WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
It is often said that old dogs have a hard time learning new tricks, yet researchers have claimed that because adult dogs can focus longer, they adapt to a changing environment faster and can more easily learn new skills. While it may be tempting to discount the “old dog” English-language cybercriminal forum Nulled in terms of innovation, this site has recently displayed a whole range of new “tricks.” Since the beginning of the year, Nulled has recruited new staff, created–and then pulled–a forum app, organized a Counter-Strike: Global Offensive (CS:GO) tournament, and launched its own streaming service. Let’s take a look at these innovations and what they tell us about the evolution of Nulled.
Nulled first appeared in January 2015, so named because, at that time, cybercriminals referred to cracked scripts and forum engine add-ons as “nulled” rather than “cracked.” Nulled has since expanded to cover a wide variety of topics, including databases, credentials, gaming, movies, pentesting, social engineering, and cryptocurrencies. Nulled has never attracted the same hype within the cybercriminal community as more prominent English-language platforms such as RaidForums. Keeping a low profile may have been an intentional strategy on the part of the Nulled administration team to avoid potentially damaging attention: In the past, Nulled has distanced itself from cybercrime reported in the media. In December 2019, for example, reports alleged that Nulled members had hacked RingCam devices, taped themselves harassing the device owners, and included the recordings in a podcast called NulledCast. Nulled’s administrator was quick to dismiss any affiliation with NulledCast and ban the involved users.
Nulled’s slow and steady, drama-free approach has resulted in a gradual increase in membership. Nulled had attracted 1 million members by 11 Aug 2017, reaching almost 2.9 million members in July 2020. Nulled’s traffic rank over the past 90 days shows that Nulled has experienced a significant increase in user traffic since the beginning of the COVID-19 (aka coronavirus) pandemic. Digital Shadows (now ReliaQuest) has observed other cybercriminal forums with similar coronavirus-related growth spurts. These huge increases may have been driven by those feeling the pinch turning to cybercrime as world economies suffer or individuals exploring the criminal underground during their lockdown-induced increased time at home. Nulled’s slew of new updates may have been the administration team’s attempt to capitalize on the site’s current COVID-19-related traction.
In its early days, Nulled hired new forum staff when existing staff retired or decided to leave the forum. Usually, only one new staff member would be hired at any one time. On 16 Feb 2017, for instance, Nulled moderator “Oxide” announced that several staff members had decided to leave the forum due to “personal reasons,” leaving them as the only forum moderator. Oxide advertised for one new Trial Moderator to “help maintain peace on the forum.”
However, in Nulled’s most recent job vacancy announcement on 19 Apr 2020, forum administrator “Bleach” called for two new Trials Moderators to help the forum cope with the rapid growth experienced during COVID-19. Almost two months later, when the names of the new staff members were announced, it was revealed that the site had hired three new moderators rather than two, indicating the forum’s commitment to Bleach’s assertion that the new staff members would help the site “grow even more.”
On 20 Mar 2020, Bleach announced that a trusted forum member would host an official Nulled CS:GO tournament, where 80 forum members with VIP accounts would be able to participate. This ostensibly run-of-the-mill gaming tournament held a more profound significance, though: This was the forum’s first gaming competition and the first time a trusted member–rather than forum staff–had organized a contest.
On 03 Jun 2020, a respected forum member announced the launch of a free, non-profit, self-developed streaming service called “NulledFlix”. This is the first time Digital Shadows (now ReliaQuest) has recorded an exclusive streaming service created by and for forum members in the English-language cybercriminal scene. According to NulledFlix’s creator, the service would stream movies and TV shows and offer a live-chat function so users could converse during the live streams. They added that while initially, only Nulled staff would organize streams, other trusted members would be able to create live-streams in the near future.
The CS:GO tournament and NulledFlix streaming service may represent additional strategies for maintaining the forum’s growth. Allowing non-staff members to organize social activities and services for the rest of the forum likely creates a more engaging, interactive platform that will, in turn, attract more users. Organizing fun activities that do not require advanced hacking skills may indicate Nulled’s awareness that many of its new members, especially those who joined during the pandemic, are likely to be young individuals with low-level skills. These users may be more likely to participate in forums that actively provide a platform for such “easy-going” activities.
In late March 2020, one Nulled user announced that, with the blessing of both Nulled’s administrator and owner, they were developing an app for the forum. The user opined that “Nulled has always been lacking something for the mobile users. The mobile UI was hard to use as it was designed with desktop in mind. Nulled Mobile App is the solution to this.”
Their most recent updates on the app project indicated that the developer had created the app’s user interface. These posts also discussed the possibility of adding an in-built VPN for increased security. However, the app adventure abruptly ended when the developer suddenly got banned from the forum for unknown reasons, and the project was abandoned entirely. Before this, other forum members had expressed doubts about the app, saying that Nulled could easily be accessed on mobile devices using a shortened URL link.
Despite the ultimate failure to launch an app for Nulled, the project suggests the Nulled administration team’s willingness to consider expanding the forum’s reach into other platforms and make the forum as accessible and easy to use as possible.
The English-language cybercriminal landscape has proven to be difficult for forums to conquer, as discussed in our recent blog on the demise of Torigon forum. In that blog, we established three critical factors for forum survival:
Nulled’s historical changes and updates, as well as its recent “new tricks,” have meant that the site had met each of these requirements, ensuring its continued stability and relative longevity in the English-language scene.
Nulled’s administration team stated that Nulled “never was created for us or anyone else to make money, as it was and will always be for fun, and for people to share both knowledge and science.” This has been evident in the activities that have been organized on the forum over the years. In the beginning, when Nulled users focused more on straightforward “cracking” content, the site organized more skills-based competitions and awards, such as a SQLi challenge. In recent months and years, though, the site has offered “easier” challenges, such as Member of the Month awards, FIFA 2018 World Cup betting games, and the recent CS:GO tournament. This change suggests that Nulled has managed to read the audience it attracts and adapts its services and activities accordingly to differentiate itself from its competition.
Nulled’s administration team has consistently ensured that they have enough staff at any given time, and only sought trusted members to fill the vacant roles and help with the daily forum processes.
This dedicated team likely helps Nulled’s staff quickly regulate malicious behavior on the forum. Twice during 2018, for instance, a forum administrator explicitly warned forum users against potential impersonators and an increase in triangulation scams on the forum, detailing how users could recognize and avoid such behavior. The administration team has also introduced numerous updates to improve user experience and increase user security, such as new features, new VIP upgrade options, and statistics on top-ranked users.
Nulled’s staff acknowledged the danger of being targeted by threat actors early on: They stated, “as we are a community that’s obviously not loved by everyone”, Nulled might be targeted with “daily DDoS attacks which require us to have substantial power to resist.”
Although Nulled has not publicly announced protection measures other than those commonly used by many cybercriminal forums, Nulled’s existence has mostly been stable. Apart from the occasional, short-lived downtimes that most forums suffer from, it does not appear to have been offline for a significant amount of time or suffered from any larger, targeted attacks. Nulled’s low-profile strategy may have helped with this and mostly kept it away from the prying eyes of potential competitors and other threat actors.
Nulled’s innovations have continued into July. At the beginning of the month, Nulled suddenly removed its Cracking section, implemented stricter rules for what users can share in its Combo-list section, and added a “reworked” Pentesting section. The reasoning behind these changes has not been publicly disclosed on the site. It might be a reaction to comments about Nulled being advertised as a place to “get free accounts.” There is also unconfirmed gossip circulating that Nulled’s owner recently sold the forum to an unnamed Chinese threat actor; these latest changes may represent the first steps in the new regime. At this rate, we will continue to witness Nulled’s speedy evolution into the second half of 2020, with at least as many changes on the forum as in the first half.