Financial cybercrime-as-a-service industry ‘thriving’
Written by Hannah McGrath
Hackers and fraudsters operating on the dark web are fuelling a “thriving” trade in cybercrime-as-a-service, with a raft of new goods and services, even including aftersales support, according to new research.
The data was taken from 12 different English and Russian speaking dark markets and forums between February and June 2019 by researchers at cyber security firm Armor.
In addition to finding and chronicling the current prices for popular core items such as bank account credentials, credit card numbers, full identity packets, and DDoS and spamming services, Armor’s Threat Resistance Unit (TRU) team discovered cybercriminals peddling log-in credentials for unhacked Windows servers for use with Remote Desktop Protocol (RDP), and articles of incorporation.
These enable cybercriminals to establish a fraudulent company and open a ‘money mule’ business bank account which allows for higher funds.
The TRU team also discovered numerous cybercriminals selling credentials for unhacked Windows RDP servers. They are being offered for as little as £16 a piece.
These servers are a common entry point for ransomware hostile actors trying get a foothold into an organisation’s computer network.
The UK was the biggest global target for ransomware attacks in the first half of 2019, with the number increasing by 195 per cent, compared to a reported 59 per cent reduction in attacks of the same kind in 2018.
In comparing the current market prices for stolen credit cards, bank accounts, and personal identities to the prices advertised in June 2018, Armor’s TRU team found similar rates being offered.
At that time, the average price for a US Visa or Mastercard was around $9, with the current price averaging $8.50.
However, the TRU team saw a significant drop in price for UK Visa and Mastercard credit cards.
In June 2018, they were averaging $22 a piece, whereas today they are averaging $17 a piece.
One potential reason for this price drop , Armor suggested, could be due to an influx of credit cards hitting the black markets, after a spate of card-skimming attacks hit hundreds of e-commerce websites, including organisations operating in the UK such as British Airways, Marriott, Ticketmaster and others.
Another of the emerging services the TRU team spotted in the dark markets involved a criminal paying a seller $800 in Bitcoin and have $10,000 transferred to a bank account of their choice or wired to them via Western Union.
Chris Hinkley, head of Armor’s TRU Team said “For those scammers who don’t possess the technical skills and a robust money mule network to monetise online bank account or credit card credentials, this is an offer that can be very attractive.
He added: “The threat actors are still selling financial account and credit card credentials outright, but this clever service gives them an additional channel for monetising the large amounts of financial data available on the underground. Plus, they still reduce their risk because ultimately, they are not taking possession of the stolen funds.”