Researchers from Proofpoint, a cybersecurity firm, have unearthed insights behind BlackTDS—a new malware distribution channel in the dark web.
BlackTDS is offering Traffic Distribution System-as-a-service to deploy and distribute malware on clients’ behalf at affordable rates.
Traffic Distribution Systems (TDSs) usually make it possible for cybercriminals to choose their targets based on their geographic locations, software preferences and language settings. They then distribute malware and use it to steal private information or even ask for ransom payments in return for the decrypted data.
A sector of the growing cybercrime-as-a-service market, TDSs possess traffic filtering and direction functions that enable cybercriminals identify their victims and distribute malware.
As stated in their report, Proofpoint researchers have been keeping tabs on BlackTDS since December 2017 when its adverts first surfaced on the dark web markets. According to the advertisements, BlackTDS offers very affordable rates for its services, with charges ranging from $6 per day, $45 per 10 days to $90 per month.
How BlackTDS Works
The clients provide their own web traffic, malware and/or exploit kits and then the service runs all the processes involved with malware distribution over the period paid for. To distribute the malware, the program uses either social engineering attack techniques or web traffic redirection to exploit kits. The service guarantees to protect its users from detection by researchers and/or sandboxes.
The Proofpoint researchers identified an instance in which BlackTDS was used to launch a pharmaceutical spam campaign in February on behalf of a known threat actor referred to as TA505, which has been linked to the spread of major malware campaigns including Jaff ransomware, the Dridex banking Trojan and Locky ransomware.
In this case, the researchers spotted PDF attachments that contained links tied to a chain in BlackTDS. The links redirected users to a site claiming to sell discounted pharmaceuticals.
Social Engineering Techniques in Malware Distribution
Social engineering simplifies the malware distribution process, as it exploits weaknesses that users of a particular site may have and easily directs the targets to the malware involved. It focuses on certain human behaviors and manipulates the victims into performing actions that help deploy the malware.
An example of its application is when a site tells the user to update their virus protection system and, in the process, the user ends up inadvertently downloading malware. Another commonly used social engineering technique is fake software updates that direct targets to the malware.
Users can protect themselves against social engineering attack techniques by avoiding ads and clickbait no matter how appealing they are. Use of multilayered gateway and endpoint security contributes immensely to preventing these types of attacks.
Exploit Kits in Malware Distribution
The use of exploit kits to distribute malware has been on the decline in the recent past, but its integration with social engineering in BlackTDS may make their use rise.
Exploit kits, usually automated, are commonly used to divert traffic from compromised sites. For exploit kits to work, there must be a landing page where the web traffic is redirected and scanned for vulnerabilities. If found, a malware program is then run.
After successful exploitation of the vulnerability, the exploit kit sends a payload to infect the host device. The payload can be in many forms including ransomware, malware or any other form of attack.
Implications of BlackTDS
The service will enable cybercriminals who lack the proper infrastructure—such as servers to handle web traffic—to carry out large-scale cyberattacks as the service will handle the traffic and malware distribution on their behalf.
The ability of BlackTDS to incorporate both social engineering and exploit kits in malware distribution makes it a great threat to cybersecurity as it makes it possible for cybercriminals to identify and interact with users while exploiting their vulnerabilities. As such, this service makes it possible for criminals with little to no hacking experience to propagate cyberattacks.
BlackTDS operates from the dark web, meaning the identities of the cybercriminals will stay hidden.
Ultimately, the service generally makes malware distribution easier and, at the same time, more difficult to detect and prevent.
These kinds of developments in the cybercrime world leave internet users in a helpless position—in fear of being victims of cyberattacks while still hoping for the best.
Every internet user can only be advised to be very careful while online and avoid clicking on any suspicious popups and ads no matter how compelling they may be.
Latest posts by C.M. (see all)
- Jailed Silk Road Admin Seeks the Help of BCH Investor & Promoter - January 16, 2019
- NY Doctor Charged for Importing Heroin & Cocaine from the Dark Web - January 10, 2019
- Iowa Man Sentenced to 10 Years for Darknet Drug Purchases - January 9, 2019