CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Where There’s a Will, There’s a Way; Beyond Dark Web Marketplaces

Nearly a year has passed since the takedowns of AlphaBay and Hansa by law enforcement efforts that left many speculating about the future of dark web marketplaces. Expectations of an older, established market replacing AlphaBay, or the emergence of a new marketplace, have fallen short.

Nearly a year has passed since the takedowns of AlphaBay and Hansa by law enforcement efforts that left many speculating about the future of dark web marketplaces. Expectations of an older, established market replacing AlphaBay, or the emergence of a new marketplace, have fallen short. Dream Market and Olympus are among those to have made a play, but no single marketplace has risen to the top, at least among the English-speaking community. And mistrust, fear and high barriers to entry are preventing new marketplaces from flourishing. But as the adage goes, “where there’s a will there’s a way.” So instead, we’re seeing cybercriminals rely on a patchwork of alternative solutions to conduct illegal, online trade.

Users are retrenching to more specialized forums dedicated to hacking and security, which often act as a platform for trade. Sites like CrimeNet, HPC, and Exploit[.]in contain many examples of threat actors offering products such as ransomware variants, exploit kits, compromised accounts and payment card data. These sites work on a direct transfer system where vendors and customers will communicate directly to arrange payment, often through messaging services such as Jabber. Typically, sellers will advertise their products on these forums, and then direct users to dark web sites to arrange payment. 

Learning valuable lessons from the takedowns of AlphaBay and Hansa, administrators of these forums have been incorporating new technologies and processes for added security and trust among users. 

Some have been experimenting with a decentralized Blockchain domain name system (DNS), which do not have a central authority, and is deemed to be much harder for law enforcement to take down criminal sites. Despite this promising model, the adoption of blockchain in this way hasn’t taken off yet, but merits ongoing monitoring. Administrators are also updating processes to improve site security – advertising the store without revealing the domain, limiting new users’ access using mechanisms such as posting limits and area access restrictions to hamper law enforcement activity, or requiring multiple invitations or referrals from established members. 

Another significant shift is that many cybercriminals are choosing to conduct their business away from dark web marketplaces and underground forums altogether. Increasingly, they are using their site to advertise their service and then directing users to dedicated channels on Jabber, Internet Relay Chat (IRC), Skype, Discord and Telegram to conduct their business. Buyers can contact sellers directly through peer-to-peer networks and private chat channels and execute transactions using cryptocurrencies or electronic payment services. With buyers and sellers spread widely across an increasingly decentralized community, the belief is that it will be more difficult for law enforcement operations which took advantage of having users congregated into a single, central location such as a marketplace.

As cybercriminals incorporate new processes, technologies and communication methods to continue their operations and realize financial gain, businesses and consumers should remain vigilant. The data and services cybercriminals are advertising within dark web markets and forums, point to four areas of concern:

● Payment card fraud: the sale of credit cards as well as carding support, such as manuals and support services.

● Account takeover: user accounts for sale, including high profile breaches, repackaged credential sets, and cracking software.

Advertisement. Scroll to continue reading.

● Counterfeits: fraudulent documents, scans, currencies and luxury goods.

● Insider threat: sharing of access to corporate networks and information.

Preventing your data from circulating within the cybercriminal ecosystem is a major challenge. But here are five general tips that can help reduce the chances of your data falling into the wrong hands:

1. Know where your most sensitive data resides, and then understand how a cybercriminal would monetize that data. 

2. Monitor the open, deep and dark web for mentions of your business, brand or personal information.

3. Increase your monitoring to cover peer-to-peer platforms and messaging channels that are increasingly being used by cybercriminals.

4. Use unique and strong passwords on your most sensitive or personal accounts and enable multifactor authentication to prevent account takeovers.

5. Don’t forget about third parties. Contractors and suppliers with privileged access to your sensitive information are also a weak point. Monitor and secure your supply chain networks in the same way you would your own employees and assets. 

Despite the demise of AlphaBay and Hansa, and the success of law enforcement operations, illicit online business will continue, and the same data and services will remain valuable. It is the marketplaces, forums and communication channels that will change. By closely following these shifts and trends, and watching for new activities and actors across a variety of data sources – not just the dark web – security professionals can continue to take steps to mitigate the digital risk to their enterprises, partners and customers.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.