Securing the Digital World

Cybercrime Operations: Where Will Fraudsters Go Next?

Mar 01, 2018 | by Heidi Bleau |

Cybercriminals are constantly looking for ways to keep their activities up and running. The recent takedown of the Infraud marketplace, as well as AlphaBay and Hansa in 2017, sent cybercriminals scrambling for alternative ways to secure their operations.

Social media platforms are transforming into what may well be the fastest-growing communications channel for cybercriminals. Using social media allows them to vastly extend their reach. The platforms are global, easy to use and have none of the fees associated with running a forum on the dark web or hosting a website. More importantly, while the risk of takedown may be high, a new profile or group can be created in seconds.

During a six-month study of cybercriminals' social media use, RSA saw a 70% growth in the volume of visible fraud activity on social media, much of it occurring in plain sight. Fraud-dedicated groups seem to make little effort to operate stealthily. Even in closed groups, a simple "join" request is all that is needed to gain access, instead of the references or vouching process typically employed to join a forum on the dark web.

On Facebook—the single most popular channel—active groups in all regions of the world are openly sharing live, compromised financial information (such as credit card numbers with PII and authorization codes), cybercrime tutorials, malware and hacking tools, and cashout and muling services. Some cybercriminals even sell stolen credit card data and hacking kits from their own personal profiles. Twitter, Instagram and WhatsApp are also growing in popularity among cybercriminals.

Another new phenomenon among cybercriminals is an increased interest in hosting their websites on the blockchain. Some even register domains using a blockchain-based DNS. The advantage of using the blockchain-based DNS feature is that the website can retain its blockchain-based domain, rendering it bulletproof against attempts to reroute the domain or prevent access to the website by a centralized entity. As a result, cybercriminals are making significant steps towards the adoption of this technology and utilizing the benefits of this platform to guarantee the sustainability of their operations.

Beyond the rise in use of these newer platforms to conduct business, cybercriminals are expanding their attack surface. Even IoT devices—including doorbells, fridges, activity trackers, smart watches, home heating systems and medical devices—have become an increasingly attractive target for cybercriminals who are taking them over with ransomware and adding them to their botnet infrastructures.

2018 Outlook
So, what will the state of cybercrime look like in 2018? The use of social media platforms by cybercriminals is a phenomenon that shows no sign of diminishing, despite action by the platform operators to remove posts, profiles and groups engaged in illicit activities. Cybercriminals will also continue to extend and expand their infrastructure leveraging the blockchain and IoT devices, and as a result, there will be an increase in related fraud-as-a-service offerings.

Learn more about the growth of cybercrime operations and other fast-growing fraud trends you should expect to hear more about in the coming year in our new "2018 Current State of Cybercrime" white paper.