Brazen North American Cyber Underground Offers DIY Criminal Wares For Cheap

  /     /     /  
Publicated : 22/11/2024   Category : security


Brazen North American Cyber Underground Offers DIY Criminal Wares For Cheap


Inexpensive and easily accessible cybercrime products and services as well as drugs, counterfeit documents, weapons, cater to would-be and existing criminals, new report says.



You dont have to be a stealthy hacker or member of organized crime to buy and sell goods in the North American cyber underground: its a wide open, easily accessible cyber marketplace that makes it easy for anyone to illegally buy weapons, crimeware, and botnets.
What sets the North American underground economy apart from that of Russia and other more stealthy cyber-based crime conduits is that its easy for novices to access -- theres no limited access like in the Russian underground. And that means it makes it easy for anyone to conduct cybercrime or access the tools for physical crime, a new report from Trend Micro has found.
Its more of an Amazon [type] shopping mall for goods and services, a one-stop shop for anything nefarious, says Tom Kellermann, chief cybersecurity officer at Trend Micro.
Many of the underground sites studied by Trend Micro are searchable via the Web. All it takes is the right search query, and a novice can access what he or she needs to perform criminal acts, such as guides for how to use VPNs or TOR for nefarious purposes, and goods and services for cybercrime (stolen payment card information), physical fraud (fake passports), drugs, and even murder. You can get ransomware in the US for $10, Kellermann notes.
But the brazen openness of the North American cyber underground also means its in the sights of law enforcement, a tradeoff the peddlers and buyers seem willing to risk. They get around getting busted by constantly changing up their sites: Although several criminal transactions are done out in the open, they are very fickle. The life span of most underground sites is short. They could be up one day and gone the next. Investigations will have to keep up with this fast pace,
Trend Micros report
says.
Theres also rampant competition among the vendors, which has made the purchase of these wares relatively inexpensive.
[When you think cybercrime, Japan probably isnt top of mind. But like anywhere else, the bad guys there are following the money, and an emerging yet highly stealthy underground economy is growing in Japan. Read
Japans Cybercrime Underground On The Rise
.]
One of the trademark offerings in the North American underground is crypting services, which offer bad guys a way to camouflage their malware from anti-malware systems. They submit their malware, and the providers check it against security tools and then encrypt it such that its no longer detectable. That service is available from $20 for a one-shot deal to $1,000 for a monthly offering.
The Xena RAT Builder crimeware kit is price anywhere from $1 to $50, and offers two levels of customer service:  silver ($15) and gold ($20). Gold encrypts it so its undetectable. Would-be cybercriminals can buy a worm from between $7 and $10; botnet or botnet-builder tools for between $5 and $200; ransomware for $10; and the Betabot DDoS tool for $74.
There also are DDoS-as-a-service options, which start as low as $5 for 300 seconds of a 40 gigabits-per-second DDoS attack, to $60 for a 2,000-second 125Gbps DDoS. Bulletproof hosting services are also available for $75 per month.
A phony US passport costs $30, and a phony US drivers license, $145, Trend Micros researchers found.
Theyre [the sellers] trying to enable anyone with criminal intentions. Thats problematic, Trend Micros Kellermann says. It speaks to more crime having a duality to it, and with cyber-components.
Unlike the Russian underground, North Americas has no organizational structure, he says. Germanys is the most sophisticated in operational security … Russia is selling the most zero-days and advanced attack platforms.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Brazen North American Cyber Underground Offers DIY Criminal Wares For Cheap