Attackers Use Classic Techniques – Typosquatting, Phishing, Backdoored Malware, Fake Marketplaces, and Much More – to Scam Each Other; Sub-Economy in Just 3 Cybercriminal Forums Generated More Than $2.5 Million in 12 Months

OXFORD, U.K. — 十二月 7, 2022 —

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced in the first of a four-part series, “The Scammers Who Scam Scammers on Cybercrime Forums,” that cybercriminals are scamming each other out of millions of dollars and use arbitration to settle disputes about the scams. The report also reveals how attackers use classic techniques—some decades old, such as typosquatting, phishing, backdoored malware, and fake marketplaces—to carry out their scams against each other.

For this report, Sophos X-Ops experts investigated Exploit and XSS, two Russian-language cybercrime forums that provide Access-as-a-Service (AaaS) listings, and BreachForums, an English-language cybercrime forum and marketplace specializing in data leaks. All three sites have dedicated arbitration rooms. Despite this resolution process provoking occasional mayhem among the “plaintiffs and defendants,” with some accused criminals either going dark and not showing up, or calling the complainants themselves “rippers,” the practice of scammers scamming scammers is lucrative. During a 12-month period, Sophos examined approximately 600 scams that resulted in threat actors losing more than $2.5 million to each other, just on these three forums—with claims ranging from $2 to $160,000.

“While investigating cybercriminal scams, we stumbled upon an entire sub-economy that includes not just lower-tier criminals, but some of the most prominent ransomware groups. And these scams aren’t always just financially motivated. Personal beefs and rivalries were common. We also found incidents where scammers would scam the scammers who scammed them. In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying $250 to join a fake underground forum. The ‘winner’ of the contest received $100,” said Matt Wixey, senior threat researcher, Sophos.

Sophos also discovered that the arguments and arbitration process left behind a wealth of untapped intelligence that security professionals and law enforcement could leverage to better understand and defend against cybercriminal behaviors.

“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations—something which has been an untapped resource until now. These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims,” said Wixey.

Read part one of the four-part series on “The Scammers who Scam Scammers on Cybercrime Forums” on Sophos.com.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。