Coordinated takedowns like this are great to see as the biggest cyber risks companies are facing at the moment are ransomware and data theft. It\’s forums like this where attackers plan the initial phases of their attacks by buying stolen or even leaked credentials and using them to launch bigger, more severe attacks. The takedown of this market will disrupt some criminal activity, but the effects may be short-lived as others will inevitably take their place. Organisations must not get complacent and need to properly map and monitor all digital assets, making sure the company\’s attack surface can be reduced, before company data ends up on forums like this one and is exploited.
The takedown of RaidForums is a massive shakeup for the cybercriminal underground. However, there are other forums emerging in the underground to fill this new void. With RaidForums now offline and the recent takedown of Hydra by the German authorities, we should expect cybercriminals to become much more cautious about where they are sharing information and having conversations.
We could see cybercriminals move to peer-to-peer communications or utilize private chats on encrypted messaging platforms. Long-term, this could potentially hinder the ability to monitor cybercriminal activity by law enforcement and security researchers.
Most cybercriminals are money motivated and strive to profit from selling malicious code and/or services. With the heightened attention on these forums by law enforcement, we could see cybercriminals move to peer-to-peer communications or utilize private chats on encrypted messaging platforms more aggressively. Although moving to these communication platforms is safer for cybercriminals, it is significantly less lucrative than having conversations and advertising on essentially open forums.
Hackers could spin up a forum replacement to RaidForums rather quickly. It would most likely be hosted in a geography that is more difficult for international law enforcement to take action in. There are plenty of countries with non-extradition treaties that don’t care about hacker activity – as long as the hackers don’t attack companies on their own soil.
There was some inclination that this was coming. Since late February, there was chatter on Telegram about a seizure and the forum went down briefly at the end of February. Though the crackdowns on forums like this are beneficial to the community at large — increasing the barrier to entry and the cost of doing business is important for security — cybercriminals will likely react the way they always do: by finding a new home. The Breached Forum began touting itself as the successor to Raid forums weeks ago, and we will likely see many of the users move on to Breached and others. Law enforcement collaboration with cybersecurity practitioners and service providers, like we\’ve seen with various exploit kits, botnets, and hacking groups, continues to be a powerful tool for shutting down large swaths of criminal activity all at once.
Coordinated takedowns like this are great to see as the biggest cyber risks companies are facing at the moment are ransomware and data theft. It\’s forums like this where attackers plan the initial phases of their attacks by buying stolen or even leaked credentials and using them to launch bigger, more severe attacks. The takedown of this market will disrupt some criminal activity, but the effects may be short-lived as others will inevitably take their place. Organisations must not get complacent and need to properly map and monitor all digital assets, making sure the company\’s attack surface can be reduced, before company data ends up on forums like this one and is exploited.
The takedown of RaidForums is a massive shakeup for the cybercriminal underground. However, there are other forums emerging in the underground to fill this new void. With RaidForums now offline and the recent takedown of Hydra by the German authorities, we should expect cybercriminals to become much more cautious about where they are sharing information and having conversations.
We could see cybercriminals move to peer-to-peer communications or utilize private chats on encrypted messaging platforms. Long-term, this could potentially hinder the ability to monitor cybercriminal activity by law enforcement and security researchers.
Most cybercriminals are money motivated and strive to profit from selling malicious code and/or services. With the heightened attention on these forums by law enforcement, we could see cybercriminals move to peer-to-peer communications or utilize private chats on encrypted messaging platforms more aggressively. Although moving to these communication platforms is safer for cybercriminals, it is significantly less lucrative than having conversations and advertising on essentially open forums.
Hackers could spin up a forum replacement to RaidForums rather quickly. It would most likely be hosted in a geography that is more difficult for international law enforcement to take action in. There are plenty of countries with non-extradition treaties that don’t care about hacker activity – as long as the hackers don’t attack companies on their own soil.
There was some inclination that this was coming. Since late February, there was chatter on Telegram about a seizure and the forum went down briefly at the end of February. Though the crackdowns on forums like this are beneficial to the community at large — increasing the barrier to entry and the cost of doing business is important for security — cybercriminals will likely react the way they always do: by finding a new home. The Breached Forum began touting itself as the successor to Raid forums weeks ago, and we will likely see many of the users move on to Breached and others. Law enforcement collaboration with cybersecurity practitioners and service providers, like we\’ve seen with various exploit kits, botnets, and hacking groups, continues to be a powerful tool for shutting down large swaths of criminal activity all at once.