May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Rising energy bills, inflation, skyrocketing interest rates; the world continues to suffer from a cost of living and economic crisis. While individuals are feeling the pinch at their supermarkets, with their mortgage rates, and at the petrol pumps, the impact of the global economic downturn and other major events are also being felt by the cybercriminal world. Check out some of our findings of these difficulties in the following blog.
As with anything in life, nothing is predictable. One minute you could be on top of the world, the next, metaphorically—or literally—sifting through the dumpster. Never get too comfortable on top and never get too disheartened on the bottom. We’re getting very close to Forest Gump territory here, but life is complicated, and you don’t know what is around the corner.
When researching the content for this blog, that’s very much the impression we took from several threads related to budding cybercriminals making their way into the world of cybercrime. We should however clarify that it was often hard to distinguish the specific nuances to cybercriminals financial problems; while there are major economic problems across the globe right now, much of the strife facing Russian aligned threat actors is likely to do with the ongoing Russia and Ukraine war. There were however a number of interesting insights we were able to establish.
In response to a thread on other forum user’s financial lives and histories, several users expressed that the early successes in their cybercriminal lives often felt the most significant. This included making their first 100 from illicit means (currency not stated, likely USD) and purchasing their first bottle of whiskey and cognac. The financial situation did, however, exist in “jumps” i.e. some schemes worked for a period of time, the threat actor was able to make consistent profits, then the method became redundant. At this point, the threat actor was forced to search for another method of achieving financial profits, which often took time and investment to identify new schemes.
With recent sanctions and additional scrutiny on activity originating from Russian entities, it’s likely that many of these cybercriminals have been forced to constantly refine and adapt their techniques; and therefore, having to climb out of that trough again. A good example of this is the use of GooglePay and other financial technologies becoming banned for use across Russia; this led to many scams becoming redundant almost overnight.
One user in the same thread also shared some unique insights related to the ongoing Russia-Ukraine war, which while bringing levels of violence that have been unseen in Europe for many decades, has also resulted in significant financial turmoil across the globe. The price of energy and global supply chains have in particular been impacted by the ongoing conflict in Eastern Europe.
Cybercriminals are also feeling the pinch during these troubling times. In the same thread mentioned above, a user replied that before the conflict they had earned “as much as they liked”, which had subsequently lost their “shadow” earnings; of course shadow earnings likely relate to the cybercriminal work, possibly conducted alongside a regular job. This lack of current earnings was reiterated by other users, who suggested nothing they had tried had worked, and they were “tired of living in poverty”.
For those lucky enough to find shadow work, the prices they could command had reportedly diminished. One user suggested that at one time—likely referencing before the conflict—a user could typically command 500 USD for providing an initial access to a targeted network. Within the context of the conversation, it appears the user was suggesting prices had significantly dropped since that time. We’ve written numerous times about the rise of initial access brokers (IAB) and how this type of threat actor has greatly assisted cybercrime, however it’s possible that the market has either become oversaturated with IABs, and prices lowered as a result.
We previously wrote about the raids conducted by Russia’s Federal Security Service (FSB) on several prominent members of the carding community. Six months later and it appears that the raids may have either kickstarted or coincided with a reduction in overall carding activity. We identified during recent deployments that the sentiment among some cybercriminals was that carding was a diminishing art form, which was becoming increasingly difficult to make regular returns. Some users had expressed concerns of the difficulties in receiving up to date information over carding activities on forums, while another suggested that they deliberately did not post carding related information, in order to prevent competitors from gaining an advantage.
A lack of genuine carding data was also a concern for those involved in this type of activity, which often saw duplicated or invalid cards being sold to prospective buyers; a lack of honor amongst thieves, who’d have guessed it? A prediction for the future of carding brought differing opinions; some users stated they had continued success but likely were lucky in their endeavors, while another user suggested that carding would not be profitable in a few years.
Its quite possible that many cybercriminals have simply moved on to more profitable endeavors, like moving onto supporting ransomware operations. While there is no proven route into the world of cybercrime, carding tends to be conducted by those on the lower end of the spectrum; i.e. done by script kiddies and criminals without great technical expertise. If carding is becoming more difficult to make a sustainable income, it may make it harder for budding cybercriminals to establish themselves in this space; it’s hard to get started in any new endeavor if you can’t make enough money to pay the bills.
Cybercriminals are a hardy and adaptable breed. While the current economic and geopolitical conditions may have had an impact in diminishing financial returns, it’s likely that the effects will only be a short term hinderance. Many types of cybercrime, including ransomware and account takeover, have thrived in the last year, and that will almost certainly continue as we enter the final quarter of 2022. If you’d like to discover further useful insights our team identify from closed sources, why not sign up for a demo of Search Light (now ReliaQuest GreyMatter Digital Risk Protection).