As we look ahead to what this new year brings, we wanted to offer our expectations for dark web markets in 2020.
Dark Web Expectations
In a previous blog post called “The Commercialization of the Dark Web,” we mentioned the increased competition between threat actors and how they have begun offering services that ‘dumb down’ cybercrime for the average person. Because of this, in the coming year, we expect this “democratization” of cybercrime to cause the population of threat actors to grow, which will only increase the amount of cybercrimes being committed.
We also expect for there to be further consolidation of the dark web. The consolidation will be driven by two major factors: an increase in exit scams and an increase in law enforcement take-downs. In July 2019, the operators of Nightmare Market performed an exit scam, taking potentially millions of dollars from their users. Other darknet market operators could follow the lead of Nightmare Market, shutting down their market with sizable sums of money under their control.
Likewise, continued pressure by law enforcement could force darknet market operators to exit scam or lose access to their sites altogether. In certain cases, such as in our previous blog Darknet Drama, the administrators behind these markets could end up arrested by law enforcement leaving no one to manage the site. These factors will drive threat actors to look elsewhere to sell or buy their resources.
A ‘New’ Dark Web Market
So, what does this mean for the dark web? The seemingly divergent trends of democratization and consolidation will result in a decentralization of the almost $1 trillion cybercrime economy, as more and more threat actors execute attacks and monetize them across fewer dark web communications channels and sites. This will lead to the de facto “Amazoning” of the dark web, where large numbers of “independent operators” sell their wares over alternate channels – such as Discord, Telegram and OpenBazaar – making it more difficult than ever to track breaches and transactions.
As a refresher, Discord is a cloud-based messaging app with over 250+ million active users worldwide. The app became very popular among gamers, who used it to synchronously stream their gameplay, chat with fans and receive donations. Users are also able to set up their own “servers,” either public or private, to chat through text, video or even voice. Late last year, it was reported that hackers modified Discord’s private groups to function like retail shops to sell stolen credit card numbers, breached account credentials and even various types of malware to infect networks.
Telegram is a very similar chat application with more than 200 million users, while OpenBazaar is an open source project used by tens of thousands of people for e-commerce transactions using cryptocurrencies as a medium of exchange. In recent years, GroupSense researchers have observed that Discord and Telegram have had an increase in usage by threat actors.
As of now, GroupSense researchers have also witnessed a pattern of threat actors using OpenBazaar as an alternative when markets on the dark web become unreliable. This is just the beginning of what is to come.
Outlook for 2020
2020 will bring a further decentralization of the dark web. Cloud-based apps like Discord and the proliferation of basic VPNs have reduced the friction of operational security practices for threat actors. Where Tor was once required by threat actors to anonymize their traffic, threat actors can now use new, off-the-shelf technology to rather easily anonymize their traffic. This opens new channels for threat actors to sell stolen PII, credit cards, and other illicit products.
Contact GroupSense to get ahead of the change in the cybercrime economy and mitigate any further digital risk in 2020.