Places in the Internet where cybercriminals come together to buy and sell different products and services exist. Instead of creating their own attack tools from scratch, they can instead purchase what they need from peers who offer competitive prices. Like any other market, the laws of supply and demand dictate prices and feature offerings. But what’s more interesting to note is that recently, prices have been going down.
Over the years, we have been keeping tabs on major developments in the cybercriminal underground. Constant monitoring of cybercriminal activities for years has allowed us to gather intelligence to characterize the more advanced markets we have seen so far and come up with comprehensive lists of offerings in them.
In 2012, we published “Russian Underground 101,” which showcased what the Russian cybercriminal underground market had to offer. Later that year, we worked with the University of California Institute of Global Conflict and Cooperation to publish “Investigating China’s Online Underground Economy,” which featured the Chinese cybercriminal underground.
Last year, we revisited the Chinese underground and published “Beyond Online Gaming: Revisiting the Chinese Underground Market.” We learned then that every country’s underground market has distinct characteristics. So this year, we will add another market to our growing list: Brazil.
The barriers to launching cybercriminal operations have greatly lessened in number. Toolkits are becoming more available and cheaper; some are even offered free of charge. Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cybercriminals in the said countries.
Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online “shops” harder for law enforcement to find and take down.
Our first cybercrime economy update for the year will focus on the burgeoning market for mobile malware/scam-related tools and software in China, to be released next week on March 3.
All of these developments mean that the computing public is at risk of being victimized more than ever and must completely reconsider how big a part security should play in their everyday computing behaviors. In the coming months we will dig deeper into these, and present our findings to educate users.