The Current Chinese Cybercriminal Underground

Uploaded on 2015-12-09 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-Law Enforcement, FREE TO VIEW

 

By the end of 2013, the Chinese cybercrime underground was a very busy economy, with peddled wares that not only targeted PCs, but mobile devices as well making it its most prolific segment. We also saw cybercriminals abusing popular Web services such as the instant-messaging app (IM), QQ, to communicate with peers.

Today, the Chinese underground is thriving more than ever. Previous explorations in the Chinese underground have indicated that cybercriminals are quick to adapt to technological advancements and existing trends as seen throughout 2015. Data (either leaked or stolen) are now being traded along with prototypes and new functional hardware, like point-of-sales (PoS) and automated teller machine (ATM) skimmers. As the Chinese underground continues to burgeon, we expect to see more cybercriminal activity using these new market offerings:

Leaked data search engines and other offerings
Data leaked in the underground allows cybercriminals to commit various crimes like financial fraud, identity and intellectual property theft, espionage, and extortion. Chinese cybercriminals have managed to enhance the way they share data as seen in the case of SheYun, a search engine created specifically to make leaked data to users available.

Over the last few years, we have been keeping track of the shift of prices of goods and services traded in the Chinese underground. Previously, we saw compromised hosts, DDoS attack tools services, and remote access Trojans (RATs) being sold. Today, social engineering tools have been added to the market.

Carding devices
Cash transactions are slowly becoming a thing of the past, as evidenced by the adoption of electronic and mobile payment means.
    
    PoS skimmers - Tampered PoS devices are sold to resellers who may or may not know that these devices are rigged. Some PoS skimmers come with an SMS-notification feature that allows the cybercriminal to access the stolen data remotely every time the device is used.
    
    ATM skimmers –Commonly sold on B2B websites, these fraud-enabling devices allowed fraudsters to carry out bank fraud and actual theft. The devices have keypad overlays that are used to steal victims’ PINs.
    
    Pocket skimmers – These small, unnoticeable magnetic card readers can store track data of up to 2,048 payment cards. They do not need to be physically connected to a computer or a power supply to work. All captured data can be downloaded onto a connected computer.
    
TrendMicro paper, Prototype Nation: The Chinese Cybercriminal Underground in 2015 provides a closer look into the country's underground market and how it has kept up with events in the real world.
Trend Micro: http://bit.ly/1lkZ7Rl

« Insurance & Cyber Vulnerability - Get Your Report for 2016
How to Spot a Fake LinkedIn Profile in 60 Seconds. »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.