Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Where There’s a Will, There’s a Way; Beyond Dark Web Marketplaces

Nearly a year has passed since the takedowns of AlphaBay and Hansa by law enforcement efforts that left many speculating about the future of dark web marketplaces. Expectations of an older, established market replacing AlphaBay, or the emergence of a new marketplace, have fallen short.

Nearly a year has passed since the takedowns of AlphaBay and Hansa by law enforcement efforts that left many speculating about the future of dark web marketplaces. Expectations of an older, established market replacing AlphaBay, or the emergence of a new marketplace, have fallen short. Dream Market and Olympus are among those to have made a play, but no single marketplace has risen to the top, at least among the English-speaking community. And mistrust, fear and high barriers to entry are preventing new marketplaces from flourishing. But as the adage goes, “where there’s a will there’s a way.” So instead, we’re seeing cybercriminals rely on a patchwork of alternative solutions to conduct illegal, online trade.

Users are retrenching to more specialized forums dedicated to hacking and security, which often act as a platform for trade. Sites like CrimeNet, HPC, and Exploit[.]in contain many examples of threat actors offering products such as ransomware variants, exploit kits, compromised accounts and payment card data. These sites work on a direct transfer system where vendors and customers will communicate directly to arrange payment, often through messaging services such as Jabber. Typically, sellers will advertise their products on these forums, and then direct users to dark web sites to arrange payment. 

Learning valuable lessons from the takedowns of AlphaBay and Hansa, administrators of these forums have been incorporating new technologies and processes for added security and trust among users. 

Some have been experimenting with a decentralized Blockchain domain name system (DNS), which do not have a central authority, and is deemed to be much harder for law enforcement to take down criminal sites. Despite this promising model, the adoption of blockchain in this way hasn’t taken off yet, but merits ongoing monitoring. Administrators are also updating processes to improve site security – advertising the store without revealing the domain, limiting new users’ access using mechanisms such as posting limits and area access restrictions to hamper law enforcement activity, or requiring multiple invitations or referrals from established members. 

Another significant shift is that many cybercriminals are choosing to conduct their business away from dark web marketplaces and underground forums altogether. Increasingly, they are using their site to advertise their service and then directing users to dedicated channels on Jabber, Internet Relay Chat (IRC), Skype, Discord and Telegram to conduct their business. Buyers can contact sellers directly through peer-to-peer networks and private chat channels and execute transactions using cryptocurrencies or electronic payment services. With buyers and sellers spread widely across an increasingly decentralized community, the belief is that it will be more difficult for law enforcement operations which took advantage of having users congregated into a single, central location such as a marketplace.

As cybercriminals incorporate new processes, technologies and communication methods to continue their operations and realize financial gain, businesses and consumers should remain vigilant. The data and services cybercriminals are advertising within dark web markets and forums, point to four areas of concern:

● Payment card fraud: the sale of credit cards as well as carding support, such as manuals and support services.

● Account takeover: user accounts for sale, including high profile breaches, repackaged credential sets, and cracking software.

Advertisement. Scroll to continue reading.

● Counterfeits: fraudulent documents, scans, currencies and luxury goods.

● Insider threat: sharing of access to corporate networks and information.

Preventing your data from circulating within the cybercriminal ecosystem is a major challenge. But here are five general tips that can help reduce the chances of your data falling into the wrong hands:

1. Know where your most sensitive data resides, and then understand how a cybercriminal would monetize that data. 

2. Monitor the open, deep and dark web for mentions of your business, brand or personal information.

3. Increase your monitoring to cover peer-to-peer platforms and messaging channels that are increasingly being used by cybercriminals.

4. Use unique and strong passwords on your most sensitive or personal accounts and enable multifactor authentication to prevent account takeovers.

5. Don’t forget about third parties. Contractors and suppliers with privileged access to your sensitive information are also a weak point. Monitor and secure your supply chain networks in the same way you would your own employees and assets. 

Despite the demise of AlphaBay and Hansa, and the success of law enforcement operations, illicit online business will continue, and the same data and services will remain valuable. It is the marketplaces, forums and communication channels that will change. By closely following these shifts and trends, and watching for new activities and actors across a variety of data sources – not just the dark web – security professionals can continue to take steps to mitigate the digital risk to their enterprises, partners and customers.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.