Both established markets and emerging vendors on the Dark Web have been actively promoting fresh inventory and steep discounts for holiday sales, including Black Friday and Cyber Monday.
Holiday Sales on the Dark Web
- Holiday sales, including Black Friday and Cyber Monday, are aggressively promoted by criminal sellers on the Dark Web seeking to grow sales and customers.
- The expected outcome of greater inventory at a lower cost, as we have seen in prior years, is an increase in fraud activity and cyberattacks heading into the end of the calendar year.
- Companies across sectors – from financial services to e-commerce to hospitality and more – should evaluate their exposure on the digital “underground” and consider deploying proactive strategies to detect and thwart these threats.
Holiday sales aren't limited to legitimate businesses
Carding shops offer bulk sales on compromised payment card data
Carding shops are underground marketplaces that traffic in compromised payment card data. These marketplaces facilitate the movement of compromised payment card data from hackers to fraudsters, often across faraway geographies. The following are actual screenshots of popular underground carding shops promoting Black Friday deals:
Account markets offer discounts on data hacked from victims
Another popular category in the underground is account markets. Account markets are e-commerce shops that offer data hacked from victims around the world. The types of compromised accounts that are commonly available and most popular on account markets are financial (bank, investments, brokerage), e-commerce, online payments, dating sites, mobile / telecommunications, social media, and email. Cybercriminals, hackers, and fraudsters purchase the account data in order to access the victims’ accounts and exploit them in various ways. The following is a screenshot of a popular account market offering a 50% discount on Black Friday:
Even illicit services are offered at a discount
One of the most important links in the chain of e-commerce fraud is the “mule”. Mules are “front men” used by fraudsters to receive packages purchased online using stolen payment cards. There are many operators of mule networks offering their services on the Dark Web. Not surprisingly, these operators have prepared for Black Friday and Cyber Monday, mainly by increasing mule capacity to satisfy the high demand during the holiday shopping.
Just like in the big box stores, technical tools for illicit activity are also on sale
The digital underground is home to countless providers of technical tools and services – malware, exploit kits, phishing kits, and virtual private servers, to name a few - to other fraudsters and cybercriminals. “Anti-Detect” tools are also widely available on the underground. An “anti-detect” tool enables cybercriminals to effectively emulate a victim’s device and browser and defeat “fingerprinting” controls deployed by companies fighting cybercrime. The number and popularity of such tools has grown substantially starting in 2018. For Black Friday, the vendor of the leading anti-detect tool offers a 25% discount on several subscription packages:
Institutions need to be proactive to detect and thwart cyber threats early
The holiday season is often marked by increased fraud activity and cyberattacks targeting companies across sectors and geographies. Recognizing the intelligence value of the digital underground, companies should take steps to quickly assess their exposure across the Dark Web, Deep Web, and beyond.
Such analysis can help answer questions such as:
- Are we being targeted?
- What tools and tactics are our adversaries using?
- What data or access has already been compromised?
- What can we learn from peer companies?
Additionally, companies should consider deploying more proactive strategies to detect and thwart fraud and cyber threats early, for example, flagging compromised payment cards promoted on the Dark Web as part of Black Friday deals.