Trend Micro Incorporated today at GITEX 2017,released its comprehensive whitepaper, “Digital Souks: A Glimpse into the Middle Eastern and North African Underground,” detailing criminal activities within the underground of this region. Prices for malware and hacking tools are generally a bit more expensive than in other regions. For example, a keylogger in the North American underground runs for USD 1-USD 4, but here it can be up to USD 19. However, the willingness for members to share content for a mutual cause helps balance out the price differences.
The Middle Eastern and North African underground is where culture, ideology, and cybercrime meet. Trend Micro has seen that regional marketplaces closely reflect the societies in which they operate. In this region, this facilitates itself in the “spirit of sharing” mindset, held by those that operate here, with a feeling of brotherhood and religious alliance that transcends the illicit transactions that occur.
“Still a propagating market, the region is not at par in terms of scale and scope when compared to other regions, but the products and services available remain common and sophisticated,” said Ihab Moawad, Vice President, Trend Micro, Mediterranean, Middle East & Africa. “We now have a heightened awareness of the region, which then allows us to gather and analyze threat intelligence so that we can better help the region strengthen its cyber defenses. Trend Micro will continue to monitor regional marketplaces so we can proactively empower our ecosystem, and offer greater clarity to law enforcement agencies, here in the region, and globally.”
“Also, the prevalence of giving services and malware away for free is interesting. Other underground marketplaces provide support to members, but the extent and willingness in this region is unique,” added Moawad.
The ideology of hacking, as a service is unique to MENA’s underground due to the ideology that drives its trade. In other marketplaces, like in North America or Russia, their purveyors mostly focus on selling their wares and forum participants don’t band together to plan cyberattacks.
Hacktivism, DDoS attacks and website defacements are a staple in this region. These tactics are often carried out by members who present ideological distrust toward Western countries, as well as local governments. Major primary product categories are, malware: 27 percent, fake documents 27 percent, stolen data 20 percent, crimeware 13 percent, weapons 10 percent, and narcotics 3 percent.
Crimeware sold includes a variety of cryptors, malware and hacking tools. Worm USD1-USD 12, keylogger free-USD19, known ransomware USD 30-USD 50, malware builder Free-USD 500, citadel (FUD) USD150, ninja RAT (FUD) USD100, and Havij 1.8 (Cracked) for free.
Hosting providers in the region make significant profit by selling regionalized hosting spaces, which allows for local language and time settings in addition to faster connection speeds. A single IP connection and 50 GB of hard disk space, for instance, are sold for USD 50. Smaller plans exist, and start as low as USD 3. To some extent, the price is at par with other underground marketplaces, such as that of China.