We continuously monitor underground markets for the emergence of new “cryptors,” which are tools specifically designed to obfuscate the code within malware samples. The primary purpose of these tools is to render the code undetectable by security software. In 2024, our expert observations indicate that commercial advertising for these cryptors have indeed gained momentum. Cryptor developers are introducing novel techniques to evade detection by security solutions, incorporating these advances into their malware offerings. Pricing for these tools has remained consistent, ranging from $100 for a monthly subscription to cryptors available on dark web forums to as much as $20,000 for premium private subscriptions. There has been a shift toward the development and distribution of premium private solutions, which are becoming increasingly prevalent compared to public offerings.
As anticipated, the supply for the “loader” malware family has been constant in 2024. These loaders exhibit a wide range of capabilities, from mass-distributed loaders available at low prices to highly specialized loaders tailored to detailed specifications with prices reaching into the thousands of dollars.
Additionally, threat actors appear to be increasingly using multiple programming languages. For example, the client component of the malware may be developed in C++, while the server-side admin panel is implemented in Go. Along with the wide variety of loader offerings, we have also seen demands for specific functionality tailored to launch a particular infection chain.
In 2024, we observed a surge in the activity of “drainers” across dark markets. These are malicious tools designed to steal the victim’s crypto assets, such as tokens or NFTs. New drainers emerged throughout the year and were actively promoted on various dark web platforms. In general, the number of unique threads discussing drainers on underground markets increased from 55 in 2022 to 129 in 2024, which is remarkable. At the same time, these posts frequently served as redirects to Telegram.
In 2024, the popularity of black traffic schemes on underground markets remained constant. Black traffic dealers have maintained their operations by promoting malicious landing pages through deceptive ads. Sales activities for these services remain robust on underground markets, with demand holding steady, further highlighting the effectiveness of mainstream ad delivery platforms for malware distribution. This method continues to be a popular choice for cybercriminals looking to reach a wider audience, posing an ongoing threat to online users.
In 2024, there was no significant increase in the number of services advertising cryptocurrency “cleaning” solutions. The majority of established and popular services have maintained their presence in the market, with little change in the competitive landscape.
Data breaches through contractors When abusing company-contractor relationships (trusted relationship attacks), threat actors first infiltrate a supplier’s systems and then gain access to the target organization’s infrastructure or data. In some cases, these attacks result in significant data breaches, such as the case where attackers allegedly accessed Ticketmaster’s Snowflake cloud account by breaching a third-party contractor. Another prominent threat actor employing this tactic was IntelBroker – the actor and their associated gang reportedly breached companies like Nokia, Ford, a number of Cisco customers including Microsoft, and others through third parties.
We expect to see the number of attacks through contractors leading to data breaches at major end targets to continue to grow in 2025. Cloud platforms and IT services often store and process corporate data from multiple organizations, so a breach at just one company can open the door to many others. It is worth noting that a breach does not necessarily have to affect critical assets to be destructive. Not every data breach advertisement on the dark web is the result of a genuinely serious incident. Some “offers” may simply be well-marketed material; for example, certain databases may combine publicly available or previously leaked data and present it as breaking news, or simply claim to be a breach for a well-known brand. By creating hype around what is actually old – and probably irrelevant – data, cybercriminals can provoke publicity, generate buzz, and damage the reputation of both the supplier and its customers.
Despite a spike in cybercriminal activity on Telegram in 2024, we expect the shadow community to migrate back to dark web forums. Shadow Telegram channels are increasingly being banned, as noted by their administrators. The return or influx of cybercriminals to dark web forums is expected to intensify competition among these resources. To stand out and attract new audiences, forum operators are likely to start introducing new features and improving conditions for data trading. These may include automated escrow services, streamlined dispute resolution processes, and improved security and anonymity measures.
By monitoring discussions and transactions on dark web forums, companies can gain insight into emerging threats that could impact their networks. For instance, the sale of a zero-day exploit or the exchange of corporate data stolen from a particular company could serve as a warning sign for imminent cyberattacks. Additionally, businesses can use dark web monitoring to identify data leaks or breaches involving their customers, allowing them to take immediate action to mitigate the damage.
Law enforcement agencies will continue to use dark web monitoring as a tool to track down cybercriminals, uncover illicit markets, and dismantle illegal organizations operating on the dark web. As governments and law enforcement agencies grow more proficient in using AI and machine learning to identify criminals, they will increasingly be able to monitor and track the movement of illegal goods and services more efficiently. This could lead to greater accountability in the fight against cybercrime, human trafficking, and drug trade. However, the increasing effectiveness of dark web monitoring could also lead to concerns about government overreach and the potential for civil rights violations.
As we approach 2025, dark web monitoring will become an increasingly essential tool in combating cybercrime, preventing data breaches, and protecting both businesses and consumers from emerging digital threats. However, the growing sophistication of monitoring systems brings with it significant ethical, privacy, and civil liberty concerns. The challenge moving forward will be to balance the need for security with the protection of individual rights. As technology continues to evolve, dark web monitoring will undoubtedly play a critical role in shaping the future of cybersecurity, but it will require careful consideration of its implications on privacy and the responsible use of collected data.
BESTCopyright © 2024 Top10VPNREVIEWS.NET. All Rights Reserved. The information we share on this website does not constitute legal or professional advice and should not be treated as such. Reproduction of this site in whole or in part is strictly prohibited.
