Distrust among cybercriminals prompt change of channels

Image courtesy of Trend Micro

Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymisation, according to a new report from Trend Micro.

The report details changing tactics and global demand for new malicious services like Deepfake ransomware, AI bots, Access-as-a-Service and highly targeted SIM-swapping.

Findings show that determined efforts by law enforcement appear to be having an impact on the cybercrime underground. Several forums have been taken down by global police entities, and remaining forums experience persistent DDoS attacks and log-in problems impacting their usefulness.

Loss of trust led to the creation of a new site, called DarkNet Trust, which was created to verify vendors’ and increase user anonymity. Other underground markets have launched new security measures, such as direct buyer-to-vendor payments, multi-signatures for cryptocurrency transactions, encrypted messaging, and a ban on JavaScript.

Also, commoditisation has driven prices down for many items. For example, crypting services fell from US$1,000 to just $20 per month, while the price of generic botnets dropped from $200 to $5 per day. 

Pricing for other items, including ransomware, Remote Access Trojans (RATs), online account credentials and spam services, remained stable, which indicates continued demand.

However, Trend Micro Research has seen high demand for other services, such as IoT botnets, with new undetected malware variants selling for as much as $5,000.

Also popular are fake news and cyber-propaganda services, with voter databases selling for hundreds of dollars, and gaming accounts for games like Fortnite can fetch around $1,000 on average.

Findings also show the emergence of markets for Deepfake services for sextortion or to bypass photo verification requirements on some sites.

Also emerging are markets for AI-based gambling bots designed to predict dice roll patterns and crack complex Roblox CAPTCHA; Access-as-a-Service to hacked devices and corporate networks; and wearable device accounts where access could enable cybercriminals to run warranty scams by requesting replacement devices.