Soaring energy bills, inflation, skyrocketing interest rates; The world continues to suffer from a cost of living and economic crisis. As individuals feel the pressure in their supermarkets, on their mortgage rates, and at the gas pumps, the impact of the global economic downturn and other major events is also being felt in the cybercriminal world. Check out some of our insights into these difficulties in the blog below.
Life in cybercrime follows a series of ups and downs:
As with everything in life, nothing is predictable. You could be on top of the world one minute, metaphorically – or literally – searching through the dumpster the next. Never get too comfortable upstairs, and never get discouraged downstairs. We’re getting very close to Forest Gump territory here, but life is complicated and you don’t know what’s around the corner.
While researching the content for this blog, we got this impression from several threads about budding cybercriminals making their way into the cybercrime world. However, we should be clear that it has often been difficult to discern the specific nuances of cybercriminals’ financial problems; While there are major economic woes currently raging around the world, much of the contention facing Russian-aligned threat actors will likely have to do with persistence War between Russia and Ukraine. However, there were a number of interesting insights that we were able to glean.
In response to a thread about the financial life and history of other forum users, several users commented that the early successes in their life as a cybercriminal often felt the most meaningful. This included earning their first 100 from illegal means (currency not specified, likely USD) and buying their first bottle of whiskey and cognac. However, the financial situation was in “jumps”, that is, some systems worked for a while, the threat actor was able to make consistent profits, then the method became redundant. At this point, the threat actor was forced to look for another method to generate financial gain, which often required time and investment to identify new schemes.
Given the recent sanctions and additional scrutiny of activities originating from Russian companies, it is likely that many of these cybercriminals have been forced to constantly refine and adapt their techniques. and therefore have to climb out of this trough again. A good example of this is the use of GooglePay and other financial technologies being banned for use across Russia; This resulted in many scams becoming obsolete almost overnight.
Falling yields after the Ukraine war:
A user in the same thread also shared some unique insights related to the ongoing Russia-Ukraine war, which, while bringing with it a level of violence not seen in Europe for many decades, also created significant financial turmoil on the all over the world. Energy prices and global supply chains have been particularly impacted by the ongoing conflict in Eastern Europe.
Cyber criminals are also feeling the pinch during these troubling times. In the same thread mentioned above, a user replied that he “earned as much as he wanted” before the conflict, who subsequently lost his “shadow” earnings; Of course, shadow earnings are likely related to the cyber criminals’ work, which may be carried out alongside a regular job. This lack of current earnings was echoed by other users who claimed that nothing they had tried had worked and they were “tired of living in poverty”.
For those lucky enough to find shadow work, the prices they could fetch had reportedly dropped. One user suggested that at some point – probably before the conflict – a user could typically charge $500 to provide initial access to a target network. Related to the conversation, the user seems to have implied that prices have dropped significantly since that time. We’ve written multiple times about the rise of Initial Access Brokers (IABs) and how this type of threat actor has greatly facilitated cybercrime, but it’s possible that the market has either become oversaturated with IABs and prices have dropped as a result.
Carding a dying art form:
We previously wrote about the raids carried out by the Russian Federal Security Service (FSB) on several prominent members of the carding community. Six months later and it appears the raids have either ramped up or coincided with a reduction in overall carding activity. We have noticed in recent operations that some cybercriminals have felt that carding is a diminishing art form that is making it increasingly difficult to generate regular returns. Some users had raised concerns about the difficulties in getting up-to-date information about carding activity on forums, while another suggested that they intentionally do not post carding-related information to prevent competitors from gaining an advantage.
A lack of genuine card data was also a problem for those involved in this type of activity, which often saw duplicate or invalid cards being sold to potential buyers. a lack of honor among thieves, who would have thought? A prediction for the future of carding produced differing opinions; Some users stated that they had continued success but probably got lucky in their endeavors, while another user suggested that carding wouldn’t be profitable in a couple of years.
It’s quite possible that many cyber criminals have simply moved on to more profitable ventures, such as supporting ransomware operations. While there is no proven route into the cybercrime world, carding tends to be done by those on the lower end of the spectrum; ie made by screenplay kiddies and criminals without much technical know-how. As it becomes more difficult to generate a sustainable income from carding, it may become more difficult for aspiring cybercriminals to establish themselves in this space; It’s hard to jump into a new venture when you can’t make enough money to pay the bills.
Cyber crime finds a way
Cyber criminals are a resilient and adaptable breed. Although current economic and geopolitical conditions have caused financial returns to decline, it is likely that the impact will only be a short-term obstacle. Many types of cybercrime, including ransomware and account takeovers, have thrived over the past year and will almost certainly continue as we enter the final quarter of 2022. If you want to discover more useful insights our team uncovers from closed sources, why not Sign up for a SearchLight demo.