Written by Dima Khrustalov
Both established markets and emerging vendors on the Dark Web have been actively promoting fresh inventory and steep discounts on Black Friday and Cyber Monday. In this section, we will profile a few examples across different categories.
Carding shops are underground marketplaces that traffic in compromised payment card data. These marketplaces facilitate the movement of compromised payment card data from hackers to fraudsters, often across faraway geographies. The following are actual screenshots of popular underground carding shops promoting Black Friday deals:
Another popular category in the underground is account markets. Account markets are e-commerce shops that offer data hacked from victims around the world. The types of compromised accounts that are commonly available and most popular on account markets are financial (bank, investments, brokerage), e-commerce, online payments, dating sites, mobile / telecommunications, social media, and email. Cybercriminals, hackers, and fraudsters purchase the account data in order to access the victims’ accounts and exploit them in various ways. The following is a screenshot of a popular account market offering a 50% discount on Black Friday:
One of the most important links in the chain of e-commerce fraud is the “mule”. Mules are “front men” used by fraudsters to receive packages purchased online using stolen payment cards. There are many operators of mule networks offering their services on the Dark Web. Not surprisingly, these operators have prepared for Black Friday and Cyber Monday, mainly by increasing mule capacity to satisfy the high demand during the holiday shopping.
The digital underground is home to countless providers of technical tools and services – malware, exploit kits, phishing kits, and virtual private servers, to name a few - to other fraudsters and cybercriminals. “Anti-Detect” tools are also widely available on the underground. An “anti-detect” tool enables cybercriminals to effectively emulate a victim’s device and browser and defeat “fingerprinting” controls deployed by companies fighting cybercrime. The number and popularity of such tools has grown substantially starting in 2018. For Black Friday, the vendor of the leading anti-detect tool offers a 25% discount on several subscription packages:
The holiday season is often marked by increased fraud activity and cyber attacks targeting companies across sectors and geographies. Recognizing the intelligence value of the digital underground, companies should take steps to quickly assess their exposure across the Dark Web, Deep Web, and beyond. Such analysis can help answer questions such as: Are we being targeted? What tools and tactics are our adversaries using? What data or access has already been compromised? What can we learn from peer companies? Additionally, companies should consider deploying more proactive strategies to detect and thwart fraud and cyber threats early, for example, flagging compromised payment cards promoted on the Dark Web as part of Black Friday deals.
About the Author
Dima Khrustalov is a senior analyst at Q6 Cyber’s Tel Aviv office, covering global cybercriminal activities on the Dark Web and Deep Web. Prior to Q6 Cyber, Dima was an Anti-Money-Laundering and Due Diligence analyst. Dima holds a BA in Communications and Business Administration from the Hebrew University of Jerusalem.