Posts Tagged: Operational Security


Managed anti-forensics IMEI modification services fuel growth in the non-attributable TDoS market segment

by

Everyday cybercriminals actively take advantage of basic OPSEC (Operational Security) tactics, aiming to risk-forward their fraudulent/malicious online activity to a third-party, while continuously seeking to launching their malicious/fraudulent campaigns in an anonymous fashion. Having successfully matured from, what was once a largely immature market segment to today’s growing market segment, in terms of active implementation of OPSEC concepts, the blackhat market is prone to continue expanding, further providing malicious and fraudulent adversaries with the necessary capabilities to remain beneath the radar of law enforcement and the security industry. In a series of blog posts we’ve published throughout 2013, we proactively highlighted […]

Continue Reading »

A peek inside a modular, Tor C&C enabled, Bitcoin mining malware bot

by

Cybercriminals continue to maliciously ‘innovate’, further confirming the TTP (tactics, techniques and procedure) observations we made in our Cybercrime Trends – 2013 assessment back in December, 2013, namely, that the diverse cybercrime ecosystem is poised for exponential growth. Standardizing the very basics of fraudulent and malicious operations, throughout the years, cybercriminals have successfully achieved a state of ‘malicious economies of scale, type of economically efficient model, successfully contributing to international widespread financial and intellectual property theft. Thanks to basic cybercrime disruption concepts, such as modular DIY (do-it-yourself) commercial and publicly obtainable malware/botnet generating tools. In 2014, both sophisticated and novice cybercriminals have […]

Continue Reading »

Managed TeamViewer based anti-forensics capable virtual machines offered as a service

by

Operational Security (OPSEC) has always been an inseparable part of the cybercrime ecosystem, especially in the context of preventing law enforcement agencies from tracking down the activities of fraudulent and malicious adversaries online. Throughout the years, the industry has witnessed active utilization of malware-infected hosts (Socks4/Socks5) as anonymization ‘stepping stones’ and the use of cybercrime-friendly VPN providers, bypassing internationally accepted data retention regulations, as some of the primary anonymization tactics used by cybercriminals. Nowadays, this set of tactics has evolved into a diversified mix of legitimate and purely malicious infrastructure that provides value-added services such as APIs supporting Socks4/Socks5 services, DIY real-time […]

Continue Reading »

Cybercriminals offer fellow cybercriminals training in Operational Security (OPSEC)

by

In need of a fresh example that malicious and fraudulent adversaries continue professionalizing, and standardizing demanded cybercrime-friendly products and services, all for the sake of monetizing their experience and expertise in the profitable world of cybercrime? Publicly launched around the middle of 2013, a product/training course targeting novice cybercriminals is offering them a manual, recommendations for open source/free software, as well as access to a private forum set up for customers only, enlightening them to everything a cybercriminals needs to know in order to stay secure and anonymous online. The standardized OPSEC offering is targeting novice cybercriminals, and also has […]

Continue Reading »

‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

by

Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as ‘stepping stones’, risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer to the campaign of the malicious attacker. A newly launched ‘malware-infected hosts as stepping stones’ service, is offering access to Socks5-enabled malware hosts, located primarily in the United States, allowing virtually anyone to route their fraudulent/malicious traffic through these hosts. More details:

Continue Reading »

A peek inside a ‘life cycle aware’ underground market ad for a private keylogger

by

By Dancho Danchev What’s greed to some cybercriminals, is profit maximization to others, especially in times when we’re witnessing the maturing state of the modern cybercrime ’enterprise’. Many enter this vibrant marketplace as vendors without really realizing that, thanks to the increasing transparency within the cybercrime ecosystem, their basic and valued added services will be directly benchmarked against a competing vendor, sometime rendering their unique value proposition completely irrelevant. Others will take a different approach by releasing a ‘life cycle aware’ underground market ad and will still manage to generate some revenue, as well as secure a decent number of customers in the […]

Continue Reading »