Looking Into The Cybercrime Underground
A key part of our cybercrime research focuses on the communities that cybercriminals form. These are used in much the same way that communities of other shared “interests” are – to socialize, to get together, and to buy and sell various items of interest.
For security researchers, the activities of these underground communities – and the corresponding economies that they form – is a valuable source of threat intelligence. This allows us to examine current trends in the threat landscape, as well as look into and prepare for future threats.
Our research in the past has highlighted the wide variety of good and services available in the cybercrime underground. These range from crypters, exploit kits, and Trojans – to denial of service (DoS) attacks, proxy servers, and web traffic, and everything in between. Our research into the underground has included findings related to malicious traffic management, the reaction to the fall of the BlackHole Exploit Kit, as well as overviews of the Chinese and Russian undergrounds.
One consistent trend has been the continuing fall in prices of most goods and services. The average price of items has been dropping across the board, making these items accessible to more would-be cybercriminals. Pricier, more effective versions of these goods are available, of course – but the “average” versions of these tools are more than adequate for their purposes.
There is no shortage of targets either, with much of the world today now online. The following chart shows the number of countries with the most Internet users and thus, potential victims:
Figure 1. Countries with largest online population
There are multiple cybercrime communities around the world with various ties to each other, but they have unique characteristics that differentiate them as well. Throughout the year, we will be publishing various papers that describe various communities, as well as the economies that they create. These papers are all part of our Cybercriminal Underground Economy Series, or CUES. These papers will highlight the unique characteristics of each market, provide a summary of the good and services available, and the prices for these items.
The first paper of CUES, covering the mobile cybercrime underground in China, was released earlier this month. The CUES portal will be updated as more papers covering other economies such as those in Russia and Brazil are released.