Exploring the North American cybercriminal underground

Unlike counterparts in other countries, the North American underground encourages cybercriminal activity amongst novices and seasoned pros alike, according to Trend Micro.


“The high level of sophistication of the services and tools we found in the North American underground allows cybercriminals to thrive across the spectrum of expertise,” said Raimund Genes, CTO, Trend Micro. “With illegal goods and services spanning the physical and virtual realm, ranging from advanced malware to narcotics, this marketplace is of particular concern. As such it is no surprise we’ve seen a concentration of law enforcement activity in the underground which can lead to arrests and prosecution of its users.”

Access to this underground is relatively simple with availability through search engines on the mainstream, surface web. Transactions occurring involve several steps to keep both buyers’ and sellers’ anonymity through virtual currency and exchanges.


Key findings:

Crimeware: Considered to be an essential within any basic underground market, some forums in the North American market exclusively sell hacking tools.

Crypting services: Arguably the most sought-after crimeware in the underground to date, these service providers check how many security products flag the code “malicious,” and then encrypt malware as many times as it takes to avoid detection.

Credit card credentials, clones and fakes: Cybercriminals most commonly sell information such as credit card credentials. But they are not the only credit-card-related goods found. Clones or copies of stolen credit cards also abound.

Drugs and weapons: Individuals involved in drug-related transactions try to retain anonymity, while the weapons marketplace reveals foreign contacts allowing for delivery outside North America.

The complete report is available here.

More about

Don't miss