Research carried out by the security software and hardware firm based in the UK, Sophos, showed that cybercrime trends in 2016 point towards an increased use of advanced social engineering techniques as well as customized and targeted document-based attacks. James Lyne, global security research head at Sophos, warned that the cybercriminals are becoming more and more effective because of the employment of these techniques.
Speaking at the RSA Conference 2016, Lyne, who also works as an instructor at the SANS Institute, provided more information about these cybercrime trends and warned organizations about the emerging threats. According to him, true and tested threats and attack methods such as phishing attacks and drive-by downloads are being commonly employed as in the past.
However, he added that today’s cybercriminals are seeking new and greener pastures and are much better at using stolen information to make money. He also said that they have created a more mature marketplace on the dark web which is capable of putting even legitimate e-commerce sites to shame.
Explaining as to how darknet markets operate, he said that cybercriminal signing up on the sites are provided with a GPG or PPG key for authentication purposes. Researchers at Sophos who signed up for purchasing data for testing purposes received an email containing a PPG-encrypted Excel file having all information about a credit card account within two seconds of completing the purchase. He said it would be great if real retailers could provide their customers with such an experience.
Over and above all these, what was more distressing as far as Lyne was concerned was the advancement cybercriminals have been able to achieve in effecting social engineering attacks. During Last year’s RSA Conference he had pointed out the improvement in quality in social engineering attacks as they had moved beyond emails related to Nigerian princes to more targeted and well-researched information so as to fool targets.
For example, cybercriminals no longer send emails offering tax refunds as their success rate has become low. Instead, they send a résumé to a company that has put up an advertisement for job positions. Some users click on such emails even though they contain wrongly spelled words and grammatical mistakes. This trend raises a lot of concerns because it is capable of introducing document-based malware.
The latest development in this area is customization of document-based malware. Cybercriminals are purposely limiting the distribution of document-based malware so as to focus on approximately 2,000 to 3,000 people in a company. As a result, attacks have become more sophisticated and powerful. Further, combining document-based malware with advanced social engineering techniques creates a more devastating effect.
Alpha Bay Market
During his talk, Lyne specifically mentioned about the Alpha Bay Market, a marketplace that operates on the Tor network. Alpha Bay enables cyber criminals to sell, buy and trade data. He also explained as to how Alpha Bay would automatically delete credit card numbers they put up for sale once they have been displayed for a couple of days. This is because the account number would have been changed during that time. However, he warned that in addition to email addresses and credit card information, Alpha Bay offered several other products as well.
Alpha Bay Market, based in Russia, was officially launched in December 2014. It grew steadily and as many as 14,000 new users signed up during the first ninety days of its operation. Gwern.net, the website that provides information on darknet markets, placed Alpha Bay at the top based on probability of surviving for a period of six months. As of now, it is the largest online darknet market (with more than 230,000 users), as per Dan Palumbo, director of research at Digital Citizens Alliance.
Alpha Bay allows vendors to sell drugs, stolen credit card information, weapons, and several other illicit and legal items. However, the site forbids the sale of Russian victims’ customer data. Payment for the items purchased from the sites has to be made through Bitcoin in order to ensure anonymity. Transactions are always processed by means of a centralized Escrow system so as to provide protection to buyers.