Attackers Use Classic Techniques – Typosquatting, Phishing, Backdoored Malware, Fake Marketplaces, and Much More – to Scam Each Other; Sub-Economy in Just 3 Cybercriminal Forums Generated More Than $2.5 Million in 12 Months

OXFORD, U.K. — 十二月 7, 2022 —

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced in the first of a four-part series, “The Scammers Who Scam Scammers on Cybercrime Forums,” that cybercriminals are scamming each other out of millions of dollars and use arbitration to settle disputes about the scams. The report also reveals how attackers use classic techniques—some decades old, such as typosquatting, phishing, backdoored malware, and fake marketplaces—to carry out their scams against each other.

For this report, Sophos X-Ops experts investigated Exploit and XSS, two Russian-language cybercrime forums that provide Access-as-a-Service (AaaS) listings, and BreachForums, an English-language cybercrime forum and marketplace specializing in data leaks. All three sites have dedicated arbitration rooms. Despite this resolution process provoking occasional mayhem among the “plaintiffs and defendants,” with some accused criminals either going dark and not showing up, or calling the complainants themselves “rippers,” the practice of scammers scamming scammers is lucrative. During a 12-month period, Sophos examined approximately 600 scams that resulted in threat actors losing more than $2.5 million to each other, just on these three forums—with claims ranging from $2 to $160,000.

“While investigating cybercriminal scams, we stumbled upon an entire sub-economy that includes not just lower-tier criminals, but some of the most prominent ransomware groups. And these scams aren’t always just financially motivated. Personal beefs and rivalries were common. We also found incidents where scammers would scam the scammers who scammed them. In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying $250 to join a fake underground forum. The ‘winner’ of the contest received $100,” said Matt Wixey, senior threat researcher, Sophos.

Sophos also discovered that the arguments and arbitration process left behind a wealth of untapped intelligence that security professionals and law enforcement could leverage to better understand and defend against cybercriminal behaviors.

“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations—something which has been an untapped resource until now. These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims,” said Wixey.

Read part one of the four-part series on “The Scammers who Scam Scammers on Cybercrime Forums” on Sophos.com.

关于 Sophos

Sophos 是全球领先的先进安全解决方案提供商和创新者,全面安全解决方案涵盖托管式侦测与响应 (MDR) 和事件响应服务,以及广泛的端点、网络、电子邮件和云安全技术。作为最大的纯网络安全厂商之一,Sophos 为全球超过 600,000 家企业和超过 1 亿用户提供防御主动攻击对手、勒索软件、网络钓鱼、恶意软件等威胁的保护。Sophos 的服务和产品通过 Sophos Central 管理控制台连接,并得到公司内部的跨领域威胁情报部门 Sophos X-Ops 的支持。Sophos X-Ops 情报优化整个 Sophos Adaptive Cybersecurity Ecosystem 自适应网络安全生态体系,包括一个中央数据湖,为客户、合作伙伴、开发人员和其他网络安全与信息技术供应商提供一组丰富的开放 API。Sophos为需要完全托管的安全解决方案的组织提供网络安全即服务。客户还可以直接利用 Sophos 的安全运行平台管理其网络安全,或者采用混合方法,为内部团队补充 Sophos 服务(包括威胁追踪与修复)。Sophos 通过世界各地的经销商合作伙伴和托管服务供应商 (MSP) 销售。Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.com