[BreachExchange] Where There's a Will, There's a Way; Beyond Dark Web Marketplaces

[Inga Goddijn]

https://www.securityweek.com/where-theres-will-theres-way-beyond-dark-web-marketplaces

Nearly a year has passed since the takedowns of AlphaBay
<https://www.securityweek.com/dark-web-market-alphabay-goes-down> and Hansa
<https://www.securityweek.com/us-european-police-say-dark-web-markets-shut-down>
 by law enforcement efforts that left many speculating about the future of
dark web marketplaces. Expectations of an older, established market
replacing AlphaBay, or the emergence of a new marketplace, have fallen
short. Dream Market and Olympus are among those to have made a play, but no
single marketplace has risen to the top, at least among the
English-speaking community. And mistrust, fear and high barriers to entry
are preventing new marketplaces from flourishing. But as the adage goes,
“where there’s a will there’s a way.” So instead, we’re seeing
cybercriminals rely on a patchwork of alternative solutions to conduct
illegal, online trade.

Users are retrenching to more specialized forums dedicated to hacking and
security, which often act as a platform for trade. Sites like CrimeNet,
HPC, and Exploit[.]in contain many examples of threat actors offering
products such as ransomware variants, exploit kits, compromised accounts
and payment card data. These sites work on a direct transfer system where
vendors and customers will communicate directly to arrange payment, often
through messaging services such as Jabber. Typically, sellers will
advertise their products on these forums, and then direct users to dark web
sites to arrange payment.

Learning valuable lessons from the takedowns of AlphaBay and Hansa,
administrators of these forums have been incorporating new technologies and
processes for added security and trust among users.

Some have been experimenting with a decentralized Blockchain domain name
system (DNS), which do not have a central authority, and is deemed to be
much harder for law enforcement to take down criminal sites. Despite this
promising model, the adoption of blockchain in this way hasn’t taken off
yet, but merits ongoing monitoring. Administrators are also updating
processes to improve site security – advertising the store without
revealing the domain, limiting new users’ access using mechanisms such as
posting limits and area access restrictions to hamper law enforcement
activity, or requiring multiple invitations or referrals from established
members.

Another significant shift is that many cybercriminals are choosing to
conduct their business away from dark web marketplaces and underground
forums altogether. Increasingly, they are using their site to advertise
their service and then directing users to dedicated channels on Jabber,
Internet Relay Chat (IRC), Skype, Discord and Telegram to conduct their
business. Buyers can contact sellers directly through peer-to-peer networks
and private chat channels and execute transactions using cryptocurrencies
or electronic payment services. With buyers and sellers spread widely
across an increasingly decentralized community, the belief is that it will
be more difficult for law enforcement operations which took advantage of
having users congregated into a single, central location such as a
marketplace.

As cybercriminals incorporate new processes, technologies and communication
methods to continue their operations and realize financial gain, businesses
and consumers should remain vigilant. The data and services cybercriminals
are advertising within dark web markets and forums, point to four areas of
concern:

● *Payment card fraud*: the sale of credit cards as well as carding
support, such as manuals and support services.

● *Account takeover*: user accounts for sale, including high profile
breaches, repackaged credential sets, and cracking software.

● *Counterfeits*: fraudulent documents, scans, currencies and luxury goods.

● *Insider threat*: sharing of access to corporate networks and information.

Preventing your data from circulating within the cybercriminal ecosystem is
a major challenge. But here are five general tips that can help reduce the
chances of your data falling into the wrong hands:

1. Know where your most sensitive data resides, and then understand how a
cybercriminal would monetize that data.

2. Monitor the open, deep and dark web for mentions of your business, brand
or personal information.

3. Increase your monitoring to cover peer-to-peer platforms and messaging
channels that are increasingly being used by cybercriminals.

4. Use unique and strong passwords on your most sensitive or personal
accounts and enable multifactor authentication to prevent account takeovers.

5. Don’t forget about third parties. Contractors and suppliers with
privileged access to your sensitive information are also a weak point.
Monitor and secure your supply chain networks in the same way you would
your own employees and assets.

Despite the demise of AlphaBay and Hansa, and the success of law
enforcement operations, illicit online business will continue, and the same
data and services will remain valuable. It is the marketplaces, forums and
communication channels that will change. By closely following these shifts
and trends, and watching for new activities and actors across a variety of
data sources – not just the dark web – security professionals can continue
to take steps to mitigate the digital risk to their enterprises, partners
and customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180607/937f916c/attachment.html>