Trend Micro research finds trust lacking within cyber criminal underground
Report details changing tactics and global demand for new malicious services like deepfake ransomware and AI bots.
Trend Micro, a global leader in cyber security solutions, today released new data on cyber criminal operations and patterns for buying and selling goods and services in the underground. Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymisation.
"This report highlights the threat intelligence we collect and analyse from global cyber criminal networks that enables us to alert, prepare and protect our corporate customers and partners," said Ed Cabrera, chief cybersecurity officer for Trend Micro. "This research helps us inform businesses early about emerging threats, such as deepfake ransomware, AI bots, access as a service and highly targeted SIM-swapping. A layered, risk-based response is vital for mitigating the risk posed by these and other increasingly popular threats."
The report reveals that determined efforts by law enforcement appear to be having an impact on the cyber crime underground. Several forums have been taken down by global police entities, and remaining forums experience persistent DDOS attacks and log-in problems impacting their usefulness.
The report also reveals the changing market trends for cyber crime products and services since 2015. Commoditisation has driven prices down for many items. For example, crypting services fell from US$1 000 to just $20 per month, while the price of generic botnets dropped from $200 to $5 per day. Pricing for other items, including ransomware, remote access Trojans (RATs), online account credentials and spam services, remained stable, which indicates continued demand.
However, Trend Micro Research has seen high demand for other services, such as IOT botnets, with new undetected malware variants selling for as much as $5 000. Also popular are fake news and cyber-propaganda services, with voter databases selling for hundreds of dollars, and gaming accounts for games like Fortnite fetching around $1 000 on average.
Other notable findings include the emergence of markets for:
- Deepfake services for sextortion or to bypass photo verification requirements on some sites.
- AI-based gambling bots designed to predict dice roll patterns and crack complex Roblox CAPTCHA.
- Access as a service to hacked devices and corporate networks. Prices for Fortune 500 companies can reach up to US$10 000 and some services include access with read and write privileges.
- Wearable device accounts where access could enable cyber criminals to run warranty scams by requesting replacement devices.
Trends in underground marketplaces will likely shift further in the months following the global COVID-19 pandemic, as attack opportunities continue to evolve. To protect against the ever-changing threat landscape, Trend Micro recommends a multi-layered defence approach to protect against the latest threats and mitigate corporate security risk.
To find out more, read the full report.