I hinted at this piece earlier this week, in a rant about the relatively few evil code wizards who are really good at making malware look harmless to security software, and why it makes sense to look at them more closely.
Why Malware Crypting Services Deserve More Scrutiny
If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.
@briankrebs Really interesting read Brian. Opsec is only as good as it’s weakest link and it seems like you found several potential slip-ups. Makes me wonder whether LE will (or already do) view the site as a potential honeypot target. Did you notice any indications of a dead-man canary/switch that would tip off customers or co-conspirators?
@dave_cochran@hacks4pancakes Well, the funny thing about cybercriminals who've been criming for more than a decade is because of the immutable dynamic that everything eventually gets hacked, it's rare that I find a cybercriminal who's been active for more than 10 years who can't be unmasked with a little can-do attitude and a lot of time.
@dave_cochran@hacks4pancakes the people working for ransomware crews are most likely going to be working in closed environments, where only work stuff is allowed on work computers, and you don't take it home with you at the end of the day. So, for those folks I would say the likelihood of success compromising them would be far less than most cybercriminals.
But the range of experience runs the gamut. There are tons of novice cybercriminals who inadvertently infect their own machines w/ data stealing malware, and have their own information uploaded to the criminal cloud (and subsequently seized by the FBI).
Add comment