Despite several successful crackdowns on several cybercriminal underworld gangs, miscreants have been highly active during the first half of 2018, according Flashpoint.
According to Flashpoint’s mid-year Business Risk Intelligence report, released last month, the major developments in the cybercriminal underground in 2018 include:
- The takedown of MaxiDed, resulting in a major disruption of the top-tier bulletproof hosting provider market.
- TrickBot gang’s continued development of new modules and expanding its targeting to various industry verticals.
- Resurfacing of thedarkoverlord, claiming responsibility for new activity against legal and insurance firms.
- Expansion of the GandCrab ransomware affiliate program to the East Asian underground.
- The discovery of novel banking Trojans, including DanaBot, MnuBot, and BackSwap.
- Heightened use of no-distribute virus scanning services such as Run4Me as workarounds for platforms such as VirusTotal.
- A shift to Android traffic emulation in carding operations to bypass fraud detection systems.
Researchers note the significance of the Russian-language credit card shop called Joker’s Stash going public this year. Flashpoint notes that two new large datasets of stolen payment card data in the Bigbadaboom 2 and Zippo breaches in March and May, were added to the forum. “The data is believed to have originated from well-known U.S. businesses, such as Lord & Taylor, Saks Fifth Avenue, and Chili’s,” researchers said.
(ThreatList is an occasional overview of InfoSec landscape as represented in at-a-glance lists of relevant data.)