Two weeks ago we talked about the disappearance of Nucleus Market and how many of its former users have moved to AlphaBay, the unquestioned leader in terms of current dark web activity.
This week we turn our attention to Dream Market, the second most popular dark web market of 2016, according to SurfWatch Labs’ threat intelligence data.
A Quick Look at Dream Market
The places where cybercriminals go to sell their illicit goods and services are constantly changing. This is due to a combination of exit scams that rip off buyers, law enforcement disrupting operations, and a healthy paranoia that may lead those running certain markets to close up shop before getting caught. Dream Market has been around since November 2013 — a significant achievement in the ever-evolving cybercriminal scene. At two-and-a-half years of age, it is the oldest existing dark web marketplace, and that longevity has helped it to establish a certain level of trust among its users.
Although most dark web markets sell a wide variety of items, certain sites tend to attract specific types of listings over others. For example, when we wrote about AlphaBay, we focused on the problem of stolen credentials, the market’s most popular practice tag, according to SurfWatch Labs’s data.
When looking at Dream Market, credentials trade is much less popular. Instead, the most popular type of listing involves crimeware.
Although Dream Market’s popularity is growing, some users have reported occasional issues accessing the market since Nucleus went offline. This may be due to the influx of former Nucleus users or — as has occurred in the past — DDoS attacks from competitors trying to disrupt the user base.
Crimeware Trade and “Sophisticated” Cybercriminals
There’s a perception that cybercriminals are growing increasingly sophisticated. This is driven home by the fact that nearly every company’s PR team rolls out the “we were victims of a sophisticated cyber-attack” line after each incident. It’s true; the cybercrime-as-a-service model has allowed for advanced techniques to be more readily available to the average hacker. However, the root causes of data breaches and other cyber incidents tend to remain relatively unsophisticated.
When looking at the many listings on Dream Market related to crimeware trade, it’s clear that not everyone is a criminal mastermind performing million dollar wire fraud or business email compromises scams. In fact, many crimeware items for sale on Dream Market and elsewhere aren’t malware like remote access Trojans or keyloggers at all, but rather basic guides on how to perform simple, low-level thefts.
For example, there’s the below vendor who’s selling a guide on how to scam a major retailer for in-store credit. This “dead serious” scam has even been used to make money to take dates out for drinks and to get a tank of gas. Your satisfaction is guaranteed!
Are you hungry? You won’t be anymore if you follow this other vendor’s advice on scamming a popular pizza chain. Get unlimited free pizza.
Or are you an aspiring fraudster looking for someone to take you under their wing? For just the low price of $2.99, you can learn how to take advantage of this company’s obvious security flaws, handy smartphone application, and no-questions-asked refund policy. The vendor even claims it’s legal!
Or maybe you’ve hit hard times and need a few bucks. No worries! This vendor has a guide that’s “perfect for those in financial instability situations.” Just purchase some of the many bank account credentials that are advertised with enticing balances, and pair those with this handy step-by-step tutorial to cash them out — no knowledge necessary.
Or maybe you hear about all these tools used to discover vulnerabilities and hack businesses, but you don’t know how to use them. There are plenty of guides for those without technical knowledge.
Of course, real malware, tools and hacking services are for sale, along with stolen credentials, pirated media, counterfeit documents and more.
Although it’s fun to look at some of the over-the-top salesmanship and scams for sale on Dream Market and others, it is important to note that those low-dollar fraudulent charges, while not enough to make news headlines, do have a significant impact on the companies they’re targeting and the individuals they’re ripping off.
Also, the fact that potential criminals can have their hands held throughout the whole process of cybercrime — from phishing to malware to cashing out funds — is a growing concern. As we wrote in SurfWatch Labs’ 2015 Year in Review, “This separation of the technical aspect of cybercrime has widened the pool of potential hackers and lessened the knowledge gap that previously separated groups of malicious actors.”
There is no need to build an exploit kit or point-of-sale malware from scratch. Simply purchase the latest tools complete with customer service and technical support. Need a phishing page or information on a company’s employees? Buy one of the many guides on social engineering. No time for that? Simply hire one of the many services to do the technical legwork for you.
The good news? All of the information and tools available to those wannabe hackers can be leveraged by organizations as well. This dark web threat intelligence can help us better understand the relevant cyber threats facing organizations, their supply chain and their customers.
Next week we’ll look at another dark web market to see what intelligence we can learn.