Since 2012, Trend Micro’s Forward-Looking Threat Research Team (FTR) has engaged in detailed research into the Chinese Cybercriminal Underground. Over the years we’ve outlined this illicit market place’s activity, beginning with its overall landscape in 2013 to its mobile offerings in 2014. This is part of our overall, ongoing focus on the global cybercriminal underground that includes other countries such as Russia and Brazil.
Today we’ve released our third research paper, “Prototype Nation: The Chinese Cybercriminal Underground in 2015,” detailing our findings on the latest developments.
We have seen China serve as the birthplace for emerging trends that will eventually enter the broader, global cybercriminal underground. The most important innovations we’ve recently seen is in the area of “carding,” theft of credit and debit card information. A fear now realized by our researchers, ATM skimmers and fraudulent point of sale (PoS) terminals are now being mass produced, much to the detriment of China’s consumers and businesses.
These mass produced devices have been introduced into otherwise legitimate business equipment sales and supply chain operations. Legally operating businesses are selling mass produced, malicious payment card devices to other organizations with neither being aware, ultimately victimizing the customers of both.
Essentially, through this process, cybercriminals have enlisted innocent business owners as their (unknowing) accomplices. For example, our researchers found 1,100 sets of payment card information stolen from small restaurants and hotels in China without the merchants knowing. In total, the attack cost victims RMB 1.5 million (~US$236,507). This situation is just one of many and serves as a forerunner of what we are likely to see more broadly in the future.
Another area discussed in the report revolves around stolen and leaked data. Increasingly, the problem for criminals isn’t in finding stolen data, but finding the right stolen data. However, as we discovered, the Chinese underground is once again on the forefront of solving this issue by developing malicious tools such as Social Engineering Master (社工大师).
Specifically, this tool mines leaked data and can be used to make convincing social-engineering phishing emails through a simple interface. Due to this, effective spear-phishing emails are just a few clicks away. With spear-phishing serving as the point of entry for targeted attacks, these easy-to-use tools allow less sophisticated cybercriminals seeking financial gain evolve into sophisticated attackers, exploiting this information for espionage purposes.
In addition, our paper has an updated listing of the market prices for goods and services available for sale on the Chinese cybercriminal underground and shows the pricing we’ve seen since 2013. Overall, costs continue to drop with some notable exceptions, mainly around the boosting of ratings for free apps on the Apple App Store (though rating manipulation for paid apps has actually dropped).
These are just some of the insights in our latest look at the Chinese cybercriminal underground. Read the full report for more details and information.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.