• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cybercrime   »   Lone Rangers of the Underground

Lone Rangers of the Underground

  • Posted on:September 2, 2015
  • Posted in:Cybercrime, Security
  • Posted by:Rik Ferguson (VP, Security Research)
0

When we speak about online crime, we do so often in terms of “organised crime” or of highly-skilled nation-state sponsored activity. So much so in fact that you could be forgiven for thinking that solo online criminals represent the bottom-feeding, “script-kiddie” side of the business.

Trend Micro’s second quarter roundup “A Rising Tide: New Hacks Threaten Public Technologies” holds that conclusion up to scrutiny and finds it wanting.

The underground market for malware tools, vulnerabilities, exploit kits and every other criminal niche is fully mature. The barriers to entry into the market have fallen away over the years, established criminal toolkits are available at low to no cost, former high value malware such as ZeuS have become almost open source projects, spawning a variety of improvements or imitators and basic tools such as keyloggers or system lockers are being combined to devastating effect.

Take for example the Hawkeye attacks that affected small businesses on a global scale, from China through India and Europe all the way across to the United States. A simple $35 keylogger, Hawkeye, was used in sophisticated “change of supplier” fraud by two lone Nigerian criminals.

Similarly “Frapstar,” a lone operator from Canada and “LordFenix” from Brazil profited from their solo endeavours; selling stolen information and banking malware respectively.

This enterprising individual effort isn’t restricted to these more traditional online crimes either. Point-of-Sale malware has seen almost 2 years of concentrated criminal innovation and 2015 has been no exception. Smaller operators are investing time and effort in the creation of new tools such as FighterPoS and MalumPoS and reaping illegitimate rewards worth hundreds of thousand of dollars by targeting particular industry verticals, most significantly in the US. It is only a matter of time before the source code of these projects is used to wider effect by others in the criminal community.

Perhaps indicative of this is the evolutionary path of ransomware, in particular crypto-ransomware. Whilst the infection rates for modern variants like CryptoWall or TorrentLocker appear to be on a downward trend, they are becoming a firmly entrenched aspect of regionalised attacks, with extensive partner and money-laundering network. They are also increasingly working hand-in-glove with other parts of the criminal software distribution ecosystem such as FAREIT.

These new solo or small business cybercriminals are not necessarily offshoots of larger more established groups, but in many cases represent the next generation of would-be online criminals. One of the things that these attackers may not yet have fully developed is an effective OpSec model, leaving traces of their real identities associated with their criminal endeavours, as was the case with the Chinese teens behind the Android ransomware ANDROIDOS_JIANMO.HAT.

Law enforcement globally is increasingly working more effectively together, pooling resources and intelligence and becoming ever more effective at shutting down both the nascent and the established online criminal operations. We still have a road to travel, but we’re headed in the right direction. In the words of Liam Neeson…We will find you.

Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.

Related posts:

  1. Bargains and brotherhood: The underground Digital Souks of the Middle East
  2. The North American Underground: Open to All for Business
  3. A Look into the Russian Underground
  4. Trend Micro Presents The Japan Underground – Uncharted Territory

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.