Armor’s Black Market Report shows Cyber Crime-as-a-Service to be “thriving”

Cloud Security-as-a-Service provider Armor has released its annual Black Market Report which shows that Cyber Crime-as-a-Service is thriving, with cyber criminals staying ahead of the game by offering a raft of new goods and services – and even after-sales support.

Armor’s Threat Resistance Unit (TRU), part of the company’s Security Operations Centre (SOC), which specialises in gathering knowledge about new and emerging threats, analysed data from 12 different English and Russian-speaking black markets and forums between February and June this year. In addition to finding and chronicling the current prices for popular core items such as bank account credentials, credit card numbers, full identity packets and DDoS and spamming services, the TRU Team discovered cyber criminals peddling some interesting new offerings. They include cash for pennies on the pound, log-in credentials for unhacked Windows servers for use with Remote Desktop Protocol and articles of incorporation.

One of the emerging services the TRU team spotted in the dark markets is where a criminal can pay a seller $800 in Bitcoin and have $10,000 transferred to a bank account of their choice. “For those scammers who don’t possess the technical skills and a robust money mule network to monetise online bank account or credit card credentials, this is an offer that can be very attractive,” said Chris Hinkley, head of Armor’s TRU Team. “The threat actors are still selling financial account and credit card credentials outright, but this clever service gives them an additional channel for monetising the large amounts of financial data available. Plus, they still reduce their risk because, ultimately, they’re not taking possession of the stolen funds.”

The TRU Team also discovered numerous cyber criminals selling credentials for unhacked Windows RDP servers. They’re being offered for as little as £16 each. These servers are a common entry point for ransomware hostile actors trying gain a foothold within an organisation’s computer network. Therefore, it stands to reason that the fraudsters would take advantage of this market opportunity.

The UK was the biggest global target for ransomware attacks in the first half of 2019, with the number increasing by 195%, compared to a reported 59% reduction in attacks of the same kind in 2018. Business is likely to be good.

Banking and credit card schemes

In relation to banking and credit card schemes, it came as no shock to find cyber criminals hawking articles of incorporation and sole proprietorship papers. These documents enable a money mule (a person who transfers illegally acquired money on behalf of or at the direction of another and is paid for their services) to apply for a Company Registration Number which, in turn, lets them open a business bank account.

A business bank account allows a criminal to move larger amounts of money in and out of the account, making it less likely that the bank’s fraud alerts will be triggered. The money mule bank accounts are so integral to the success of online financial fraud it makes sense that the TRU Team would see these items become a staple in black markets.

In comparing the current market prices for stolen credit cards, bank accounts and personal identities to the prices advertised in June 2018, Armor’s TRU Team found similar rates. At that time, the average price for a US Visa or Mastercard was around $9, with the current price averaging $8.50. However, the TRU Team did see a significant drop in price for UK Visa and Mastercard credit cards. In June 2018, they were averaging $22 each, whereas today they’re averaging $17. One  potential reason for this price drop is due to an influx of credit cards hitting the black markets after a spate of card skimming attacks hit hundreds of e-commerce websites, including organisations operating in the UK such as British Airways, Marriott International, Ticketmaster and others.

Armor’s comprehensive report includes details of the wide-ranging goods and Cyber Crime-as-a-Service offerings and their associated costs, covering everything from DDoS attacks to spamming, gift cards and – as becoming a social media influencer continues to grow in popularity – the cost of ‘Likes’ and followers.

The amount of criminal goods and services being peddled in dark markets is daunting. However, by continually monitoring these markets, security defenders – such as Armor – are able to gain valuable insight into the types of data being targeted, how it’s being stolen and how the data is being used.

“Having this intelligence is key in helping us protect our clients from current and emerging cyber threats,” concluded Hinkley. “Although it feels like a never-ending battle, it’s a fight worth fighting.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts