Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

DDoS for hire services offering to ‘take down your competitor’s web sites’ going mainstream

Thanks to the increasing availability of custom coded DDoS modules within popular malware and crimeware releases, opportunistic cybercriminals are easily developing managed DDoS for hire, also known as “rent a botnet” services, next to orchestrating largely under-reported DDoS extortion campaigns against financial institutions and online gambling web sites.

In this post, I’ll profile a managed DDoS for hire service, offering to “take down your competitor’s web sites offline in a cost-effective manner”.

More details:

Screenshots of the DDoS for hire/Rent a botnet service:

The paid DDoS service is currently offering HTTP (GET, POST), Download, ICMP, UDP, and SYN flooding features, using what they’re pitching as private tools operated by expert staff members. Before a potential customer is interested in purchasing a DDoS attack for hire, the service if offering a 15 minute test to the customer in order to prove its effectiveness.

How much do these DDoS for Hire services cost?

  • The price for 1 hour or DDoS attack is $5
  • The price for 24 hours of DDoS attack is $40
  • The price for 1 week of persistent DDoS attack is $260
  • The price for 1 month of persistent DDoS attack is $900
The service is also offering 5%, 7%, 10% and 15% discounts to prospective customers, with a return policy based on the remaining time from the originally purchased package.
The service profiled in this post, is the tip of the iceberg when it comes to the overall availability of DDoS for hire managed services within the cybercrime ecosystem. This fierce competition prompts for unique client acquisition tactics, such as offering complete anonymity throughout the purchasing and post-purchasing process in order to ensure that anyone can request any target, including high profile ones, to be attacked.
Moreover, although the service is undermining the OPSEC (operational security) of the proposition by advertising on public  forums, the business model of the competition is often driven by invite-only sales, where prospective customers are  trusted and verified as hardcore cybercriminals with a significant credibility within the cybercrime ecosystem. These competing services even offer the possibility to a target government or law enforcement web sites, despite the fact that their botnet’s activity will be easily spotted by security vendors and law enforcement agencies.
Instead of exposing their main botnets and potentially risking their exposure, the cybercriminals behind these campaigns have been developing the “aggregate-and-forget” botnet model for years. These botnets that never make the news, are specifically aggregated for every customer’s campaign in order to prevent the security community from properly attributing the source for the attack, taking into consideration the historical malicious activity performed by an already monitored botnet.

Webroot will continue monitoring the development of the DDoS for hire service profiled in this post.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

A peek inside a boutique cybercrime-friendly E-shop – part three

Over the past few months, I’ve been witnessing an increase in underground market propositions advertised by what appears to be novice cybercriminals. The trend, largely driven by the increasing supply of cybercrime-as-a-service underground market propositions, results in an increasing number of newly launched cybercrime-friendly E-shops attempting to monetize fraudulently obtained accounting data.

In this post, I’ll profile yet another currently spamvertised cybercrime-friendly E-shop, offering access to accounts purchased using stolen credit cards as well as highlight the ways in which cybercriminals obtain the account info in the first place.

More details:

read more…

Cybercriminals infiltrate the music industry by offering full newly released albums for just $1

Next to commodity underground goods and services such as managed spam, harvested email databases, boutique cybercrime-friendly services, services offering access to hacked PCs, managed malware crypting on demand, and managed email hacking as a service, the cybercrime ecosystem is also a thriving marketplace for stolen intellectual property, such as music releases.

In this post I’ll profile a recently launched affiliate network for pirated music, offering up to 35% revenue sharing schemes with the cybercriminals that start reselling the stolen releases which undercut the official music marketplaces prices in an attempt to increase their profits.

More details:

read more…

‘Windstream bill’ themed emails serving client-side exploits and malware

Cybercriminals are currently spamvertising millions of emails impersonating the Windstream Corporation, in an attempt to trick end and corporate users into clicking on links found in the malicious email.

Upon clicking on the links hosted on compromised web sites, users are exposed to client-side exploits served by the BlackHole web malware exploitation kit.

More details:

read more…

Pop-ups at popular torrent trackers serving W32/Casonline adware

Everyone knows that there’s no such thing as free lunch. The same goes for freely distributed pirated content online.

Recently, Webroot decided to sample malicious activity within some of the most popular Eastern European torrent trackers, based in Bulgaria, Ukraine, and Romania for starters. The results? Countless backdoored key generators and cracks for popular games and software, and most interestingly, monetization of the huge traffic by delivering pop-ups promoting the ubiquitous W32/Casonline adware, which in case you remember was recently spamvertised to millions of end and corporate users.

More details:

read more…

Spamvertised CareerBuilder themed emails serving client-side exploits and malware

End and corporate users, and especially CareerBuilder users, beware!

Cybercriminals are currently spamvertising millions of emails impersonating the popular jobs portal CareerBuilder in an attempt to trick users into  clicking on client-side exploits serving links.

The current campaign, originally circulating in the wild since 26 Apr, 2012, is a great example of a lack of QA (quality assurance) since they’re spamvertising a binary that’s largely detected by the security community.

More details:

read more…

A peek inside a boutique cybercrime-friendly E-shop – part two

Increasingly populated by novice cybercriminals thanks to the rise of cybercrime-as-a-service underground market propositions, the cybercrime ecosystem is also a home to a huge variety of underground market players.

This overall availability of managed cybercrime services results in an increasing number of underground market propositions by novice cybercriminals looking for alternative ways to monetize the fraudulently obtained goods. Although their service cannot be compared to the services offered by sophisticated cybercriminals, this niche market segment is becoming increasing common these days.

In this post, I’ll profile yet another recently advertised boutique cybercrime-friendly E-shop, run by novice cybercriminals, offering access to hacked servers.

More details:

read more…

Spamvertised ‘YouTube Video Approved’ and ‘Twitter Support” themed emails lead to pharmaceutical scams

Just like true marketers interested in improving the click-through rates of their campaign, pharmaceutical scammers are constantly looking for new ways to attract traffic to their fraudulent sites.

From compromised web shells on web sites with high page rank, the impersonation of legitimate brands, to the development of co-branding campaigns, pharmaceutical scammers persistently rotate the traffic acquisition tactics in an attempt to trick more end users into purchasing their counterfeit pharmaceutical items.

In this post, I’ll profile two currently spamvertised campaigns impersonating YouTube and Twitter, ultimately redirecting end users to pharmaceutical scams.

More details:

read more…

A peek inside a managed spam service

Just how easy is it to become a spammer in 2012? Too easy to be true.

Especially in times when everything needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous botnet take downs we’ve seen in recent years, spam and phishing attacks continue plaguing millions of end and corporate users, potentially exposing them to malicious links, malicious payloads and fraudulent propositions.

In this post, I’ll profile a Russian managed spam service that’s been in operation for 5 years, allowing novice cybercriminals an easy entry into the world of spamming.

More details:

read more…

Poison Ivy trojan spreading across Skype

Last night, a friend of mine surprisingly messaged me at 6:33 AM on Skype, with a message pointing to what appeared to be a photo site with the message “hahahahaha foto” and a link to hxxp://random_subdomain.photalbum.org

What was particularly interesting is that he created a group, and was basically sending the same message to all of his contacts. Needless to say, the time has come for me to take a deeper look, and analyze what appeared to be a newly launched malware campaign using Skype as propagation vector.

More details:

read more…