COMMENTARY: Organized cybercrime has never been so, well, organized.Gone are the days when individual hackers huddled in basements and coffee houses to hatch one-off phishing schemes. Reported losses because of cybercrime such as phishing and extortion and personal data breaches, have exceeded over $16 billion in the United States since 2024.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Like any other industry, the cyber underground has gone through a digital transformation, one in which vendors are empowered to market their automation and AI-enhanced wares so customers can leverage them as templates for mass weaponization.It’s not that these groups are new. But the subsequent scale, accessibility and sophistication have grown more swiftly than intended victim organizations can keep up. The average adversary can buy anything now – from stolen credentials to card-swiping tools to social engineering assistants.This dramatically lowers the barrier-to-entry. When coupled with automation technologies, even the least experienced of would-be attackers find it easy to launch repeated, successful threats.And, they’re deploying the following techniques to elevate their impact – and earnings:These crooks love gift cards too – they buy them in abundance in stealthy forums and then proceed with purchases requiring very little PII, making fraud detection very difficult. The annual surge of seasonal scheming illustrates how skilled the underground and its customers are getting at aligning threats with predictable real-world behavior to maximize impact.Executive and security leaders cannot afford to ignore this foreboding reality: The cyber underground now acts as a well-oiled, supply-chain machine. It hawks automated accessibility and exploitation in crime-as-a-service packages, allowing easy entry at an affordable price. Even wannabe newbies can get in on the action, regardless of their technological proficiencies, or lack thereof.This means CISOs and their teams must fight an increasingly organized black market with their own highly structured, well-plotted strategic plans. By investing in continuous monitoring, employee awareness, and security upskilling and CTI, they will more formidably defend themselves from the escalating threats. In doing so, they can help topple this powerful, global “economy” when its members discover that their dealings in the shadows of the underground are no longer so lucrative.Jim Craig, Senior Director of Intelligence Collections Management, Intel 471SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Carding: Considered an entry-level gateway to cybercrime, carding results in the theft and sale of payment card details. In the dark web-enabled market, stolen card account credentials and personally identifiable information (PII) are made readily available in “dump shops,” which sell the stolen materials in tranches known (fittingly) as “dumps.”
- ClickFix: These ClickFix attacks trick an intended victim into copying a command or script and entering it on a command line, triggering the downloading of information-stealing malware. This social-engineering tactic represents nearly half of all initial access methods. It has proven effective because it doesn’t surface via email. Instead, it hides itself in organic web activity that produces malicious pages. It also takes the form of direct messages via social platforms and comments.
- Cyber Week exploitation: Black Friday marks the unofficial opening of the winter holiday shopping season, and crooks have this date firmly marked on their calendars. They know many customers will whip themselves into a buying frenzy and adopt a “click-first/think-later” approach to hunting for online sales. This makes it much easier to disguise malicious traps as legitimate traffic.
Available for acquisition: Fraud Inc.
All of this illegal activity has rapidly accelerated via a constantly expanding capabilities infrastructure. Instead of creating campaigns from scratch, adversaries pay for pre-assembled scam templates they can reuse indefinitely. To cite just one case: In December, a Reuters investigation uncovered an influx of fraudulent advertisements from China into Facebook, Instagram and WhatsApp. According to the Reuters report, about one-sixth of China-based annual sales for Meta Platforms came from these ads before Meta stepped up enforcement efforts.Such developments reveal that the underground has made it possible for its denizens to emerge as well-structured and highly-prolific syndicates.So how should chief information security officers (CISOs) and their teams respond to the intensifying shifts? By taking the following defensive steps:- Commit to continuous monitoring: The longer a threat lingers within a system, the greater its capacity for harm. That’s why CISOs and their teams need to stop attackers in their tracks by continuously monitoring marketplaces, instant messaging platforms, data-leak blogs and other sources which inform them about the shady activity. The sooner teams identify activity on the dark web, the faster they can block it.
- Empower a human firewall: Organizations are only as fortified as their weakest link. In this case, the link is the employee or user. So teams must train their employee-users to recognize threats that will surface during social engineering attempts and even organic searches. As a result of training sessions, non-security staffers should understand how their day-to-day management of data contributes to their company’s overall security strength.
- Invest in cyber threat intelligence (CTI): The industry’s CTI tools focus on gathering, analyzing and distributing intelligence about adversaries and their attack patterns. They further position CISOs and their teams to prioritize and maximize resources as they seek to identify, mitigate and neutralize threats.
