Want a glimpse into the cyber crime economy? Hold up a mirror

In the past five years, the cyber crime black market has exploded, in large part because it has adopted the same infrastructure and business practices as legal free markets. A 2014 RAND report, and more recent reports from McAfee and Google, highlight key elements of the sophisticated underground economy. It’s like holding up a mirror—which also provides the insight needed to ultimately crash the market.

Large enterprises
Gone are the days of a hooded loner doing everything from coding and distributing malware to identifying infection points and managing money mules. Today, a C-suite of Armani-clad entrepreneurs lead sophisticated hierarchies of middle managers, low-level employees and contractors.

Recruiters for these syndicates seek out technical specialists offering crime-as-a-service. Examples include exploit writers who discover vulnerabilities and create exploit packs, translators who make spam emails sound legit in any language, malware testers who validate software, bot herders who lease and infect zombie computers, tool providers who offer CAPTCHA solvers and other tools to spread spam and malware, and money mules who—sometimes unwittingly—transfer illegal money into legitimate accounts.

Financial trading systems
Commerce relies on a currency system. The introduction of virtual currencies like Bitcoin made it easy for cyber criminals to remain hidden from law enforcement. Before it was shut down by the U.S. Treasury Department in 2013, the Liberty Reserve digital currency service was used by 1 million people worldwide to launder about $6 billion over seven years. The CoinMarketCap website, which tracks the virtual currency market, lists nearly 700 crypto-currencies.

Marketing and communication channels
As with legal markets, cyber criminals use online forums, bulletin boards, email, instant messaging and e-commerce sites to peddle their wares and find recruits. But their communication channels are on anonymous networks like Tor and Freenet. And if you want to join the black market, better learn Russian or Ukrainian, since that’s the most common language of commerce.

The laws of supply and demand also rule on the black market. With an increasing supply of goods for sale—be it credit card numbers, personal health information or employee data—sellers have to stand out. Many offer money-back guarantees that their malware will go undetected for months or offer refunds if a stolen credit card gets cancelled. And while “bad sellers” may be able to hide from law enforcement, they can’t hide from their customers: they’re often shamed on black market trading forums.

Automation
Some experts refer to the growth of the cyber crime market as the Industrialization of Hacking. The key to any industrialization process is automation. Why randomly search for potential victims on a network when it’s so much more efficient to use a bot that manipulates search engines to display results for malware-delivering websites? Likewise, SQL injection attacks, “Remote File Include” and other application-level attacks that used to be done manually are now bundled into software tools available for download.

Mergers and acquisitions
Smart business people everywhere buy out competitors and merge with organizations that can make them stronger. In 2010, two competing malware giants, Zeus and SpyEye, merged. The well-known banking Trojans continued to operate until summer 2015, when Europol took down the Ukrainian syndicate suspected of operating them.

In its report, Google suggests that taking down these criminal enterprises requires economic weapons, not security tools. For example, if prices rise, it puts a dent in criminals’ profit incentive.

Google constantly monitors the black market, looking for chinks in the value chain and watching the price of bot-controlled Google accounts used for storing spam, providing fake reviews of malicious Android apps and hosting phishing sites. In one example, Google analyzed sign ups and found that close to one-fourth of the Google bot accounts had signed up using VoIP phone numbers. So Google blocked certain commonly abused VoIP services. The result? The price of the zombie accounts increased by 30 percent and 40 percent, making them less attractive. Single moves like that won’t bring down the black market, but if every legit enterprise started fighting fire with fire, it could certainly put a damper on the allure of cyber crime.

To learn more about how endpoint backup can help your organization protect its data against cyber crime, download The Guide to Modern Endpoint Backup and Data Visibility.

Code42_Guide_to_Modern_Endpoint_Backup_Banner


Leave a Reply

Your email address will not be published. Required fields are marked *

*