Cybercriminals aren’t just targeting businesses and consumers with their nefarious practices, they’re also going after each other, according to a new report.
Cybersecurity experts Sophos found that crooks often use the same techniques against each other — sometimes for financial gain, sometimes to “sett the score,” and sometimes just out of spite.
Be that as it may, the practice is so widespread that underground forums have entire subsections devoted to arbitration and settling these disputes.
Millions of damage
Sophos recently analyzed three separate cybercrime forums, two Russian-language (Exploit and XSS) and one English-language (BreachForums). It turns out that all three have special arbitration chambers, which experience “occasional chaos”. Sometimes the accused criminals went in the dark and didn’t show up, or called the accusers “rippers”. In other cases, they try to work out a solution. These are not low-level criminals either. Some of the world’s most notorious ransomware groups are listed.
In any case, Sophos has observed some 600 scams in the past 12 months, with the crooks losing more than $2.5 million. Some claims are as low as $2, while others are as high as $160,000. The irony of the whole thing is that the crooks use the same techniques on each other that they use against their “real” targets – typosquatting, phishing, backdoors and malware, fake marketplaces, to name a few.
For Sophos, the findings provide a wealth of valuable insight into the thoughts and practices of the cybercrime community. These insights can (and should) be used to protect endpoints (opens in new tab) against common threats, the company argues.
“Because criminals often have to provide a lot of evidence when reporting scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations – something that has been an untapped resource until now. These arbitration reports also give us a glimpse into attackers’ priorities, their rivalries and alliances, and, ironically, how they are susceptible to the same types of deception used against their victims,” said Matt Wixey, senior threat researcher at Sophos.