WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
The terms cybercriminal and hacker often conjure up images of hooded caricatures à la Mr. Robot’s Elliot Alderson: Elite programmers hastily clacking away to the beat of synthwave at computer terminals behind Matrix- or Outrun-inspired aesthetics. An eternal quest for the elusive:
Sure, these types of figures exist (to an extent—where else would Sam Esmail get his inspiration from?), but in many cases the cybercriminal underground is a lot more familiar than you might be led to believe. Many platforms and products deliberately seek to mirror the user experiences of what the everyday user is used to: It isn’t all proprietary tools and complex terminal commands. There’s an argument to be made that this notion of familiarity can normalize criminal behavior and lower the barrier of entry to the cybercriminal world. And for those already established, forum administrators and malware developers can make sure to retain existing users by offering a well-designed and comfortable user experience while attracting new members along the way.
For decades, Internet forums have existed as centralized platforms where like-minded netizens can gather to discuss any topic under the sun. From Soviet-era car collections to Dungeons & Dragons, there’s a forum for everyone. While many of these topics are innocuous, it should come as no surprise that thousands of forums across the open, deep, and dark web are specifically dedicated to more sinister tradecrafts: Hacking, social engineering, fraud, carding, drugs, you name it.
Basic forum layouts haven’t really changed all too much since they first came to existence. Some dark web forums, like the self proclaimed “Cyber Security Forum” Torum look like they’ve jumped straight out of the early 2000s.
Marketplace Discussions section of Torum
This isn’t a coincidence. Many forums on the clear and dark web alike are built on the same open-source software. phpBB and vBulletin, both of which were actually first launched in 2000 spring to mind as two of the more popular ones (note the similarities between Torum (above) and Ars Technica (below)). These technologies offer familiarity, ease of use, and even security: Because they’ve been around for so long, they’ve been stress tested, are typically cheaper, and are easier options than building something brand new. Plus, with new technology comes new vulnerabilities. Tools that have been around for years have had time for many of their vulnerabilities to be identified and fixed.
Battlefront section of the (legitimate) Ars Technica forum
As described in our blog on Nightmare Market’s current state of disarray, user experience (UX) and site performance are key factors in keeping customers happy, establishing loyalty, and maintaining demand. Why fix what isn’t broken?
Even more unconventional forums like Reddit are being emulated by dark web sites in terms of layout, style, and interactions, the main one being Dread. The two even use very similar naming conventions like /d/ (Dread) and /r/ (Reddit) to denote different subforums. These similarities are completely deliberate: If they’re already familiar with Reddit, people who stumble across Dread won’t have to re-learn how the forum works, letting them jump right into it with little to no learning curve.
Layout of Dread (top) vs. Reddit (Bottom)
Although, instead of discussing movies, pets, and memes, Dread users are typically seen sharing their favorite dark web markets and complaining that their drug shipments have yet to arrive.
For more on this topic, we discussed the eternal appeal of forums in depth in our recently published three-part blog series Forums are Forever.
In addition to looking similar to their clear web equivalents, many dark web and cybercriminal sites also feature mirrored functionalities. For example, sites like WeLeakData, a criminal forum that specializes in the trade of leaked databases, uses the third-party e-commerce platform Shoppy for membership upgrades. On WeLeakData’s Shoppy site, forum users can choose to buy a variety of membership upgrades that give access to exclusive sections of the forum.
WeLeakData membership upgrades for sale on Shoppy
In addition to providing an easy-to-use platform for existing users, this can also be a way for forums to attract new members and capitalize on established userbases. While not inherently criminal, Shoppy is often used in the video game community to buy and sell accounts, items, and hacks. With a significant overlap in the video game/hacking communities, users (especially novices) on cybercriminal platforms would likely be more inclined to use a checkout feature that they are already familiar with.
These parallels of familiarity aren’t just limited to websites either: Mirrors of legitimate business practices are frequently seen in cybercriminal offerings. For example malware can feature almost identical life cycles to legitimate software. This is particularly important for malware-as-a-service (MaaS) offerings. Beta phases, subscription models, 24/7 live tech support, and an attractive, easy-to-use graphical user interface (GUI) have become the norm in the real world, and are now all ingredients that can make all the difference in determining the success of cybercriminal offerings.
Like we discussed in our blog that covered Black Friday deals on the dark web, cybercriminals have adopted many of the same sales tactics that we’re used to seeing in our everyday lives. Much like on popular e-commerce websites like Amazon, cybercriminals offer Black Friday deals of their own during the shopping season to capitalize on hype and attract buyers, old and new.
BriansClub admin offering Black Friday deals on Telegram
In the professional world, we use out of office notices on our work emails to inform colleagues when we go on vacation. But this notion of common courtesy is also used by vendors on cybercriminal forums and marketplaces, and it isn’t even limited to the English-language landscape either. “Out of office” notices have been seen posted by Russian-language threat actors on popular criminal forums like Exploit.
Out of office notices on Exploit (Translated from Russian: [Top] “on holiday until 11.09.19, don’t go away” [Bottom] “i’ve returned from my holiday. fresh updates on all fronts. get in touch!”
For many, cybercrime is a full time profession after all; even criminals need to take vacation sometimes.
If there’s anything to take away from this blog is that however daunting and foreign the cybercriminal underground may seem, the people behind the keyboard are only human and they’ll act in familiar ways.
While this can mostly be chalked up to human nature, there’s also a sense of deliberateness in the way that the cybercriminal landscape functions. It’s in most cybercriminals’ best interest for platforms like forums and marketplaces to be set up with user friendliness and ease of access in mind. Except for the most exclusive of platforms, how else are administrators and vendors going to build a dedicated following?
Likewise, it should also come as no surprise that many MaaS developers have crafted their products to be attractive to as wide a user base as possible. More happy users equals more revenue. But this also points towards a more unfortunate side of the mirrors of the real world in the cybercriminal underground. By building products and creating platforms that can be used by the most novice of users, cybercriminals are contributing to a lowered barrier of entry into cybercrime.
Want to gain visibility into criminal and fraudulent activity impacting your brand on the deep and dark web? Check out how our SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) platform can help with dark web monitoring.