Dark Web Suppliers and Organized Cybercrime Gigs

The dark Web and its underground cybercrime-themed discussion boards have long been a fraud enablement center where professional criminals could congregate to peddle their online fraud tools, wares and services.

A decade ago, cybercrime discussion boards were a bustling marketplace where both rookies and expert criminals would exchange information and buy and sell cybercrime-as-a-service (CaaS). Nowadays, after a few major law enforcement interventions and the capture of banking Trojan authors such as those who created SpyEye, Carberp, Gozi and Dridex, underground boardgoers are a lot more cautious.

Gone are the expert-level patrons who used to frequent the open and semi-open boards, for obvious reasons. Newcomers typically run into novice actors and midlevel administrators in search of information and accomplices.

But expert CaaS vendors are still part of the underground economy, and they provide other cybercriminals with verified commodities such as:

·         Exploit kit services

·         Highly customized spam campaigns;

·         Bulletproof hosting;

·         Botnet and access rentals to infected endpoints; and

·         Web-injection experts and resources.

Since these CaaS vendors understand the risk level involved with their profession, they carefully limit access to their services to a select few boards — only the most exclusive, such as communities that are closed off to newcomers and have extremely strict rules on the admissibility of new members.

Webinjection Expertise: A Top Cybercrime Commodity

Some of the most popular CaaS commodities in the exclusive parts of the Dark Web are the services of expert webinjection writers who supply their skills to banking Trojan operators.

Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.

Whether made up of HTML code or JavaScript, webinjections are probably the most powerful social engineering tool available to cybercriminals who operate banking Trojan botnets.

To be considered both high-quality and effective, these webinjections have to seamlessly integrate with the malware’s injection mechanism, display social engineering that corresponds with the target bank’s authentication and transaction authorization schemes and have the perfect look and feel to fool even the keenest customer eye.

Read the rest of this post here: https://securityintelligence.com/dark-web-suppliers-and-organized-cybercrime-gigs/