Saturday, September 19, 2020

Trend Micro Releases ‘Digital Souks

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today at GITEX 2017, released its comprehensive whitepaper, “Digital Souks: A Glimpse into the Middle Eastern and  North African Underground,” an in-depth analysis of the cybercriminal activities within the region. Prices for malware and hacking tools are generally a bit more expensive than in other regions. For example, a keylogger in the North American underground runs for USD 1-USD 4, but here it can be up to USD 19. However, the willingness for members to share content for a mutual cause helps balance out the price differences.

The Middle Eastern and North African underground is where culture, ideology, and cybercrime meet. Trend Micro has seen that regional marketplaces closely reflect the societies in which they operate. In this region, this facilitates itself in the “spirit of sharing” mindset, held by those that operate here, with a feeling of brotherhood and religious alliance that transcends the illicit transactions that occur.

“Still a propagating market, the region is not at par in terms of scale and scope when compared to other regions, but the products and services available remain common and sophisticated,” said Ihab Moawad, Vice President, Trend Micro, Mediterranean, Middle East & Africa. “We now have a heightened awareness of the region, which then allows us to gather and analyze threat intelligence so that we can better help the region strengthen its cyber defenses. Trend Micro will continue to monitor regional marketplaces so we can proactively empower our ecosystem, and offer greater clarity to law enforcement agencies, here in the region, and globally.”

“Also, the prevalence of giving services and malware away for free is interesting. Other underground marketplaces provide support to members, but the extent and willingness in this region is unique,” added Moawad.

The ideology of hacking as a service is unique to MENA’s underground due to the ideology that drives its trade. In other marketplaces, like in North America or Russia, their purveyors mostly focus on selling their wares, and forum participants don’t band together to plan cyberattacks.

Hacktivism, DDoS attacks and website defacements are a staple in this region. Major primary product categories are, malware: 27%, fake documents 27%, Stolen data 20%, crimeware 13%, weapons 10%, and narcotics 3%.

Crimeware sold, includes a variety of cryptors, malware and hacking tools, like worm USD1-USD 12, keylogger free-USD19, known ransomware USD 30-USD 50, malware builder Free-USD 500, citadel (FUD) USD150, ninja RAT (FUD) USD100, and Havij 1.8 (Cracked) for Free

Hosting providers in the region make significant profit by selling regionalized hosting spaces, which allows for local language and time settings in addition to faster connection speeds. A single IP connection and 50 GB of hard disk space, for instance, are sold for USD 50. Smaller plans exist, and start as low as USD 3. To some extent, the price is at par with other underground marketplaces, such as that of China.

Similar to the Russian underground, cashout services also abound here. These are platforms from which physical items, usually stolen, are converted into cash. These services are paid in bankcards, Bitcoins (BTC) or via direct cash transactions.

A unique aspect of cashout services here is how they are used to bypass security mechanisms and legal requirements in the region, such as those in place for the purchase of cell phones, and disposable SIM cards. In the MENA underground, DDoS services can be purchased by hacktivists and threat actors to further their ideology.

Private and public organizations are often targeted – however the service is not as prevalent as is widely believed, and its rarity commands a steep price. The average is USD 45 per hour, with three-hour packages at USD 275, and involves tools such as Low Orbit Ion Cannon (LOIC) or Lizard Stresser.

Malware as a Service (MaaS) typically includes a purveyor, a malware developer selling a single binary or a combination of a binary and builder marketed as fully undetectable (FUD). Average prices are USD 20 for a binary, and USD 30–USD 110 for a binary with C&C infrastructure. A binary-builder package costs around USD 150–USD 400.

Stolen identities are sold in forums across the region. The Arabic forum hack-int in Egypt sells stolen identities for USD 18. The demand for personally identifiable documents is influenced by geopolitical tensions, their buyers wanting to flee active war zones, for instance, leveraging them to migrate to other countries as refugees. On the other hand, cybercriminals can also purchase fake documents to perpetrate insurance fraud or prove resident status. A daunting real-world implication is a dangerous person buying these fake documents, and slipping through to other countries as refugees.

