More organizations are getting breached, but data exfiltration is becoming harder for attackers, new data shows. None

 

This is the first blog in a three-part series co-written by LookingGlass Cyber Threat Intelligence Group (CTIG) Senior Threat Analyst Emilio Iasiello and LIFARS Marketing Manager Michal Nemcok*. The series provides a high level overview of the global cyber crime underground and the biggest players in this space. Today we will be discussing the Chinese underground.

Cyber crime is projected to cost the global economy an astounding $445 billion. To put that amount into perspective, Russia’s national budget for 2014 was $440 billion. With those types of profits, it’s easy to see how cyber crime has been such a disruptive force to businesses worldwide, as well as why this “business” is so lucrative and why more and more criminals are becoming involved in the underground digital black market. Unlike what’s been observed in the past (and what many still believe), it’s no longer necessary to be a highly skilled hacker to execute the types of cyber attacks that yield substantive financial rewards. In many cases, all that’s needed is a credit card – everything else can be bought.

The global cyber crime underground is becoming increasingly more diverse as more and more international criminals are entering the arena, with some countries clearly leading the packs. In March 2016, Trend Micro released a white paper in which it determined that cyber crime exists in regional pockets, rather than a unified global enterprise. What’s more, even though there was overlap between regions, these markets distinguished themselves from one another by the types of goods and services being offered.

The further refinement of business operations indicates another evolution of these markets moving from competition based enterprises to ones catering to more selective clientele, which dovetails into many resorting to operating out of the Deep Web in order to evade law enforcement efforts. As such, customers may be more apt to obtain items from the regions of their specialization, intimating that the better markets may ultimately become the ones that focus on quality of product/service rather than quantity.

China

The Chinese cyber crime underground is one of the most prolific in the world and we’ve seen an increase in activity in the recent years. With the recent availability of tools such as leaked data search engines, it is now even simpler to discover and trade breached data, whether it be credit cards, PayPal accounts, poker accounts, bank accounts, personally identifiable information (PII), and everything in between. These include tools such as the SheYun search engine that has been specifically created to search leaked data, the CnSeu forum for trading leaked data, and others. These search engines are either completely free or very cheap to use, while providing a high return.

In addition to underground market’s usual offerings such as DDoS attacks and remote access Trojans, in the past year a new type of tool has emerged – a social engineering toolkit – an example of which is the Social Engineering Master. This particular tool was created by the Chinese cyber underground and contains a comprehensive toolset – everything from obtaining interesting information (MD5, PII, phone numbers) and data dumps, to templates for phishing emails, fake IDs, and much more. It also includes exploit kits, phishing websites, and Trojan downloaders. This is just one of many similar tools that further demonstrates how the cyber crime underground is modeling itself after its legal counterparts (aka legitimate marketplaces fueled by supply and demand practices) – making sure that the customer service and experience is at a high standard to promote use and generate more income for the creators.

Next week, we will discuss the notorious Russian and Eastern European cyber crime undergrounds.

*Michal Nemcok is the Marketing Manager at LIFARS, an international Incident Response And Digital Forensics firm. His background is in IT and IT security with focus on security-related marketing and content editing. He’s done extensive research into topics such as Hacking-as-a-Service and APT campaigns. He works directly with the Incident Response team to keep his hand on the pulse of the latest trends in real-world investigations.

The post The Global Cyber Crime Underground: What Are They and What Do They Sell? appeared first on Cyveillance Blog - The Cyber Intelligence Blog.

We publish this weekly threat intelligence news brief to keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!

Financial Services

“A new strain of malware is targeting PoS terminals in the US, aimed at small businesses and banks that have not yet transitioned to the new EMV chip and PIN card system.

Named TresureHunt, this new PoS (Point of Sale) malware piece has been around since late 2014, when FireEye researchers discovered traces of its early variants.”

– Softpedia

Legal and Regulations

The Federal Trade Commission (FTC) issued warning letters to app developers who have installed a piece of software that can monitor a device’s microphone to listen for audio signals that are embedded in television advertisements. Known as Silverpush, the software is designed to monitor consumers’ television use through the use of “audio beacons” emitted by TVs, which consumers can’t hear but that can be detected by the software. The letter warns developers that if their statements or user interfaces  state or imply that the apps in question are not collecting and transmitting television viewing data when in fact they do, then the app developers could be in violation of Section 5 of the FTC Act.

– FTC

Law Enforcement

“A self-described pro-ISIS group posted the names of 55 New Jersey Transit police officers, their addresses and phone numbers in social media, and urged followers to carry out lone wolf attacks, according to several news reports.

The so-called Caliphate Cyber Army first posted the threats on Twitter on March 6, and then again on Monday, according to NBC New York. They have since been taken down.”

– App.com

Technology

“On Monday, the FBI said in a court filing that it has found a way to circumvent the passcode requirement on one of the San Bernardino shooters’ iPhones and doesn’t need help from Apple anymore—ending a consequential legal showdown over whether the government can compel a company to participate in an investigtion involving one of its devices. The statement comes a week after the FBI delayed a court hearing to vet an unlocking tool from a third party.”

– Slate

Retail

“A finance executive fell victim to a phishing scam that saw the Los Angeles-based maker of children’s toys wire a cool $3 million to Chinese hackers.

Expertly timed during a period of corporate change, the email hit the inbox of the unnamed executive and requested a new vendor payment in the amount of $3 million to a vendor in China. Mattel, of late, has been in a period of change as new CEO Christopher Sinclair had only officially taken over after Mattel had fired his predecessor — a move that aided the con artists.”

– The Next Web

The post Weekly Threat Intelligence Brief: April 5, 2016 appeared first on Cyveillance Blog - The Cyber Intelligence Blog.

How organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services.

Security teams are drowning in often useless threat intel data, but signs of maturity are emerging in what IT-Harvest predicts will be a $1.5 billion market by 2018.

Your adversary is an imperfect human being. Use that knowledge to fight back.