While takedowns of underground markets were still apparent in the third quarter, other underground markets quickly swept in and filled any voids, researchers found in a new report.
With cybercriminal services on the ready, the effectiveness of attackers continues to increase, said researchers in the McAfee Labs Threats Report: December 2018.
During the third quarter, researchers found more activity from the GandCrab ransomware family. Using an affiliate program, demonstrating agile development, and mixing with other cybercrime services such as exploit kits have resulted in a big wave of attacks from this family.
In addition, McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices.
In Q3, the Dream, Wall Street, and Olympus markets were in a hunt for market share, until the disappearance of Olympus. In an effort to evade law enforcement and build trust directly with customers, some entrepreneurial cybercriminals have shifted away from using larger markets to sell their goods and have begun creating their own specialized shops, McAfee researchers said in the report.
In addition, on underground forums, there is a strong interest for the leading ransomware-as-a-service families such as GandCrab. Ransomware remains popular, evidenced by 45 percent growth over the last four quarters and strong interest on underground forums for the leading RaaS families like Gandcrab.
These developers are forming strategic partnerships with other essential services, such as crypter services and exploit kits, to better service their customers and increase infection rates, McAfee researchers said.
Along those lines, GandCrab partnered with the new crypter service NTCrypt. This partnership was formed after NTCrypt won a crypter contest launched by the group behind GandCrab. A crypter service provides malware obfuscation to evade antimalware security products.
GandCrab increased its required ransom payment to $2,400 from $1,000. Exploit kits, the delivery vehicles for many cyberattacks, added support for vulnerabilities and ransomware, according to the report.
Researchers found malware led disclosed attack vectors, followed by account hijacking, leaks, unauthorized access, and vulnerabilities.
In addition, McAfee Labs counted 215 publicly disclosed security incidents, a decrease of 12 percent from Q2. Researchers also found 44 perce nt of all publicly disclosed security incidents took place in the Americas, followed by 17 percent in Europe and 13 percent in Asia-Pacific.