Furthermore, Virtual Private Networks (VPNs) are a mainstay for cybercriminal activity and can be purchased due to the anonymity they provide. VPNs offered here are purportedly secure, don’t store logs, and have multiple hop points. Cybercriminals will typically use these servers as either part of a botnet, or a jump-off platform for further attacks.

For this research, Trend Micro delineated the MENA underground as marketplaces, websites, and forums hosted within the regions. Arabic is the prevalent language, although some sites are in Turkish, Farsi, English, and occasionally French. While criminals sell commodities to and from the Middle East and North Africa, they also operate globally.

MOST READ

AI Ethics by Dr. Jassim Haji

There global agreement among modern Artificial Intelligence professionals that Artificial Intelligence falls short of human capabilities in some critical sense, even though AI algorithms...

The American University of Bahrain (AUBH) welcomes class of 2024

The American University of Bahrain (AUBH), re-opened its campus in Riffa, following an orientation session for the incoming Class of 2024 students. AUBH Founding...

Bahrain marks World Patient Safety Day

Bahrain joins the world in marking the World Patient Safety Day observed on September 17. This year's theme is “Health Worker Safety: A Priority...

Ebrahim K. Kanoo Hosts First INJAZ Bahrain Virtual Job Shadow Event

The Ebrahim K. Kanoo company has hosted the first ever INJAZ Bahrain Virtual Job Shadow event in Bahrain showcasing the different aspects of the...

Gulf Air resumes direct flights to India

Gulf Air, the national carrier of the Kingdom of Bahrain, announces that it will resume its direct flights to and from the Republic of...

‘KHCB’ Honours Its Frontline Staff

In a benevolent gesture that reflects the Bank’s appreciation to the noble national efforts exerted in light of the challenging circumstances witnessed by Bahrain...

Renault Bahrain Hosts Special Fleet Delivery Ceremony

Y.K. Almoayyed & Sons, the sole distributor of Renault vehicles in the Kingdom of Bahrain hosted a special delivery ceremony in Bahrain to hand...

Health Minister receives Indian ambassador

Health Minister Faeqa bint Saeed Al Saleh, received Indian Ambassador to Bahrain Piyush Srivastava. The minister praised the historical relations between Bahrain and India in...

RHF Secretary-General visits flood-affected areas in Sudan

Royal Humanitarian Foundation (RHF)'s Secretary-General Dr. Mustafa Al-Sayed, visited some areas affected by the floods and torrents that swept Sudan. This came under the directives...

stc Bahrain joins stc Group as the diamond sponsor of Virtual Capacity Middle East

stc Bahrain, a world-class digital enabler, joins stc group Kuwait and KSA as a Diamond sponsor of the virtual Capacity Middle East Conference 2020,...

HM King’s humanitarian initiatives lauded by Sudan’s foreign minister

Sudan’s Acting Foreign Minister Omar Qamar Al Din Ismail has praised the support of His Majesty the King to Sudan in various circumstances and...

Southern Governor holds virtual Majlis

Southern Governor His Highness Shaikh Khalifa bin Ali bin Khalifa Al Khalifa met  through his virtual Majlis with a number of citizens from the...

“Virtual Bahrain 2020” conference, exhibition kicks off Tuesday

Under the patronage of Mohammed Ali Al Qaed, Chief Executive of the Information and eGovernment Authority, the "Virtual Bahrain 2020" conference and exhibition will...

Quick look at Nvidia’s new RTX 3080

Nvidia is promising big things with the GeForce RTX 3080 graphics card. “Twice the performance” of the RTX 2080 is perhaps the biggest claim...

HH Shaikh Nasser hails horse racing victories in UK, France

His Majesty King Hamad’s Representative for Humanitarian Work and Youth Affairs and Supreme Council for Youth and Sport (SCYS) Chairman, HH Shaikh Nasser bin...