CheckPoint Research (CPR) is a security firm famous for revealing how the WhatsApp end-to-end encryption can be intercepted and altered in a relatively simple manner.
That same research firm also recently shared how a Nigerian cybercriminal made hundreds of thousands of dollars using common cybercrime tactics.
“Dton” -the cybercriminal- has been active for 7 years and lives in Benin City in Nigeria. Online he poses as Bill Henry and uses phishing, malware attacks and credit card schemes.
Stolen Credit card schemes
Dton started out buying credit cards details on a dark-web marketplace that specialises in stolen card payment details. He bought the card details for $4-$16 a card and CPR alleges he bought around 1 000 cards at a total cost of US$13 000. Using this method he is estimated to have spent around US$100 000.
Though he made a significant amount from this, CPR say “Dton” got tired of the credit card scheme because he had to spend money upfront and the margins weren’t as high as he wanted.
Multi-level malware marketing
Dton is said to have started buying ” buying up the tools of the trade to help him craft malware to spam out to his list of targets. What are these tools? Off-the-shelf packers and crypters, infostealer and keylogger components, along with exploits.
These were used to build custom-malware which he intended to insert in documents he would distribute in large email lists.
CPR reports that this method delivered a lot of user credentials that the cybercriminal could exploit for more money but they didn’t disclose just how much he and his superiors who were part of the scheme made using this method.
From here Dton decided to build his own-malware so that he could rid himself of superiors and work for himself.
How does all this come to light?
In building malware to work for himself, Dton is said to have hired two associates – a coder to build the malware and then down the line dealt with another individual behind a specialised malware program. Dton and this individual fell out overpricing and ultimately Dton reported this other party to Interpol.
Guarding against cybercriminals
Dton’s journey into cybercrime shows how even a relatively unskilled, and undisciplined individual can profit handsomely from fraud and malicious online activity. This is simply because, like many other criminal activities, cyber-crime is a numbers game. It doesn’t matter if 499 people don’t open a malware-spiked email: the 500th person will. And when you can target hundreds of thousands of people at a time, you only need to infect a handful to get hold of your ill-gotten gain.CPR
CheckPoint recommended that those looking to guard against cyberattacks like the ones described above should follow the following best practices;
- When shopping online, ensure you are ordering goods from an authentic source. Don’t click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page to avoid having your personal and payment details skimmed.
- Beware of ‘special’ offers. An 80% discount on a new iPhone or “an exclusive cure for Coronavirus for $150” is usually not a reliable or trustworthy opportunity.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
- Protect your organization with a holistic, end to end cyber architecture, to prevent zero-day attacks