|
Trend
Micro has published a new study on black cyber-markets focusing on product
and services offered on the Brazilian underground.
The new study, exactly like
previous analysis, describes a thriving marketplace where cyber
criminals proposes their services and products to criminal crews that instead
of creating their own attack tools from scratch could benefit of
the competitive offer. The study reports the principal solution and
services proposed to the crooks in a model of sale known as crime-as-a-service that
is able to attract new actors in the cyber arena.
A first data that
immediately catches the attacention of the experts is decrease of prices
recently offered, this is a further element of attractive for criminals that
look to the cyber crime with increasing interest.
“The barriers to
launching cybercrime have decreased. Toolkits are becoming more available and
cheaper; some are even offered free of charge. Prices are lower and features
are richer. Underground forums are thriving worldwide, particularly in
Russia, China, and Brazil. These have become popular means to sell products
and services to cybercriminals in the said countries. Cybercriminals are also
making use of the Deep Web to sell products and services outside the indexed
or searchable World Wide Web, making their online “shops” harder for law
enforcement to find and take down.” states the ‘The
Brazilian Underground Market’ report.
Another element of
distinction between the Brazilian underground and the Russian and
Chinese ones, is the availability of training services, for this reason
the Brazilian underground ecosystem is also considered as the market for
cybercriminal Wannabes.
“What distinguishes the
Brazilian underground from others is the fact that it also offers training
services for cybercriminal wannabes,” according to the whitepaper.
“Cybercriminals in Brazil particularly offer FUD (fully undetectable) crypter
programming and fraud training by selling how-to videos and providing support
services via Skype. Anyone who is Internet savvy and has basic computing
knowledge and skill can avail of training services to become cybercriminals.
How-to videos and forums where they can exchange information with peers
abound underground. Several trainers offer services as well. They even offer
support when training ends.”
The Brasilian cyber
criminals seem to be more ruthless in the use of media platforms like
Facebook, YouTube,
Twitter, Skype,
and WhatsApp, differently
from Russian and Chinese players that “hide in the Deep Web
and use tools that ordinary users do not such as Internet Relay Chat
(IRC) channels”
For several years, Brazil
has been known for the offer of banking
Trojans, many malware were designed by Brazilian which targeted internal
banking users and that implemented several techniques to steal victims’
credentials. Brazil ranks second worldwide in terms of online
banking fraud and malware infection, on a global scale it accounts for
almost 9% of the total number of online-banking
malicious code that compromised
Banking Trojan
source codes are sold for around US$386 each, the offer allows buyers
to modify their codes according their needs, they
can obfuscate strings, customize the composition of
payloads and add crypters and other solution to evade the
detection. Another product very popular are Bolware
kits and toolkits used to create bolware that are offered for around
US$155, the applications offered by cybercriminals are user-friendly and
implements an easy to use control panel for monitoring and managing
infections and malicious activities.
The Brazilian underground
also offers a bank fraud courses for aspiring
cyber-criminals, the courses are very articulated and propose detailed
information for beginners to the criminal activities. The courses starts
presenting the fraud workflow and tools necessary to arrange a cyber fraud.
Some coursed are arranged in modules that propose interesting information on
the illegal practices to cybercriminal wannabes that can acquire
also interactive guides and practical exercises (e.g., simulating
attacks). A 10-module corse for example is offered for US$468, the operators
also offer updates and a Skype contact service.
According to the author of
the study on the Brazilian underground market, Trend Micro Senior Threat
Researcher Fernando Merces, several factors have contributed to the growth of
cyber-criminal activity in the country like limited resources assigned to law
enforcement and the existence of a flexible underground market.
“For example, Brazil
has a lack of concrete laws and limited law enforcement agency resources that
address cybercrime in the country,” he noted. “Additionally, the
technological and consumer landscape in Brazil, which has a 50%
Internet penetration rate, and a 69% credit card penetration rate,
has made the country all too appealing for cybercriminals. However, another
factor may have also contributed to Brazilian cybercrime: the existence of a
flexible underground market with different offerings, ranging from banking
Trojan development to online fraud training. The latter is highly notable as
this is the most unique item in the market, which may not be found in other
underground markets.” explained
Merces in a blog post.
The report details prices
and products for many other products and services, including Credit card credentials
and number generators, SMS-spamming services and phishing pages
for popular banks.
Let me close the post with
a meaningful statement from the author of the study that explain how is
simple today to become a dangerous cyber criminals with limited resources.
“In Brazil, it’s
possible to start a new career in cybercrime armed with only US$500,” Merces
blogged. “Would-be cybercriminals are supported and helped by tools, forums,
and experts from the dark side of the Internet. These bad guys do not fear
the authorities and their groups get bigger in a short span of time.”
Let me suggest you to read
the full report published
by Trend Micro, it is full of interesting data.
|
