<< Back to article Print this page Loading page, please wait...

Profits, falling crimeware prices driving Chinese cybercrime

Antone Gonsalves (CSO (US))
08 September, 2014 22:38

Falling prices on services and feature-rich toolkits is fueling thriving online marketplaces in China where criminals gather to buy the wares used in cyber-attacks against businesses and consumers.

A recent report on the criminal underground from security vendor Trend Micro found that the economic and technical barriers to becoming a cybercriminal are much lower today than in the past.

As a result, the market for tools to get started in cybercrime or to improve ongoing operations is booming. These marketplaces are particularly strong in Russia, China and Brazil.

"The number of people who want in on the game and are playing the game is growing," Trend Micro spokesman Christopher Budd said Friday. "More people are seeing other people making money off of this and choosing to get involved."

The report found that most trading in the marketplaces occurred at night and on Sunday, an indication that many of the participants were working in cybercrime part-time.

"We've got people who may be using this to supplement their day jobs," Budd said.

To avoid law enforcement agencies, market operators are hiding on the Tor anonymity network, which makes them invisible to search engines, such as Google and Microsoft Bing.

The Trend Micro report focuses on the Chinese market, where criminals used the popular instant-messaging app called QQ as a primary communication tool.

IM service provider Tencent's group feature for QQ is used to create multiple chatrooms, each with a unique name and description. These groups are searchable based on keywords, so cyber-arms sellers will form groups based on product lines, such DDoS tools and malware.

At the end of 2013, Trend Micro found more than 1.4 million IM messages related to criminal activity on Tencent's QQ Groups. The number of participants more than doubled in 2013 from the previous year, as well as the number of messages sent.

The most popular products, based on group discussions, were compromised servers available for rent, distributed denial-of-service (DDoS) attack services and remote access tools (RATs) and Trojans.

Hijacked servers were available for distributing spam and malware, launching DDoS attacks or running complex computing tasks, such as Bitcoin mining, the process for generating the cryptocurrency, so criminals can use it in illicit activity.

"You can think of the compromised host as a Swiss army knife," Budd said. "Once you've got it, you can use if for many things."

Trend Micro found that the number of people participating in China's emerging mobile market for crimeware and services had risen 2.5 times from 2012.

Most of the demand was for services that send spam via text messages, Short Message Service (SMS) servers and premium text services in which mobile phone users are charged when malware sends texts to the services.

"Mobile is hot around the world and mobile is hot not just in the legitimate space, but in the crime space," Budd said. "Mobile is the growth market for this activity."