By Dancho Danchev
Over the past couple of months, I’ve been periodically profiling the monetization tactics applied by novice cybercriminals, a market segment of less technically sophisticated individuals looking for ways to cash out on their fraudulent Web activities.
The rise of this market segment can be contributed to the rise of managed cybercrime-friendly services and DIY tools, allowing everyone an easy entry into the world of cybercrime.
In this post, I’ll profile yet another recently launched cybercrime-friendly E-shop, and emphasize the emergence of these over-the-counter (OTC) trading E-shops.
Sample screenshots of the boutique cybercrime-friendly E-shop:
As you can see in the above screenshot, the novice cybercriminals are currently listing 22 fraudulently obtained items for sale. Selling items including compromised email accounts, compromised FTP accounts and Linux shells, the individual behind this E-shop is actively looking for ways to monetize the fraudulently obtained assets.
What makes an impression in comparison to the previously profiled boutique cybercrime-friendly E-shops, is that all the novice cybercriminals rely on the same E-shop module. This standardization inevitably leads to efficient monetization models, as long as the shop’s owner continues to supply a steady flow of new assets. Which is exactly what I’m not seeing. For instance, the three previously profiled E-shops are now gone, and their authors are no longer advertising their presence at selected cybercrime-friendly communities. Why? Their immature business models, lack of periodic inventory updates, and relatively modest inventories, result in small interest in their underground market propositions.
In comparison, sophisticated cybercriminals rely on affiliate networks, franchise models, market segmentation, price discrimination, and generally avoid monetizing commodity underground items in an attempt to differentiate their underground market proposition and gain more market share, resulting in a recognized and trusted brand name, a respected vendor serving a specific market niche.
We’ll continue monitoring this emerging market segment.