Sophos, a global leader in innovating and delivering cybersecurity solutions as a service, announced the first part of the investigation “The Scammers Who Scam Scammers on Cybercrime Forums”, in which he details how hackers are deceiving each other in multi-million dollar scams and resorting to arbitration to resolve disputes over the scams.
The report also reveals that attackers use classic techniques – some decades old, such as typosquatting (replicating legitimate domains with typos in writing), phishing, backdoor malware and fake marketplaces – to carry out the scams against each other.
For this investigation, Sophos X-Ops experts investigated Exploit and XSS, two Russian-language cybercrime forums that provide Access as a Service (AaaS) lists, and BreachForums, an English-language cybercrime forum and marketplace specializing in breaches. – all of them with dedicated arbitration rooms. Although the resolution processes cause occasional chaos between “plaintiffs and defendants”, with some accused criminals disappearing, this practice of attackers deceiving each other is profitable.
Over a 12-month period, Sophos examined approximately 600 scams that resulted in total losses of more than $2.5 million among cybercriminals – hackers – in these three forums alone – with compensation demands ranging from $2 to $160.000.
“When we investigate cybercriminal scams, we come across an entire sub-economy that includes not just low-level attackers, but some of the most prominent ransomware groups. These scams don't always have purely financial motives; Personal quarrels and rivalries are common. We also found incidents where criminals deceived those who had already deceived them. In one case, we found a fake contest, created by a criminal who wanted revenge on another who tried to trick users into paying $250 to participate in a fake underground forum. The 'winner' of the contest received $100,” commented Matt Wixey, Senior Threat Researcher at Sophos.
