Cybercriminals scamming each other out of millions

There is no honour amongst thieves or among scammers, with security company Sophos uncovering a sub-economy of ransomware groups scamming each other out of millions of dollars.

An analysis of around 600 scams conducted across three criminal forums found that cybercriminals generated more than $12.5 million by targeting each other with classic scam techniques. These techniques include typosquatting, phishing, backdoored malware and fake marketplaces.

The findings of the investigation were detailed in a new report. For the report, Sophos X-Ops experts investigated Exploit and XSS, two Russian-language cybercrime forums that provide access-as-a-service (AaaS) listings, as well as the English language BreachForums.

Each site has a dedicated arbitration room which cybercriminals use to accuse each other of targeting them in the scams they also unleash on the public.

“While investigating cybercriminal scams, we stumbled upon an entire sub-economy that includes not just lower-tier criminals, but some of the most prominent ransomware groups,” Sophos Senior Threat Researcher Matt Wixey said.

“And these scams aren’t always just financially motivated. Personal beefs and rivalries were common. We also found incidents where scammers would scam the scammers who scammed them. In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying $250 to join a fake underground forum. The ‘winner’ of the contest received $100.”

The arbitration process left behind volumes of untapped intelligence that security professionals and law enforcement could leverage to better understand and defend against cybercriminal behaviours, the report found.

“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations — something which has been an untapped resource until now,” Wixey said.

“These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims.”

Image credit: iStock.com/anderStock