Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Kyle Wilhoit (Senior Threat Researcher)




    In my last blog post, I covered several topics around how cybercriminals use your stolen information and why these criminals want your information. That entry, along with this entry, is part of a blog series intended to cover the expanding economies in relation to cybercrime, as well as some facts and recommendations to help safeguard your data against information theft.

    In the first part of the two-part intelligence brief series, I will tackle the existing “trust model” in the underground cybercrime arena and some profiling of the gateways/actors that sell these goods.

    Information Theft Business Model

    It’s no secret that scammers are out there to make a quick buck. However, what’s often not known or discussed is how they engage the market to sell their goods.

    These scammers must first engage the market with their goods. They often reach out to Pastebin, underground forums, and several other sites designed to peddle their wares. Furthermore, they also use a popular tactic of posting their “ads” on legitimate forums and sites. This step can be considered the aspect of “gaining your customers”. The next step is establishing a pricing model to fit the marketplace.

    Price Discrimination vs. Penetration Pricing

    During the past five years, there have been a number of incidents outlining price discrimination on underground forums. Price discrimination exists when a provider sells identical goods or services at different prices for several reasons. There are realistically four degrees of price discrimination, all with varying discriminatory fashions.

    However, in the past two years, there has been a shift away from price discrimination and to a more penetration pricing model. Penetration pricing is a tactic used by a seller to attract new buyers in multiple different ways.

    In the penetration pricing model, scammers enter the market and sell their wares at a much lower price to gain market space, and then slowly increase their price until it meets market value with the other sellers. Many of the vendors participating in selling stolen goods enjoy a good market for selling these goods after using this model. Utilizing this will often lead to increased sales volume and higher inventory turnover.

    This penetration pricing upswing has likely occurred as there were many new entrants into the underground marketplace selling goods. These new entrants weren’t following maximum price rules or by unique buyer attributes.

    These scammers are also enjoying a fairly uninhibited marketplace since the ease of hiding their nefarious activities has dramatically improved. For those familiar, see onion routing, and that will easily explain one of the many ways these actors hide their tracks.

    Read the rest of this entry »

     
    Posted in Data | 1 TrackBack »



    In passing, I recalled talking to my neighbor where I mentioned working in the area of information security. His next question quickly came out- “Why do these scammers want my information?” The more I’m asked this question, the more apparent it becomes that user information is highly valuable.

    Would it be surprising to know that it would merely cost $5 (USD) to buy all of your personal information on underground forums and sites? Some of you may also be surprised to find out the information for sale isn’t just your name and address-it’s far more than that.

    “Fullz”, as it is referred to in underground forums contain not just credit card numbers, names, and date of births. “Fullz” are typically delivered in one of several methods. First, it could be a text or .CSV file containing all of the information in a comma separated file. All of the details of the compromised individuals would be included in the file for easy perusal. In addition, “fullz” could be delivered via a portable database format, like a .MDF file for easy local database import. You can also find personal questions asked during account registrations as well as driver’s license information, social security number, and other information.

    figure1_WH_edited

    Just because these scammers are nefarious, it doesn’t mean they’re not entrepreneurial. For instance, one seller offers bulk discounts for orders as seen in figure 2.

    figure2_WH

    These scammers also offer the sale of “dumps”, which is the raw data off the magstrip of your credit cards. In addition to dumps, they sell “plastics”, which are blank cards that are used for writing dumps too.

    And finally, to make scamming even easier, attackers are selling direct logins for bank accounts as well as the transportation of high-end electronics. Bank accounts are being sold for direct access to the money- no more buying dumps and plastics, just use your bank login information and transfer the money.

    High-end electronics are also peddled on the black market for reasonable prices. These scammers buy devices at retail price using stolen credit card information, and proceed to sell it at discounted rates online for cash.

    figure3_WH

    Read the rest of this entry »

     
    Posted in Data | TrackBacks (4) »


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice