An expanding network of cybercrime marketplaces is making it easier than ever to become a professional fraudster, posing unprecedented cybersecurity threats worldwide, experts warn.
Cybercriminals are often portrayed in popular media as rogue and highly skilled individuals, wielding coding and hacking abilities from a dimly lit room. But such stereotypes are becoming outdated.
“Looking back to the 1990s and early 2000s, you needed to have a reasonable level of technical competence to pull off these types of crimes,” Nicholas Court, assistant director of Interpol’s Financial Crime and Anti-Corruption Centre, tells CNBC.
Today, the barriers to entry have come down “quite significantly,” Court said. For example, obtaining personal data, such as email addresses, and sending them spam messages en masse — one of the oldest online scams in the book — has never been easier.
Cybersecurity experts say the change is due to advances in scam technology and the growth of organized online markets where cybercrime expertise and resources are bought and sold.
A growing cybercrime economy
“The last decade or so has seen an evolution of rogue cybercriminals into organized groups and networks all of which are part of a thriving underground economy,” said Tony Burnside, vice president and head of Asia-Pacific at Netskope, a cloud security company.
Driving that trend has been the emergence of global underground markets that offer “cybercrime-as-a-service” or “CaaS,” through which vendors charge customers for different types of malicious tools and cybercrime services, he added.
Examples of CaaS include ransomware and hacking tools, botnets for rent, stolen data, and anything else that may aid cybercriminals in their illicit activities.
“The availability of these services certainly helps in enabling more cybercriminals, allowing them to scale up and sophisticate their crime while reducing the technical expertise required,” Burnside said.
CaaS is often hosted on markets in the “darknet” — a part of the internet that uses encryption technology to protect the anonymity of users.
Examples include Abacus Market, Torzon Market and Styx, though the top markets often change as authorities shut them down and new ones emerge.
Burnside adds that the criminal gangs operating CaaS services and markets have begun to operate like “legitimate organizations in their structure and processes.”
Meanwhile, vendors on these illicit exchanges tend to accept payments only in cryptocurrency in attempts to remain anonymous, obscure proceeds and evade detection.
Silk Road, an infamous dark web marketplace that was shut down by law enforcement in 2013, is recognized by many as one of the earliest large-scale applications of cryptocurrency.
Darknet emerges from shadows
Though the use of cryptocurrencies in the cybercrime market can help obscure the identities of participants, it can also make their activities more traceable on the blockchain, according to Chainalysis, a blockchain research firm that traces illicit crypto transactions.
According to Chainalysis data, while darknet markets remain a major factor in the global cybercrime ecosystem, more activity is moving to the public internet and secure messaging services like Telegram.
The largest of those marketplaces identified by Chainalysis is Huione Guarantee — a platform affiliated with Cambodian conglomerate Huione Group — which the firm says acts as a “one-stop shop for nearly every form of cybercrime.”
The Chinese-language platform operates as a peer-to-peer marketplace where vendors offer services Chainalysis says are linked to illicit activity like money laundering and crypto-based scams.
Vendors pay to advertise on the Huione website, often directing interested parties into private Telegram groups. If a sale is made, Huione appears to act as an escrow and dispute intermediary to “guarantee” the exchange.
Chainalysis data shows that vendors on Huione Guarantee have processed a staggering $70 billion in crypto transactions since 2021. Meanwhile, Elliptic, another blockchain analytics firm, estimates that Huione Group entities have received at least $89 billion in crypto assets, making it “the largest ever illicit online marketplace.“
The platform advertises and directs potential buyers to vendor groups on Telegram that offer everything from scam technology and money laundering to escort services and illicit goods.
Judging from the scale and volume of the transactions on Huione Guarantee, it is likely leveraged by numerous organized criminal groups, according to Andrew Fierman, head of national security intelligence at Chainlaysis.
However, he adds that the many services don’t cost much money, providing a low barrier to entry and access point into cybercrime for “anyone with internet connection.”
According to Chainalysis, individuals looking to facilitate “romance” or investment scams may be able to purchase the necessary tools and services on Huione for just a couple of hundred dollars. Costs can reach thousands of dollars, depending on the level of complexity they are looking to execute.
Investing or romance scams involve a fraudster building a relationship with a victim via social media or dating apps, intending to con them out of money through a sham investment opportunity.
A scammer attempting to pull off this type of scam might shop Huione Guarantee for a portfolio of potential victims’ data, such as phone numbers; old social media accounts that appear to be from real people; and AI-powered facial and voice manipulation software, which can be used by a scammer to digitally disguise themselves.
Other goods and services found on the site include fake investment and gambling platforms that scammers try to trick victims into depositing funds on.
In a disclaimer on its website, the platform says it does not participate in or understand its customers’ specific businesses and is responsible only for guaranteeing payments between buyers and sellers, according to a CNBC translation of the Chinese-language statement.
According to Fierman, Huione Guarantee’s activity appears to be concentrated in Cambodia and China, but there’s evidence that other platforms are emerging.
‘Child’s play’
As CaaS and cybercrime markets continue to grow, the technology that is offered and leveraged by criminal vendors has also advanced, allowing more sophisticated scams on scale — with less effort, experts say.
AI-generated deepfake videos and voice cloning are increasingly looking more real, with previously infeasible attacks now realistic thanks to generative AI advancements, according to Kim-Hock Leow, Asia CEO of cybersecurity company Wizlynx Group.
Last year, Hong Kong police reported that a finance worker at a multinational firm had been tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call.
“This would have been completely impossible to pull off just a few years ago, even for criminals with technical skills, and now it is a viable attack even for those without,” added NetSkope’s Burnside.
Meanwhile, cybersecurity experts told CNBC that AI tools can be used to enhance phishing and social engineering scams, helping to write more personalized and human-like messages.
“It has become child’s play to create really convincing fake emails, audio notes, images or videos designed to scam and trick victims,” said Burnside, noting that dark variants of legitimate generative AI tools continue to find their way into dark markets.
Prevention efforts
Because of the global and anonymous nature of CaaS vendors and cybercrime marketplaces, they are very difficult to police, cybersecurity experts told CNBC, noting that markets that are shut down often resurface under different names or are replaced.
For that reason, Interpol’s Nicholas Court says cybercrime isn’t the type of activity “you can arrest your way out of.”
“The volume of criminality is going up so fast that it is actually harder for law enforcement to catch the same proportion of cybercriminals,” he said, adding that this calls for a significant focus on prevention and public awareness campaigns to warn about the rapid sophistication of scams and AI tools.
“Almost everybody receives scam messages these days. While it used to be enough to tell people not to send money to someone that refuses to video call, that’s not enough anymore.”
On the enterprise level, Wizlynx Group’s Leow says that as cybercriminals become more tech- and AI-savvy, so must companies’ cybersecurity protocols.
For example, AI tools can be used to help automate security systems on the enterprise level, lowering the threshold for detection and accelerating response times, he added.
Meanwhile, new tools are emerging, such as “dark web monitoring,” which can track cybercrime markets and underground forums for leaked or stolen data, including credentials, financial data, and intellectual property.
It’s “never been easier” to commit cybercrime, so it’s crucial to prioritize cybersecurity by investing in technological solutions and enhancing employee awareness, Leow said.