16.2 C
Tuesday, July 16, 2024

Unmasking Cyber Black Markets and Their Alarming Impact on Companies

Must read

Chandni U
Chandni U
Assistant Editor

Dive into the ‘Whack A Mole’ scenario, the Dark Index revealing prices of illegal products, and the role of fraud analysts in combating cyber threats.

It’s not only the Monopoly board game that features Rich Uncle Pennybags. He is seen playing a mascot on Versus Market, a cyber-black market where illegal items are sold. Also, Walter White from Breaking Bad appears as a mascot for the White House Market. He advertises weaponry and stolen financial information for sale. Misusing identities is only the surface of everything illegal that goes on in the cyber black markets of the dark web. 

Terbium Labs has cataloged over 200 dark web domains to be illegal, of which 75% are located in the marketplace. In the last few years, the black market cyberspace has been crawling with illicit vendors selling products and services, including pharmaceutical drugs and counterfeit documents. 

A specific black market has around 500,000 user visits, over 2,400 sellers, and over 320,000 transactions, with over 4,650 Bitcoin and 12,800 Monero transferred. A decade ago, when Satoshi Nakamoto developed Bitcoin, it laid the foundation for future cybercrime. In 2011, cryptocurrency became the currency of choice for drug dealers doing business in the black markets. 

The ‘Whack A Mole’ Situation

When millions of usernames and passwords stolen from over 1000 websites are up for sale in a dark web cyber marketplace, a possible catastrophe is inevitable. Nevertheless, organizations have always been trying to shut them down for good. Unfortunately, every time a black market falls, another rises.

In 2011, Ross Ulbricht launched Silk Road, an online black market on the dark web. The revenue was estimated to be over a billion dollars. He was convicted and sentenced to life imprisonment. 

In 2014, alleged founder Alexandre Cazes launched Alphabay, another online black market that sold illegal merchandise, including drugs, and breached data. Cazes was found dead in a Thai prison, apparently by suicide.

In 2017, the black market Hansa was shut down by the Dutch police, infiltrating the marketplace and acquiring all the information needed to make arrests. 

In 2021, Germany’s Bundeskriminalamt, Netherland’s National High Tech Crime Unit, Romania’s Directorate for the Investigation of Organised Crime and Terrorism, and the US Department of Justice of International Affairs and the FBI seized Slilpp, where the stolen credentials and identities were on display. It has been calculated that the total losses could easily add up to seven figures. Yet, the real impact of illicit trading on Slilpp is still unknown.

A Closer Look At The Dark Index

A forged Maltese passport costs around $6,500, and a forged yet valid security number was priced at $2. 

Privacy Affairs (PA) recently published a 2021 Dark Web Price Index. It comes with the price tag of a range of products sold in the deepest corners of the black market. Faces have also begun making an appearance. For instance, a selfie of a random civilian holding his ID that can be used in biometric cyberattacks was priced at $100.

Experts reckon that prices vary depending on the degree of risks that come with attaining the information, the level of benefits for buyers when they use the information, and the quality and accuracy of the product. A cloned credit card with its PIN cost $10 more than last year. According to the PA index, US hacked credit card details are valued the lowest, and Israel’s are the highest. Additionally, hacked crypto accounts were found to be one of the valuable items in the cyber black market, valued at around $600.

Other illegal products on the cyber black market include PayPal account details, distributed denial of service stack services, deepfakes, counterfeit currencies, digital health passes, and vaccination certificates. According to PA, there are also rumors about threat actors enquiring about vaccination certificates. 

On the other hand, deepfakes have been gaining a lot of attention. Deepfake services on a Hack Forum were viewed at $20 per minute last year. The market also offers schemes and tools to create them for identity verification. 

False merchant and application fraud is also picking up pace. With fake business registration paperwork on sale in the black market, a user can buy it and set up a false company to run illegal payments and indulge in money laundering. Tracking a fake of an existing, running company is harder. Experts reckon that with the rise of remote working, it became easier for fraudsters to set up fake businesses. Statistics reveal a 125% increase. 

With a more organized and trained market, it might get harder for officials to eliminate any more black markets.

In The Shoes Of A Fraud Analyst

Observing a suspicious pattern in a single transaction on the dark web can lead to retrieving several stolen cards. Experts state that the dark web has become an investigating tool for fraud analysts, saving them time, money, and other resources. 

Fraud analysts use basic solutions like checking out the activity of a single card number through the dark web monitoring service to figure out if it belonged to a stolen set. They can also conduct deeper analysis to determine if any business registration number has been illegally sold recently. Additionally, they look for a director’s name or e-mail address that could be associated with any fraudulent accounts on sale. 

Such analysts who monitor the dark web regularly for long hours end up placing their companies and accounts in danger of attack. Experts reckon that fraud, operational, and development teams must also continuously track their corporate credentials. If compromised, fraudsters can mimic their operational activities and create havoc.

Fraud analysts are also equipped with the ability to scour through the darkest corners and identify new fraud trends and patterns. Several dark web forums sell card skimming and shimming equipment, which can copy chip and pin cards. They come with an instruction guide as well. Many analysts buy them for research and understanding purposes. Scamming is another threat that organizations should be mindful of when browsing the dark web. While reports indicate that the dark web offers illegal services such as company secrets, personal information, or other illegal sales, many such services might be scams. 

Target in Sight: Every Company

A CMO’s e-mail account and a signature scan are unsuspectedly compromised and put up for sale in the cyber black market. A cybercriminal bought it, crafted physical letters with the signature, and sent them to the bank. The CMO is in deep trouble, and so is the company. 

It doesn’t matter whether the company uses the dark web; it can still get into trouble. From contact information and financial data to access credentials, it can be displayed on the dark web without any hint of malpractice. 

2012, LinkedIn was hacked, and information about 117 million was sprawled over the dark web. The authorities were in the dark for years. In 2013, three billion Yahoo accounts were also compromised, and the breach was discovered only three years later. 

Amazon was also not spared. In 2017, hackers illegally accessed third-party seller accounts and modified the account details to direct all payments to their accounts. When Amazon realized the breach, sellers lost more than $100,000 of revenue.  

The Role of CISOs and CTOs

The very existence of the dark web and its cyber marketplaces is a cause of concern for every CISO and CTO across industries. Experts claim that it is highly possible that cybercriminals relevant to the particular organization actively exist within the marketplace. The cybersecurity teams must employ proactive threat intelligence to provide their company with ample support and security. 

Additionally, experts strongly recommend dark web monitoring for online hygiene. All threats across multiple cybercrime zones should be monitored to check for company data being traded in cyber black markets. Several software platforms, such as Digital Shadows and Zerofox, offer these services. It is critical to indulge in the dark web scan of the IT system. CISOs could also use intelligence in the dark web to discover vendors that illegally sell corporate credentials, monitor data dumps that could contain the company IP, and track the sale of malware in the black market. Other important strategies include multi-factor authentication and endpoint security.

From travel boarding passes to onboarding processes, in some industries, it is impossible to hide personal, sensitive data. For instance, an airline company, FireEye, discovered that third parties sold illicit tickets on the dark web. A cyber defense strategy exclusively for dark web activities can be very useful.

Communications, funds transactions, trust, and logistics can all be anonymized, which makes it a difficult task for law enforcement agencies (LEA) to put an end to criminal activities. In 2016, a Canadian Think tank survey revealed that over 71% of internet users wanted the dark web to shut down. A larger number today. However, experts reckon it is not possible as the dark web is not illegal. Several organizations use it for private communications, secret investigations, and anonymous forums. There is good that exists within the folds of the dark web. 

More articles

Latest posts