Dark Web Suppliers and Organized Cybercrime Gigs
The dark
Web and its underground cybercrime-themed discussion boards have long been a
fraud enablement center where professional criminals could congregate to peddle
their online fraud tools, wares and services.
A decade
ago, cybercrime discussion boards were a bustling marketplace where both
rookies and expert criminals would exchange information and buy and sell
cybercrime-as-a-service (CaaS). Nowadays, after a few major law enforcement
interventions and the capture of banking Trojan authors such as those who
created SpyEye, Carberp, Gozi and Dridex, underground boardgoers are a lot more
cautious.
Gone are
the expert-level patrons who used to frequent the open and semi-open boards,
for obvious reasons. Newcomers typically run into novice actors and midlevel
administrators in search of information and accomplices.
But
expert CaaS vendors are still part of the underground economy, and they provide
other cybercriminals with verified commodities such as:
·
Exploit kit services
·
Highly customized spam campaigns;
·
Bulletproof hosting;
·
Botnet and access rentals to infected endpoints; and
·
Web-injection experts and resources.
Since these
CaaS vendors understand the risk level involved with their profession, they
carefully limit access to their services to a select few boards — only the most
exclusive, such as communities that are closed off to newcomers and have
extremely strict rules on the admissibility of new members.
Webinjection Expertise: A Top Cybercrime Commodity
Some of
the most popular CaaS commodities in the exclusive parts of the Dark Web are
the services of expert webinjection writers who supply their skills to banking
Trojan operators.
Webinjections
are code snippets that financial malware can force into otherwise legitimate
Web pages by hooking the Internet browser. Once a browser has been compromised
by the malware, attackers can use these injections to modify what infected
users see on their bank’s pages or insert additional data input fields into
legitimate login pages in order to steal information or mislead unsuspecting
users.
Whether
made up of HTML code or JavaScript, webinjections are probably the most
powerful social engineering tool available to cybercriminals who operate
banking Trojan botnets.
To be
considered both high-quality and effective, these webinjections have to
seamlessly integrate with the malware’s injection mechanism, display social
engineering that corresponds with the target bank’s authentication and
transaction authorization schemes and have the perfect look and feel to fool
even the keenest customer eye.
Read the rest of this post here: https://securityintelligence.com/dark-web-suppliers-and-organized-cybercrime-gigs/
Comments
Post a Comment