Everything must go: Cybercriminal forums offer discounts during pandemic

Written by

Countless legitimate businesses are offering discounts or altering their services to turn a profit during the coronavirus pandemic. Cybercriminal forums are no different.

More than 500 posts on forums tracked by cybersecurity company Group-IB have advertised promotional codes and discounts during the pandemic on distributed denial of service (DDoS) attack tools, spamming, and other services.

It’s an example of how the economy for cybercriminal services — worth, according to one estimate, $1.6 billion annually — is adapting to a health crisis that has changed spending habits around the world.

“Due to the current situation in the world, we provide a 20% discount on all our services with a promotional code: COVID-2019 until the end of April,” read one criminal forum posting found by Group-IB, which was originally in Russian. Another post offered customer service around the clock. “The prices are very favorable during the coronavirus epidemic.”

The Group-IB data fits a larger picture. Multiple threat intelligence companies told CyberScoop they were seeing underground forums slash prices or offer free trials to attract customers. That includes a notorious provider of “bulletproof” web-hosting services, which make it easier to distribute spam. The Russian-speaking seller is touting a free week of services, according to Vitali Kremez, who heads research outfit SentinelLabs.

A screenshot of an underground ad for a spamming tool offered for a “special price during COVID-19 situation”

It is not just hacking tools that are on sale. The fruits of those tools’ use, such as stolen credit card data, are also marked down.

“Wary of slowing cybercriminal demand for such data, most of the major dark web vendors began offering steep discounts in the last week of February and the beginning of March,” said Andrei Barysevich, CEO of dark-web intelligence firm Gemini Advisory. “Some discounts reached as high as 30 to 40%.”

Like other types of hackers, cybercriminals have altered their tactics to exploit fears around COVID-19. There hasn’t been a noticeable increase in overall cybercrime, just a jump in pandemic-themed phishing and scamming, according to U.S. and U.K. authorities.

The extent to which law enforcement officials crack down on this shift remains to be seen. U.S. Attorney General William Barr has vowed to make it a priority, and the Department of Justice recently shut down a website peddling COVID-19-related fraud. But prosecutors will struggle to catch every single scammer, making where they spend resources an important decision.

“I don’t think most people realize how much cybercriminal services have become professionalized,” said Allan Liska, a ransomware expert at threat intelligence company Recorded Future. “While they are focused on criminal activity, this is still a nine-to-five-type job for many of these people.”

“Just like other professions, they are having to adapt to fewer potential customers,” Liska added. “But unlike other professions, most of us would be happy to see them go out of business because of COVID-19.”