Hackers Depart from Large Dark Web Markets

Cyber-criminals are increasingly downsizing from selling their wares on large dark web marketplaces in a bid to build trust with buyers, according to McAfee.

The security giant claimed in its latest threat report for Q3 that the trend can also be seen as a response to law enforcement activity. Police effected the major takedowns of Hansa and Alpha Bay in 2017 while marketplace Olympus fell silent in September after a suspected exit scam.

“Cyber-criminals are very opportunistic in nature,” said John Fokker, head of cyber-criminal investigations at McAfee. “The cyber-threats we face today once began as conversations on hidden forums and grew into products and services available on underground markets. Additionally, the strong brands we see emerging offer a lot to cyber-criminals: higher infection rates, and both operational and financial security. ”

The move on the part of these business-minded hackers with strong underground ‘brands’ to set up shop on their own has brought with it a cottage industry in website designers offering to build their digital stores, McAfee claimed.

Elsewhere, the security firm blocked an average of 480 new threats per minute during the three-month period, with IoT malware (73%), cryptomining malware (71%) and new ransomware (10%) all increasing from the previous quarter.

Overall, new malware samples increased 53%, with new macro malware up 32%. It’s no surprise that malware was the most popular attack vector, followed by account hijacking, leaks, unauthorized access and vulnerabilities.

However, instances of new mobile malware declined by 24% in Q3, and McAfee customers reported 36% fewer infections in the quarter.

Data breaches in the financial sector jumped 20% and sextortion scams continued to grow in popularity, driven by Gamut, the top spam-producing botnet.

Articles You May Like

TechCrunch+ roundup: South Korea investor survey, 1-hour board meetings, venture leasing basics
Chinese hackers targeting U.S. critical infrastructure
Shedding light on AceCryptor and its operation
Smart contract benefits and best practices for security
Serious Security: Verification is vital – examining an OAUTH login bug

Leave a Reply

Your email address will not be published. Required fields are marked *