Cybercriminals are not just targeting businesses and consumers with their nasty practices- they’re also going after one another, according to a new report.
Cybersecurity experts Sophos discovered that crooks often use the same techniques against one another – sometimes for financial gain, sometimes to “settle the score”, and sometimes simply out of spite.
Whatever the case may be, the practice is so widespread that underground forums have entire subsections dedicated to arbitrage and settling these disputes.
Millions in damages
Sophos recently analyzed three separate cybercrime forums, two Russian-speaking ones (Exploit and XSS), and one English-speaking (BreachForums). As it turns out, all three have dedicated arbitration rooms, which experience “occasional mayhem”. Sometimes, the accused criminals would go dark and not show up, or call the accusers “rippers”. In other instances, they try to work out a solution. These aren’t some low-level criminals, either. Some of the world’s most infamous ransomware groups are being mentioned.
In any case, in the last 12 months, Sophos observed some 600 scams, through which the crooks lost more than $2.5 million. Some claims are as low as $2, while others go as high as $160,000. The irony of the whole thing is that the crooks are using the same techniques on each other that they use against their “actual” targets – typosquatting, phishing, backdoors and malware, fake marketplaces, to name a few.
For Sophos, the findings provide a treasure trove of valuable insight into the minds and practices of the cybercriminal community. These insights could (and should) be leveraged in an effort to protect endpoints (opens in new tab) against common threats, the company argues.
“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations—something which has been an untapped resource until now. These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims,” said Matt Wixey, senior threat researcher, Sophos.