Close on the heels of the announcement that a major outlet for stolen card data was closing its doors following actions from Law Enforcement, another falls. It has been announced this week that the dark web card bazaar, ValidCC, was abruptly closed after Law Enforcement confiscated the infrastructure.
The cybercrime group believed to be behind ValidCC was reported to have been responsible for the theft of card data from 700 eCommerce websites in 2020. The group has also been linked to the increasing trend in third-party service provider breaches ("supply chain attacks") where the card skimming malware was spread to countless online stores across Europe, Asia, and The Americas.
This recent action is a major blow to the criminal world with hundreds of thousands of unsold payment card data seized and thousands of users losing significant amounts of virtual currency held within the platform.
2021 has seen several good news stories in the fight against cybercrime, with Law Enforcement agencies across the Globe reporting successful actions. Does this mark an end to card data theft? Is Law Enforcement finally turning the tables on the cybercriminals?
The answer to both these questions is unfortunately "NO!" There are plenty of other underground carding bazaars that will quickly move in and service the customers ValidCC and JokerStash. Despite the takedown of two major carding sites, the trading of stolen payment card and other personal data has not seen any drop, in fact, security researchers are seeing an increase in volumes. Whilst the recent actions of Law Enforcement should be commended and seen as a positive step. Seizing servers and domain names is nothing more than an inconvenience to the cybercriminal gangs. Unless the individuals behind such websites are taken down, they will simply find another outlet though with to trade, setting Law Enforcement back to Square One! Such is the enormous challenge faced by those who seek to bring an end to cybercrime.
So long as we rely ever more on eCommerce retail, and it remains easier to set up and trade online than it is to secure such environments. This type of crime will continue to be low risk and high reward, making it a very lucrative prospect. It is the responsibility of all of us who make use of the World Wide Web, both as consumers and for business, to ensure we are securing the data the criminals seek.
If you own or run a website that accepts, stores, or processes valuable data, such as payment card or personal information, and would like advice or guidance on securing your environment, please contact 3B Data Security.
ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.