WEBINAR | From Deal to Defense: Unifying Cybersecurity Post-M&A
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 15, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
In the world of “what could have been,” the cybercriminal marketplace market[.]ms would be a leader in the cybercriminal underground. Market[.]ms offered threat actors streamlined, automated trading of a range of illicit goods, including malware, stolen accounts, and fraudulent documents. Instead, on December 3, 2019, the news that market[.]ms had closed due to a lack of profit rocked the cybercriminal community. One former user bemoaned its departure, saying, “What a shame, the service was decent and the best of its kind.”
In June 2018, Digital Shadows blogged about the appearance of market[.]ms. Back then, several factors suggested that the site was destined for success:
The closure announcement was largely unexpected. Market[.]ms lowered commissions for using the site’s escrow service, depositing money, and withdrawing funds in July 2019 (which could indicate a platform struggling financially). In September 2019, market[.]ms introduced a Tor domain (adding to the burden of resources to be paid for and maintained but in no way suggesting an imminent closure).
While it may be challenging to assess what went wrong for market[.]ms conclusively, this blog examines some potential reasons behind its demise, as well as looking at the extraordinary professionalism market[.]ms displayed throughout its journey.
Market[.]ms homepage at the time of its official launch
Current and former members of the forum team at Exploit, arguably the most high-profile Russian-language cybercriminal forum, established market[.]ms in a pre-alpha working stage in January 2015. Its founders included Exploit’s former administrator, who now runs the increasingly prestigious cybercriminal forum XSS (the market[.]ms URL now redirects to the XSS homepage). Several stages of development followed:
The site opened officially in February 2018, accompanied by advertisements on prominent cybercriminal platforms.
Market[.]ms advertisement on Exploit
The website described itself as an “automated safe trading platform” and promoted its high security levels, simple interface, and escrow-guaranteed trading to distinguish itself from competitors.
A May 2018 mass broadcast Jabber message on the exploit[.]im server described market[.]ms as “a marketplace for a new generation” and highlighted its unusual model that offered three different transaction types:
Market[.]ms messaging about transaction types at the time of its official launch
Much of market[.]ms’s advertising material focused on its security features:
On December 3, 2019, the user who had promoted market[.]ms on Exploit posted in their long-standing Exploit thread dedicated to market[.]ms to announce that the site had closed. Their post stated that the reason for the closure was “a lack of financial profits.” They explained that the site had experienced “years of losses,” never once making a profit, and had existed only on “personal donations.”
Announcement of market[.]ms closure
One noteworthy aspect of this announcement was the professional manner in which market[.]ms’s administrators intended to close the site down. The Exploit post detailed several steps that would be taken to ensure the marketplace would shut down with as little harm or inconvenience to its users as possible:
The professional way in which market[.]ms exited the scene echoed its beginnings, with the site existing in a development stage for years before being released publicly.
Market[.]ms goods listing
The signals regarding market[.]ms’s condition were mixed; this case emphasizes the fickle nature of cybercriminal platforms and the difficulty in predicting the development of the scene.
On the one hand, market[.]ms had an excellent pedigree and showed no signs of an imminent exit.
On the other hand, subtle signals have been discernible for some time.
While it may be impossible to read the tea-leaves of the cybercriminal scene accurately enough to foresee such high-profile disappearances, market[.]ms’s closure highlights the continued unpredictability of the cybercriminal scene. It is yet another example of a failed marketplace (marketplaces have failed to establish themselves since the disappearance of DreamMarket and Wall St earlier this year). It emphasizes the unchanging nature of the Russian-language cybercriminal scene, in which a site with the best possible credentials cannot take a share of the market.