Moawad: Hacktivism, DDoS remain top cyber threats in Mena
Hacking, malware tools more expensive in Mena: study
DUBAI, October 11, 2017
Prices for malware and hacking tools are generally a bit more expensive in Mena than in other regions, a report said, highlighting that a keylogger in the North American underground runs for $1-$4, but here it can be up to $19.
Hacktivism, DDoS (distributed denial-of-service) attacks and website defacements remain a staple in the Mena region, added the new report from Trend Micro, a global leader in cybersecurity solutions, released at the ongoing Gitex Technology Week in Dubai, UAE.
Major primary product categories are, malware: 27 per cent, fake documents 27 per cent, Stolen data 20 per cent, crimeware 13 per cent, weapons 10 per cent, and narcotics 3 per cent, said the whitepaper titled “Digital Souks: A Glimpse into the Middle Eastern and North African Underground,” an in-depth analysis of the cybercriminal activities within the region.
The Mena underground is where culture, ideology, and cybercrime meet, the report said.
Trend Micro has seen that regional marketplaces closely reflect the societies in which they operate. In this region, this facilitates itself in the “spirit of sharing” mindset, held by those that operate here, with a feeling of brotherhood and religious alliance that transcends the illicit transactions that occur, said Ihab Moawad, vice president, Trend Micro, Mediterranean, Middle East & Africa.
“Still a propagating market, the region is not at par in terms of scale and scope when compared to other regions, but the products and services available remain common and sophisticated.
“We now have a heightened awareness of the region, which then allows us to gather and analyze threat intelligence so that we can better help the region strengthen its cyber defences. Trend Micro will continue to monitor regional marketplaces so we can proactively empower our ecosystem, and offer greater clarity to law enforcement agencies, here in the region, and globally.
“Also, the prevalence of giving services and malware away for free is interesting. Other underground marketplaces provide support to members, but the extent and willingness in this region is unique,” added Moawad.
The ideology of hacking as a service is unique to Mena’s underground due to the ideology that drives its trade. In other marketplaces, like in North America or Russia, their purveyors mostly focus on selling their wares and forum participants don’t band together to plan cyberattacks.
Crimeware sold, includes a variety of cryptors, malware and hacking tools, like worm $1-$ 12, keylogger free-$19, known ransomware $30-$ 50, malware builder Free-$ 500, citadel (FUD) $150, ninja RAT (FUD) $100, and Havij 1.8 (Cracked) for Free.
Hosting providers in the region make significant profit by selling regionalized hosting spaces, which allows for local language and time settings in addition to faster connection speeds. A single IP connection and 50GB of hard disk space, for instance, are sold for $50. Smaller plans exist, and start as low as $3. To some extent, the price is at par with other underground marketplaces, such as that of China.
Similar to the Russian underground, cashout services also abound here. These are platforms from which physical items, usually stolen, are converted into cash. These services are paid in bankcards, Bitcoins (BTC) or via direct cash transactions.
A unique aspect of cashout services here is how they are used to bypass security mechanisms and legal requirements in the region, such as those in place for the purchase of cell phones, and disposable SIM cards. In the Mena underground, DDoS services can be purchased by hacktivists and threat actors to further their ideology.
Private and public organizations are often targeted - however the service is not as prevalent as is widely believed, and its rarity commands a steep price. The average is $45 per hour, with three-hour packages at $275, and involves tools such as Low Orbit Ion Cannon (LOIC) or Lizard Stresser.
Malware as a Service (MaaS) typically includes a purveyor, a malware developer selling a single binary or a combination of a binary and builder marketed as fully undetectable (FUD). Average prices are $20 for a binary, and $30–$110 for a binary with C&C infrastructure. A binary-builder package costs around $150–$400.
Stolen identities are sold in forums across the region. The Arabic forum hack-int in Egypt sells stolen identities for $18. The demand for personally identifiable documents is influenced by geopolitical tensions, their buyers wanting to flee active war zones, for instance, leveraging them to migrate to other countries as refugees. On the other hand, cybercriminals can also purchase fake documents to perpetrate insurance fraud or prove resident status. A daunting real-world implication is a dangerous person buying these fake documents, and slipping through to other countries as refugees.
Furthermore, Virtual Private Networks (VPNs) are a mainstay for cybercriminal activity and can be purchased due to the anonymity they provide. VPNs offered here are purportedly secure, don’t store logs, and have multiple hop points. Cybercriminals will typically use these servers as either part of a botnet, or a jump-off platform for further attacks.
For this research, Trend Micro delineated the Mena underground as marketplaces, websites, and forums hosted within the regions. Arabic is the prevalent language, although some sites are in Turkish, Farsi, English, and occasionally French. While criminals sell commodities to and from the Middle East and North Africa, they also operate globally. – TradeArabia News Service