Attackers Use Classic Techniques – Typosquatting, Phishing, Backdoored Malware, Fake Marketplaces, and Much More – to Scam Each Other; Sub-Economy in Just 3 Cybercriminal Forums Generated More Than $2.5 Million in 12 Months

OXFORD, U.K. — Dicembre 7, 2022 —

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced in the first of a four-part series, “The Scammers Who Scam Scammers on Cybercrime Forums,” that cybercriminals are scamming each other out of millions of dollars and use arbitration to settle disputes about the scams. The report also reveals how attackers use classic techniques—some decades old, such as typosquatting, phishing, backdoored malware, and fake marketplaces—to carry out their scams against each other.

For this report, Sophos X-Ops experts investigated Exploit and XSS, two Russian-language cybercrime forums that provide Access-as-a-Service (AaaS) listings, and BreachForums, an English-language cybercrime forum and marketplace specializing in data leaks. All three sites have dedicated arbitration rooms. Despite this resolution process provoking occasional mayhem among the “plaintiffs and defendants,” with some accused criminals either going dark and not showing up, or calling the complainants themselves “rippers,” the practice of scammers scamming scammers is lucrative. During a 12-month period, Sophos examined approximately 600 scams that resulted in threat actors losing more than $2.5 million to each other, just on these three forums—with claims ranging from $2 to $160,000.

“While investigating cybercriminal scams, we stumbled upon an entire sub-economy that includes not just lower-tier criminals, but some of the most prominent ransomware groups. And these scams aren’t always just financially motivated. Personal beefs and rivalries were common. We also found incidents where scammers would scam the scammers who scammed them. In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying $250 to join a fake underground forum. The ‘winner’ of the contest received $100,” said Matt Wixey, senior threat researcher, Sophos.

Sophos also discovered that the arguments and arbitration process left behind a wealth of untapped intelligence that security professionals and law enforcement could leverage to better understand and defend against cybercriminal behaviors.

“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations—something which has been an untapped resource until now. These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims,” said Wixey.

Read part one of the four-part series on “The Scammers who Scam Scammers on Cybercrime Forums” on Sophos.com.

Informazioni su Sophos

Sophos, leader mondiale e innovatore nelle soluzioni di sicurezza avanzate per neutralizzare i cyberattacchi, tra cui servizi MDR (Managed Detection and Response) e incident response, mette a disposizione delle aziende un’ampia gamma di soluzioni di sicurezza per endpoint, network, email e cloud al fine di supportarle nella lotta ai cyber attacchi. In quanto uno dei principali provider di cybersecurity, Sophos protegge oltre 600.000 realtà e più di 100 milioni di utenti a livello globale da potenziali minacce, ransomware, phishing, malware e altro. I servizi e le soluzioni di Sophos vengono gestiti attraverso la console Sophos Central, basata su cloud, e si incentra su Sophos X-Ops, l'unità di threat intelligence cross-domain dell'azienda. Sophos X-Ops ottimizza l’intero ecosistema adattivo di cybersecurity di Sophos, che include un data lake centralizzato, che si avvale di una ricca serie di API aperti, resi disponibili ai clienti, ai partner, agli sviluppatori e ad altri fornitori di cyber security e information technology. Sophos fornisce cybersecurity as a service alle aziende che necessitano di soluzioni chiavi in mano interamente gestite. I clienti possono scegliere di gestire la propria cybersecurity direttamente con la piattaforma di Sophos per le operazioni di sicurezza o di adottare un approccio ibrido, integrando i propri servizi con quelli di Sophos, come il threat hunting e la remediation. Sophos distribuisce i propri prodotti attraverso partner e fornitori di servizi gestiti (MSP) in tutto il mondo. Sophos ha sede a Oxford, nel Regno Unito. Ulteriori informazioni sono disponibili su www.sophos.it.