orange arrow

Black Friday and Cyber Monday on the Dark Web

Written by Dima Khrustalov

Executive Summary

  • Black Friday and Cyber Monday are the biggest shopping days in the US, launching the year-end holiday shopping season. They have also become an international phenomenon as many brick-and-mortar and online retailers have adopted the practice of marketing high discounts to consumers.
  • Yet Black Friday and Cyber Monday are not only limited to legitimate retail business. They are aggressively promoted by criminal sellers on the Dark Web seeking to grow sales and customers.
  • Many underground marketplaces on the Dark Web emulate legitimate retailers on Black Friday and Cyber Monday by: 1) featuring “new” inventory, 2) offering steep discounts, and 3) aggressively marketing to new and existing customers.
  • The expected outcome of greater inventory at a lower cost, as we have seen in prior years, is an increase in fraud activity and cyber attacks heading into the end of the calendar year.
  • Companies across sectors – from financial services to e-commerce to hospitality and more – should evaluate their exposure on the digital “underground” and consider deploying proactive strategies to detect and thwart these threats.

Holiday Deals on the Dark Web

Both established markets and emerging vendors on the Dark Web have been actively promoting fresh inventory and steep discounts on Black Friday and Cyber Monday. In this section, we will profile a few examples across different categories.

Carding Shops

Carding shops are underground marketplaces that traffic in compromised payment card data. These marketplaces facilitate the movement of compromised payment card data from hackers to fraudsters, often across faraway geographies. The following are actual screenshots of popular underground carding shops promoting Black Friday deals:

50% Discount on all cards
50% Discount on all cards.
New inventory of compromised cards released right before Black Friday
New inventory of compromised cards released right before Black Friday.
Account Markets

Another popular category in the underground is account markets. Account markets are e-commerce shops that offer data hacked from victims around the world. The types of compromised accounts that are commonly available and most popular on account markets are financial (bank, investments, brokerage), e-commerce, online payments, dating sites, mobile / telecommunications, social media, and email. Cybercriminals, hackers, and fraudsters purchase the account data in order to access the victims’ accounts and exploit them in various ways. The following is a screenshot of a popular account market offering a 50% discount on Black Friday:

50% Discount for all products
50% Discount for all products.
Mules

One of the most important links in the chain of e-commerce fraud is the “mule”. Mules are “front men” used by fraudsters to receive packages purchased online using stolen payment cards. There are many operators of mule networks offering their services on the Dark Web. Not surprisingly, these operators have prepared for Black Friday and Cyber Monday, mainly by increasing mule capacity to satisfy the high demand during the holiday shopping.

A mule service provider advertising 100 new mules available for Black Friday
A mule service provider advertising 100 new mules available for Black Friday.
Technical Tools

The digital underground is home to countless providers of technical tools and services – malware, exploit kits, phishing kits, and virtual private servers, to name a few - to other fraudsters and cybercriminals. “Anti-Detect” tools are also widely available on the underground. An “anti-detect” tool enables cybercriminals to effectively emulate a victim’s device and browser and defeat “fingerprinting” controls deployed by companies fighting cybercrime. The number and popularity of such tools has grown substantially starting in 2018. For Black Friday, the vendor of the leading anti-detect tool offers a 25% discount on several subscription packages:

Up to 25% discount
Up to 25% discount.
Recommendations

The holiday season is often marked by increased fraud activity and cyber attacks targeting companies across sectors and geographies. Recognizing the intelligence value of the digital underground, companies should take steps to quickly assess their exposure across the Dark Web, Deep Web, and beyond. Such analysis can help answer questions such as: Are we being targeted? What tools and tactics are our adversaries using? What data or access has already been compromised? What can we learn from peer companies? Additionally, companies should consider deploying more proactive strategies to detect and thwart fraud and cyber threats early, for example, flagging compromised payment cards promoted on the Dark Web as part of Black Friday deals.

 


 

About the Author

Dima Khrustalov is a senior analyst at Q6 Cyber’s Tel Aviv office, covering global cybercriminal activities on the Dark Web and Deep Web. Prior to Q6 Cyber, Dima was an Anti-Money-Laundering and Due Diligence analyst. Dima holds a BA in Communications and Business Administration from the Hebrew University of Jerusalem.