Cyber Criminal Underground In The Deep Web

Uploaded on 2016-03-30 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A new interesting report published by the experts at TrendMicro highlights the differences between the principal underground ecosystems worldwide.

Thinking of a unique “global” underground ecosystem is an error, every community has its own characteristics, the criminal crews that compose it are specialized in the provisioning of specific product and services.

The researchers who analyzed illegal activities in the Deep Web have identified at least six different cybercriminal ecosystems operating in Russia, Japan, China, Germany, in the United States and Canada (North America), and Brazil.

“Each country’s market is as distinct as its culture. The Russian underground, for instance, can be likened to a well-functioning assembly line where each player has a role to play. It acts as the German market’s “big brother” as well in that it greatly influences how the latter works. The Chinese market, meanwhile, boasts of robust tool and hardware development, acting as a prototype hub for cybercriminal wannabes. Brazil is more focused on banking Trojans while Japan tends to be deliberately exclusive to members.” states the report.    

The last report published by TrendMicro explains the differences, revealing the peculiarity of the offer in each ecosystem.

“Cybercriminals from every corner of the world take advantage of the anonymity of the Web, particularly the Deep Web, to hide from the authorities. Infrastructure and skill differences affect how far into the Deep Web each underground market has gone. Chinese cybercriminals, for instance, do not rely on the Deep Web as much as their German and North American counterparts do. This could, however, be due to the fact that the “great firewall” of China prevents its citizens (even the tech-savviest of its cyber-crooks) from accessing the Deep Web. The fact that Germany and North America more strictly implement cybercrime laws may have something to do with their greater reliance on the Deep Web, too.”

The Russian underground is defined “a well-functioning assembly line,” it is an ecosystem crowded by professional sellers that competing each other by providing goods in the shortest amount of time and most efficient manner possible. Marketplaces like fe-ccshop.su and Rescator that offer products and services for credit card frauds are very popular in the criminal underground worldwide.

These markets offer escrowing services or “garants,” that make them an important aggregator for the criminal demand, offering them a privileged environment where operate anonymously.

The Japanese underground is characterized by members only bulletin board systems, the criminals make large use of special jargon to evade the authorities. This market is characterized by the attitude in accepting more unusual kinds of payment, including gift cards and forum points instead of bitcoins or cash paid via money transfer.

The Chinese underground is focused on the provisioning of hardware several illegal activities rapidly responding to the cybercriminal demand.

“The Chinese underground is a teeming hub of prototypes. It not only sells the usual array of software and services found in its counterparts, but also hardware. It adapts the fastest to the latest in cybercrime trends and leads the way in terms of cybercriminal innovation. And true to its adaptive nature, it now boasts of uncommon offerings like leaked-data search engine privacy protection services that can only be dubbed “made in China,” states the report.

The North American underground is considered the most open to novices, it is visible to both cybercriminals and law enforcement, meanwhile the Canadian underground is focused on the sale of fake/stolen documents and credentials (fake driver’s licenses and passports, stolen credit card and other banking information, and credit “fullz” or complete dumps of personal information).

Germany’s underground is a subsidiary of the Russian one, the market heavy rely on DarkNets, the most popular forums use mirrors on the Tor Network. Deep Web.

Let’s close with the Brazilian underground, which is characterized by the presence of youngsters with no regard for the law. They use the Surface Web, exploiting popular social media for their activities.
The key findings of the study highlights:

The Japanese underground is the only market that does not focus on traditional crimeware. This underground scene caters more to the taboo.

The German underground takes cues from the Russian market.
    
The Chinese underground serves as a hotbed for crimeware (particularly hardware) prototypes.
    
For more details on the criminal ecosystem in the Deep Web give a look to the report “Cybercrime and the Deep Web”

Security Affairs:  http://bit.ly/25ushAz

« Swedish Police Investigate Media Cyber-Attacks
Shopping List: Cybersecurity Acquisitions In 2016 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Bittium

Bittium

Bittium provides proven information security solutions for mobile devices and portable computers.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

Flatt Security

Flatt Security

Flatt Security is a cyber security startup based in Japan providing security assessments and other cyber security services.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.