Underground cybercrime forums - serving criminals as well as nation-state actors - continue to evolve, offering a greater range of services, from reviews of information stolen during a data breach for secrets, to using hacked corporate accounts to launder money, says Tom Kellermann, chief cybersecurity officer at security firm Trend Micro.
"The underground itself has become professionalized to a level that would rival the way multinational corporations would operate with subsidiaries, and overseas," Kellermann says in an interview with Information Security Media Group. "What you're seeing is not only the distribution of a myriad of new services, but you're seeing greater operational security paid to the forums themselves, more advanced attack capabilities ... as well as lower prices, which allow for more criminals who are not cyber-capable to get in the game."
A recently released report from Trend Micro - Russian Underground 2.0 - estimates that there are at least 78 active cybercrime forums today worldwide with a total of 20,000 members (see Why Russian Cybercrime Markets Are Thriving).
The cybercrime ecosystem, Kellermann says, is facilitated by three main capabilities: hacking tools, anonymous payment systems, as well as so-called bulletproof hosting environments, or "hacker havens," Kellermann says. "The greatest neighborhood of bulletproof hosts ... is really in the former Soviet bloc. But there are growing neighborhoods in the Middle East, in Southeast Asia and in Brazil."
Economic Drivers for Hacking
Stamping out bulletproof hosting is difficult for numerous reasons, including the fact that some countries appear to see hacking as a national resource, he says. "[Some] countries in the world see hacking as an economic benefit, as a way of ... leapfrogging the gaps in advancement in their own economies, knowing full well that there is a tremendous amount of money spent on research and development, and a tremendous amount of money that is spent on infrastructure, and you can skip both of those steps of the development lifecycle of a nation state by essentially stealing ideas ... and acting in a Robin Hood fashion."
In this interview (audio link below photo), Kellermann also discusses:
- The growth of post-breach, cybercrime log-processing services;
- How exploit kits are enabling attackers to automatically compromise websites, launch spear-phishing campaigns as well as run watering hole attacks;
- What enables cybercrime forums to continue operating and escape disruption attempts.
In addition to his role as chief cybersecurity officer for Trend Micro, Kellermann is a commissioner for the Commission on Cybersecurity for the 44th Presidency. He is also a professor at American University's School of International Service. He formerly worked as the chief technology expert for mobile security firm Air Patrol, was vice president of security awareness for Core Security Technologies and was also a member of the security team at World Bank Treasury.