Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Underground Criminals. Show all posts

Cybersecurity Must Adopt a New Approach to Combat Underground Cybercrime Activities

 

Threat researchers at Cybersixgill published their annual report, The State of the Cybercrime Underground, earlier this year. The study is based on an analysis of data that Cybersixgill gathered from the deep, dark, and clear web in 2022. The study looks at how threat actors' tactics, techniques, and procedures (TTPs) have evolved over time in the digital age and how organisations can adjust to lower risk and maintain operational resilience. 

This article provides an overview of some of The report's key findings are briefly summarised in this article, covering trends in credit card fraud, cryptocurrency observations, improvements in artificial intelligence and how they are lowering the entrance hurdles for cybercrime, and the emergence of cybercriminal "as-a-service" operations. The necessity for a new security strategy that combines attack surface management (ASM) and cyber threat intelligence (CTI) to counter threat actors' constantly evolving tactics is covered in more detail below. 

Decline in credit card scams

For many years, fraudsters operating underground have employed credit card fraud as a regular and recurrent danger. But a number of recent changes are halting the trend and sharply lowering the number of instances of credit card theft. In recent months, the number of compromised credit cards being sold on illegal underground markets has significantly decreased. For instance, in 2019 dark web shops offered for sale almost 140 million compromised cards. By 2020, the number had dropped to roughly 102 million, and by 2021, it had fallen again by another 60% to just under 42 million cards. The amount finally fell to just 9 million cards in 2022.

Clever use of cryptocurrency

The decentralised nature of cryptocurrencies gives users privacy and anonymity. Therefore, it should come as no surprise that cybercriminals prefer to pay using cryptocurrency to buy illegal goods and services, launder money obtained from cyberattacks, and get paid for ransomware. In addition to becoming more widely used for legitimate purposes, cryptocurrencies have also attracted the attention of threat actors, opening up new potential for "crypto-jacking," hacking of digital wallets, crypto-mining, and stealing of digital assets from cryptocurrency exchanges. 

Even in the wake of the 2022 crypto meltdown, attackers continue to place a high value on cryptocurrency. In 2022, we observed a 79% increase in crypto account takeover attacks, as stated in our study. (In the end, fraudsters utilise crypto to shift money rather than to generate revenue. Prices are indicated in dollars even if subterranean transactions are conducted in cryptocurrencies.) However, if investors continue to flee the market because of its turbulence, threat actors may eventually give up using cryptocurrencies as fewer users make it simpler for law enforcement to detect illegal transactions and for lawmakers to enact stronger regulation. 

Use of artificial intelligence

Less than a year after it first appeared on the scene, cybercriminals are still very excited about ChatGPT and other recently revealed AI tools because of their potential to be a force multiplier for online crime. Threat actors can automate the creation of malware code and even replicate human language for social engineering with the correct prompts and direction, streamlining the entire attack chain. ChatGPT enables less experienced and less skilled cybercriminals to quickly and relatively easily carry out destructive acts. As highlighted in the study, AI technology is decreasing the entrance barrier for cybercrime and cutting the time required for threat actors to build harmful code and carry out other "pre-ransomware" preparations. 

Mitigation tips

Within an organisation's vast attack surface, every connected system offers possible attack entry points for cybercriminals. Today, it is nearly impossible to safeguard the growing organisational attack surface using only cyber threat intelligence to assess vulnerability. The modern attack surface is becoming more and more external, encompassing a wide ecosystem of unidentified assets from cloud-based resources, connected IPs, SaaS apps, and third party supply chains in addition to the known network perimeter.

As a result, the majority of organisations struggle with the copious quantities of cyber threat intelligence data and experience significant blindspots into their whole attacker-exposed IT system. Security teams require complete visibility into their individual attack surface and real-time knowledge into their threat exposure in order to effectively fight against cyber threats. 

The Attack Surface Management (ASM) solution from Cybersixgill, which is embedded with native, market-leading Cyber Threat Intelligence (CTI), eliminates visibility blindspots by automatically locating the invisible. With this unified solution, security professionals can continuously find, map, scope, and classify unknown networked assets that can put your business at danger, while also keeping track of your whole asset inventory in real-time across the deep, dark, and clear web. 

To focus on each organization's unique attack surface and provide the earliest possible alerts of threats targeting their company, the integration of ASM refines industry-leading threat intelligence. Security teams are reliably equipped to focus their efforts and resources where they are most needed thanks to complete insight of organisational threat exposure. This significantly reduces Mean Time to Remediate (MTTR) and speeds up remediation time.

Underground Criminals Selling Stolen Network Access to Third Parties for up to $10,000

 

Cybersecurity firm Intsights published a new report that highlights the vibrant marketplaces on the dark web where attackers can buy or sell what they needed to target an organization. 

Paul Prudhomme, a cybersecurity advisor at IntSights, analyzed several underground exchanges on Russian and English-language platforms where stolen credentials and network compromises are traded. The underground criminals sell stolen network access to third parties for up to $10,000. The prices are also influenced by location and industry.

“Some cyber-criminals specialize in network compromises and sell the access that they have obtained to third parties, rather than exploiting the networks themselves,” researchers explained. “By the same token, many criminals that exploit compromised networks — particularly ransomware operators — do not compromise those networks themselves but instead buy their access from other attackers.”

According to researchers, cybercriminal groups rarely possess a team of attackers experienced in each stage of an attack, making dark web platforms ideal to sell or buy malware payloads, hosting infrastructure, and access to abused networks. 

“In September 2020, Russian-speaking username “hardknocklife” auctioned off remote desktop protocol (RDP) access to a U.S. hospital. He mentioned as a selling point that this RDP access yielded patient records, in which he reportedly had no interest,” researchers added. 

“US patient records from healthcare organizations are a valuable resource for identity thieves and other fraudsters because they contain dates of birth, social security numbers, and other personal details that they can use for fraudulent credit applications and other malicious purposes,” they went on to say. “This seller could have mined or monetized that data himself but lacked interest in doing so, perhaps because he could be more productive as an intruder than a fraudster, or because he lacked the fraud or criminal business skills to do so.”

This information started at the low price of $500 in the auction but was sold at a ten times higher rate of $5000. Researchers examined a sample of 46 sales of network access on underground forums between September 2019 and May 2021. The sample included 30 offerings from Russian-language forums (65%) and 16 offerings from English-language forums (35%). 

The primary target of underground criminals is the Tech & telecoms industry (22%), followed by Financial Services, Healthcare & Pharma, and Energy and Industrials, all on 19.5%. There is no surprise in these numbers. They match industry risk from other reports. What is perhaps a surprise is the emergence of automotive (9%) in fifth place.

IntSights researchers analyzed 46 separate offers to sell network access. In the majority of cases (40 out of 46), the location was mentioned. North America with 37.5% was at the top of the list followed by Europe, the Asia Pacific and the Middle East/North Africa accounted for 17.5% each, with Latin America just 10%. 

“Criminals typically prefer victims in wealthier countries with advanced economies, as they are generally more lucrative. Prices for access to healthcare organizations also trend lower due to the perception that they are easier to compromise,” researchers concluded.