The Dark Web has fragmented and cybercriminals are harder to find

The closure of two of the biggest marketplaces for illegal and illicit services on the Internet may have rapidly dispersed the cybercriminal community, but it hasn't take them long to find other places to trade.

AlphaBay and Hansa were large sophisticated e-commerce sites that sold everything from stolen intellectual property (IP) and credit card details to guns and toxic chemicals. They were shut down last summer following a coordinated effort by international law enforcement agencies, who saw it as a major blow in destroying the Dark Web's underbelly. Instead, it has resulted in a splintering of criminal activity in the Internet's murky underworld – spawning private forums and groups.

The reality is that the closure of AlphaBay and Hansa has seen illegal trading continue unabated in the virtual world, be it in a different guise. The large, high-profile eBay style model requiring hefty set-up and administration costs may have disappeared, primarily due to a lack of trust, fear of law enforcement stings and poor user experiences. But, it doesn't mean that the risk to enterprises and consumers has gone away. Instead, cybercriminals have gone back to their roots. To a distributed model made up of chat and messaging networks, which flourished before big sites like Alphabay and Hansa came along.

Just before its shutdown, one of AlphaBay's staff members posted to the site boasting that it had over 40,000 vendors and in excess of 200,000 users. Around the time of its take down, there were over 100,000 listings for stolen goods and services. These included fraudulent identification documents, access devices, counterfeit goods, malware and other computer hacking tools, firearms and illegal services, according to the U.S. Department of Justice. Comparatively, the notorious Silk Road marketplace, which was closed down in 2013, had reportedly approximately 14,000 listings at the time of seizure. This just highlights just how much criminal activity has grown on the Dark Web.

Cybercriminals adopt new technologies and approaches

According to Cybersecurity Ventures, global damages from cybercrime will climb to $6 trillion annually by 2021, up from $3 trillion in 2015. Cybercriminals are adopting new processes, technologies and communications to strengthen their activities. Criminal sites, such as Joker's Stash, have been using a decentralized Blockchain domain name system (DNS) alongside established Tor domains to better secure operations. Blockchain domains contain encrypted hashes as opposed to an individual's name and address, which makes it much more difficult for law enforcement agencies to track sites. Open-source, decentralized site OpenBazaar has introduced peer-to-peer cryptocurrency trading direct from users on its platform. This online site takes a very hands-off approach and has no restrictions on what is purchased or sold.

Security researchers Digital Shadows has also noted a shift towards peer-to-peer networks and chat channels for Dark Web trading. In the past six months, it has seen over 5,000 Telegram links shared across criminal forums and dark websites, for example, of which a staggering 1,667 were invite links to new groups.

Cybercriminals are becoming more clever at who to let into their inner sanctums. They are looking at alternative ways of allowing new users access to forums, such as area access restrictions, for example. Here users have to attain a certain level of positive feedback from buyers before they can move up to the next level or access certain areas.

In addition, cybercriminals are looking at different avenues of communication. They may advertise an illegal product or service in a forum, for example, but instead of negotiating through the forum or private messaging, they are requesting interested parties to use other chat networks such as Jabber or Skype. This way their movements are difficult to track.

Cybercriminal marketplace is thriving

Illicit business, it appears, has never been as busy on the Dark Web. Demand is outstripping supply. For example, according to research by Positive Technologies, the demand for malware creation on the Dark Web is now three times greater than supply. They found over 10,000 hack-for-hire and malware-related postings alone. Compromising a site and obtaining full control over a web application can cost as little as $150, with a targeted attack priced at around $4,500.

At the same time, the average cost of data breaches is escalating. According to the 2018 Ponemon Institute Cost of a Data Breach Study, the average cost of a data breach is now $3.8 million – a 6.4 percent increase from the 2017 report. Each lost or stolen document cost an average of $148, with health documents costing as much as $408.

Successful marketplaces on the Dark Web can't be created overnight. Take It has a solid reputation among the cybercriminal community. But as Dark Shadows points out, despite being started in 2015, it has only just over 450 members. The development of such sites in the underworld is not as simple as it sounds. It takes time and investment and does not guarantee profitability.

Dispersed, but still active

Cybercriminals may have scattered across the Dark Web, but this does not mean they are any less a threat. It is still imperative that enterprises monitor for any mention of their brands or information for sale on the Dark Web to stay one step ahead of cybercriminals.

Tactics and techniques have changed, and demand for services and products is growing, which means that Dark Web intelligence, allowing enterprises to take preventative action, is now more critical than ever.

To find out more about how Orange Cyberdefense can help you secure your critical data and IP, click here.

Jan Howells

Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.