researchers were able to use the method to disable 95 percent of all fraudulent accounts registered by the 27 merchants, including those accounts that had already been sold in the underground.
Using similar tactics, researchers from George Mason University and the University of California, San Diego were able to disrupt payment processing for several illegal pharmacies and outlets selling counterfeit software, the two researchers said.
Such measures are needed because conventional client and server-side oriented countermeasures such as personal anti-virus tools, firewalls, network packet scanners, automated software updates, and two-factor authentication only have had a limited effect in stemming cybercrime, Thomas and Bursztein noted in the blog.
Each time security researchers have developed defensive measures cyber criminals have been able to circumvent them. “While these safeguards have significantly improved user security, they create an arms race: criminals adapt or find the subset of systems that remain vulnerable and resume operation.”
The increasing sophistication and commoditization of the cyber underground has made it easy for criminals from everywhere to trade in knowledge, technologies, services, and data for defrauding businesses and users.
The availability of specialized services for buying and selling infected systems, exploit kits, spam hosting, and user records have transformed cybercrime into a massive collaborative operation among criminals, the Google researchers said.
“An alternative strategy in this space is to target resource bottlenecks within the underground,” they said. The goal should be to try and make it costlier for cybercriminals to do business.
Going forward, security researchers need to focus on a more thorough understanding of the ecosystem used by cybercriminals to develop, execute, and profit from fraudulent campaigns, the two researchers said in a technical paper to the topic developed with other researchers.
The study of underground markets has to evolve from an exploratory niche involving mostly anecdotal research to a core-component of security research. A clear picture of how attackers profit from victims and institutions is vital to developing effective countermeasures and breaking up the “fragile interdependencies” that exist in the cyber underground, the paper said.