Cybercriminals have increasingly turned to darknet markets as a platform to conduct their illicit activities. These hidden online marketplaces allow users to buy and sell a variety of illegal goods and services anonymously. But how exactly do cybercriminals use darknet markets to further their malicious activities?
To do this, we extracted cyber-intelligence from darknet markets to provide a threat assessment of ransomware distribution. This report presents an overview of the key findings and the corresponding implications. For cybercriminals, the personal, health, and payment card information of their unsuspecting victims can be extraordinarily valuable. Similarly, buying this information can provide a criminal with all the access he needs in order to breach a company’s network, obtain a fraudulent prescription, or conduct other illicit activity. Thankfully, in a normal marketplace, such activity would be easy for law enforcement to detect and prevent. But cybercriminals don’t play by the rules, and they’ve adapted by migrating their markets to a place that virtually guarantees anonymity—the Dark Web.
Escrow Services for Fraudulent Transactions
One common way cybercriminals utilize darknet markets is through the use of escrow services. When conducting fraudulent transactions, cybercriminals can take advantage of escrow services to ensure that payment is made before delivering the promised goods or services. This provides a layer of protection for both the buyer and seller, making it easier for cybercriminals to engage in scams without fear of being cheated.
Your Intellectual Property May Be for Sale
Sale of Stolen Data and Personal Information
This poses high public health risks, especially when regulatory bodies can no longer control prices and availability. With the pandemic stalling or halting activities in the physical world, similar repercussions were witnessed in Darknet markets as per some self-reported studies [11,12]. However, some researchers suggest hoarding addictive drugs due to the perception of potential shortage as a trigger to use Darkweb during the pandemic [13]. Dark Web markets are the number one destination for cybercriminals who want to sell malware, ransomware-as-a-service, and databases of breached data.
Financial Markets, Financial Institutions, and Fiscal Service
Darknet markets also serve as a hub for the sale of stolen data and personal information. Cybercriminals can easily offload stolen credit card details, social security numbers, and login credentials on these platforms. By trading in such sensitive information, cybercriminals can profit handsomely while remaining relatively anonymous.
Can I Find my Data on the Dark Web?
According to the 2021 Dark Web Price Index, these are typical prices, in U.S. dollars, of goods and services sold on the dark web. “There is no one dark web monitoring solution for all use cases; some are entirely automated, others require a team of specialists to manage, and some rely on machine learning and artificial intelligence to give accurate and relevant information,” Biswas says. There are a few well-known forums offering vulnerability and exploit auctioning, bartering or selling, according to WatchGuard’s Estes, which include the Russian Anonymous Marketplace (RAMP), exploit[.]in and xss[.]is.
Trade in Malware and Exploits
Another way cybercriminals leverage darknet markets is by trading in malware and exploits. By purchasing ready-made malware or zero-day exploits, cybercriminals can launch devastating cyber attacks against individuals or organizations. This underground marketplace allows cybercriminals to stay one step ahead of security measures and maximize the damage they inflict.
Frequently Asked Questions
- Cryptocurrencies, such as Bitcoin, can be used as a means of payment on the Darkweb, and the value of these cryptocurrencies can fluctuate significantly.
- The Dark Web overlays the public internet, but accessing it requires special software, which is free and available online.
- There were 14,000 new users of the site within the first 90 days of its existence.
- What’s even more alarming is that in April 2023, daily dark web visitors rose by 200,000 to reach 2.7 million.
How do cybercriminals access darknet markets?
- Cybercriminals typically use specialized software such as Tor to access darknet markets anonymously.
With over 900 positive reviews listed on other cybercriminal websites and markets, “Podorozhnik” is one of the most credible vendors operating on STYX. His services are widely used by Dark Web actors to pass selfie and ID verifications required by digital banks, cryptocurrency platforms, and e-commerce systems. Resecurity analysts also identified multiple “checking services,” which allow threat actors to collect data about a targeted individual. Typically, these resources are used by actors as victim reconnaissance tools to enhance their odds of successfully compromising their bank or credit card accounts. In a major crackdown on cybercrime, law enforcement agencies across the globe have seized Genesis Market, a notorious online marketplace for stolen credentials and digital browser fingerprints. The dark web, that ominous corner of the internet hidden from traditional search engines, serves as the epicenter for PII trading.
Are all transactions on darknet markets illegal?
- While not all transactions on darknet markets are illegal, the vast majority involve the sale of illicit goods or services.
When such mechanisms are in place, buyers can trust the marketplace administrator, the community of sellers and the local e-commerce environment (Kim & Ahn, 2007; Lu et al., 2016; Pavlou & Gefen, 2004). The trend of utilizing Google and Bing ads for fake traffic gathering campaigns is projected to maintain its popularity. Black traffic dealers, who orchestrate these campaigns by promoting landing pages embedded with malware installers, have been effectively infecting users through these deceptive ads. These dealers are likely to step up sales activities on the underground market.
Agencies
Can law enforcement track down cybercriminals on darknet markets?
Real-world case studies can illustrate the tangible impact of Dark Web activities on individuals and organizations. Highlight incidents like major data breaches, ransomware attacks, and identity thefts that originated or were significantly facilitated through the Dark Web. Personal and corporate data, acquired through data breaches or other illicit means, are sold on the Dark Web. The availability of such data on the Dark Web fuels identity theft, financial fraud, and other cybercrimes. The security concerns posed by ransomware and darknet markets have been independently identified by researchers, government agencies, and cybersecurity companies.
- Law enforcement agencies have been successful in apprehending cybercriminals on darknet markets, but the anonymity provided by these platforms makes it a challenging task.
In conclusion, cybercriminals utilize darknet markets as a convenient and secure platform to facilitate their nefarious activities. From fraudulent transactions to the sale of stolen data and malware, darknet markets have become an integral part of the cybercriminal ecosystem. As law enforcement agencies continue to crack down on these underground marketplaces, cybercriminals will undoubtedly adapt and evolve their tactics to stay one step ahead.
