Profits, falling crimeware prices driving Chinese cybercrime

Falling prices on services and feature-rich toolkits is fueling thriving online marketplaces in China where criminals gather to buy the wares used in cyber-attacks against businesses and consumers.

A recent report on the criminal underground from security vendor Trend Micro found that the economic and technical barriers to becoming a cybercriminal are much lower today than in the past.

As a result, the market for tools to get started in cybercrime or to improve ongoing operations is booming. These marketplaces are particularly strong in Russia, China and Brazil.

"The number of people who want in on the game and are playing the game is growing," Trend Micro spokesman Christopher Budd said Friday. "More people are seeing other people making money off of this and choosing to get involved."

The report found that most trading in the marketplaces occurred at night and on Sunday, an indication that many of the participants were working in cybercrime part-time.

"We've got people who may be using this to supplement their day jobs," Budd said.

To avoid law enforcement agencies, market operators are hiding on the Tor anonymity network, which makes them invisible to search engines, such as Google and Microsoft Bing.

The Trend Micro report focuses on the Chinese market, where criminals used the popular instant-messaging app called QQ as a primary communication tool.

IM service provider Tencent's group feature for QQ is used to create multiple chatrooms, each with a unique name and description. These groups are searchable based on keywords, so cyber-arms sellers will form groups based on product lines, such DDoS tools and malware.

At the end of 2013, Trend Micro found more than 1.4 million IM messages related to criminal activity on Tencent's QQ Groups. The number of participants more than doubled in 2013 from the previous year, as well as the number of messages sent.

The most popular products, based on group discussions, were compromised servers available for rent, distributed denial-of-service (DDoS) attack services and remote access tools (RATs) and Trojans.

Hijacked servers were available for distributing spam and malware, launching DDoS attacks or running complex computing tasks, such as Bitcoin mining, the process for generating the cryptocurrency, so criminals can use it in illicit activity.

"You can think of the compromised host as a Swiss army knife," Budd said. "Once you've got it, you can use if for many things."

Trend Micro found that the number of people participating in China's emerging mobile market for crimeware and services had risen 2.5 times from 2012.

Most of the demand was for services that send spam via text messages, Short Message Service (SMS) servers and premium text services in which mobile phone users are charged when malware sends texts to the services.

"Mobile is hot around the world and mobile is hot not just in the legitimate space, but in the crime space," Budd said. "Mobile is the growth market for this activity."

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsBrazilChinalegalsoftwaredata protectionRussian hackerscybercrimehackingintrusiontrend microsecurity

More about GoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place