The dynamics of the dark web are changing, and not in a good way. It’s now easier than ever for any individual – even those with minimal security or IT background – to sell or buy services on the dark web and become a successful cybercriminal.
GroupSense researchers recently found posters on the dark web promoting designer websites and darknet services that make it much easier for even an average internet user to participate in cybercriminal activities without leaving a digital trail.
This “commercialization” of the dark web is bad news for both companies and individuals because it increases the number of people able to perform cyberattacks. To better explain how this commercialization works, let’s take a look at two examples.
The “Phishing Factory” is a site that offers a phishing service in exchange for Bitcoin. The owner of the site creates pages and scripts for only 100 euros and hosts phishing pages for 20 euros per month. To subscribe to the service, all someone needs to do is give their email and a URL to a page that they’d like to use to phish information. It’s as simple (and as scary) as that.
Figure 1- the page offering phishing-as-a-service
The possibilities for using a service like this are endless, giving dark web users the ability to easily create phishing URLs that lead to fake sites targeting banks, medical offices, security companies and other organizations. This means we’ve gone from a place where individual threat actors actively look to steal information for their own personal gain, to one where threat actors are selling their services for other’s malicious activities. In essence, they’ve gone from mining for gold, to selling picks and shovels to new gold miners.
OrderBot is another new service on the dark web, identified by GroupSense researchers, that allows vendors to sell their services and products through the Telegram App. OrderBot uses a web server to host the Telegram bot, and, according to the OrderBot poster we found below, the cybercriminals behind OrderBot claim they are not able to access any personally identifiable information or see who or what is selling the items. Instead, the bot acts as an intermediary between the seller and the buyer. The only information OrderBot claims to retain are nicknames and Litecoin wallet addresses.
Figure 2- displays first information of OrderBot service
OrderBot charges the parties involved a 1% commission and then forwards the payments to the buyer. To begin the sales process, the only thing customers need to do is add OrderBot on Telegram and let the bot know the nickname of the buyer. Sellers simply need to sign up to use OrderBot and then provide detailed information to their customers regarding how to reach them on Telegram. The transactions are all done on the dark web through Litecoin instead of the normal Bitcoin currency.
Figure 3- displays more information of OrderBot service
Even more disturbing is the fact that OrderBot includes disclaimers for sellers, so they cannot be held accountable. Of course, this is outside of the law either way.
The OrderBot example demonstrates an increase in dark web posters attempting to differentiate cybercriminal services by offering unique branding, a set of rules and guidelines for interested parties to follow, and a nice stream of cash from daily business.
Figure 4- displays the last of the information of OrderBot service
Where is the Dark Web Market Headed?
This trend of decentralized markets is becoming more common on the dark web, especially with the instability of current dark web markets. You can read more about the disappearances of dark web markets at our Darknet Drama blog post.
Also, now that there is increased competition, threat actors are needing to find new ways to market their services and products, hence the increased attention to design and proper guidelines. With threat actors offering services that “dumb down” cybercrime, we can possibly expect the population of cyber criminals to grow. For example, an unhappy employee or even a vengeful partner with no notable technical skills can easily access the dark web and target a company with their insider knowledge.
Here at GroupSense, we monitor the dark web for security breaches and can help prevent insiders from hurting a company’s reputation from exposed data. To learn more about our unique approach to threat intelligence, schedule a meeting with a GroupSense team member to see how we can help you identify your digital risk.