credit cards - X-Industry - Red Sky Alliance2024-03-28T21:53:04Zhttps://redskyalliance.org/xindustry/feed/tag/credit+cardsStatus of the CyberCrime Undergroundhttps://redskyalliance.org/xindustry/status-of-the-cybercrime-underground2023-06-24T12:50:00.000Z2023-06-24T12:50:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12125871256,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12125871256,RESIZE_400x{{/staticFileLink}}" alt="12125871256?profile=RESIZE_400x" width="250" /></a>Earlier this year, threat researchers at Cybersixgill released the annual report, <u>The State of the Cybercrime Underground</u>. </p>
<p><a href="https://cybersixgill.com/resources/the-state-of-the-underground-2023">https://cybersixgill.com/resources/the-state-of-the-underground-2023</a> </p>
<p>The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age and how organizations can adapt to reduce risk and maintain business resilience. This article summarizes a few of the report's findings, including trends in credit card fraud, observations about cryptocurrency, AI developments and how they are lowering barriers to entry to cybercrime, and the rise of “Cybercrime as-a-Service" (CaaS) activities.<a href="#_ftn1">[1]</a></p>
<p>Credit card fraud is (mostly) on the Decline - Credit card fraud has been a common and frequent threat used by underground cybercriminals for many years. But several recent developments are slowing the tide and significantly reducing credit card fraud incidents. More recently, we have seen a significant decline in compromised credit cards for sale on illicit underground markets. For example, in 2019, dark web markets listed approximately 140 million compromised cards for sale. The number declined to around 102 million in 2020 and plummeted again by another 60% to almost 42 million cards in 2021. Finally, in 2022, this total plunged again to only 9 million cards. The significant decline in credit card fraud is due mainly to the following:</p>
<ol>
<li>Improvements in authentication and fraud prevention – Banks and financial institutions are using advanced authentication and "passwordless" methods that make it harder to compromise a card, such as biometric authentication (e.g., fingerprints and face recognition), as well as PINs, EMV chips, and multi-factor authentication (MFA).</li>
<li>Real-time fraud detection – Implemented primarily by credit card companies, real-time fraud detection systems that use machine learning algorithms to analyze user behavior, spending patterns, and geolocation data can identify anomalies or suspicious activity. Once a transaction is flagged as suspicious, the issuer might demand additional types of verification, such as asking a security question or sending an SMS verification, making it more challenging for fraudsters to use stolen cards.</li>
<li>E-commerce security improvements – Since 2021, e-commerce sites have been using more robust security measures, such as two-factor authentication (2FA), address verification systems, and secure payment systems adhering to PCI DSS, making it harder for cybercriminal threat actors to steal credit card data from consumers.</li>
</ol>
<p>Cryptocurrency: a tool and a target - A hallmark of cryptocurrency is that it's decentralized, allowing users anonymity and privacy. No surprise, then, that cryptocurrencies are the payment method of choice for cybercriminals to purchase illicit goods and services, launder proceeds from cyberattacks, and receive ransomware payments. As cryptocurrency has gained broader adoption for legitimate purposes, it's also become a target for threat actors, presenting new opportunities for "crypto-jacking," digital wallet takeovers, crypto-mining, and siphoning digital assets from crypto exchanges.</p>
<p>Even with the fallout from the 2022 crypto crash, crypto's value among cybercriminals has only increased. As revealed in our report, we saw a 79% increase in crypto account takeover attacks in 2022. (Ultimately, cybercriminals use crypto to move money, not make money. While transactions on the underground are consummated in cryptocurrency, prices are listed in dollar value.) Yet, threat actors may ultimately abandon cryptocurrencies if investors continue to pull out due to the market's volatility, as fewer crypto users make it easier for law enforcement to track illicit transactions and for legislators to enforce stricter regulation. Researchers are continuing to watch this space to see how it evolves.</p>
<p>Democratization of AI - In less than a year since it first arrived on the scene, cybercriminals continue to show great enthusiasm for ChatGPT - as well as other newly released AI tools and its promise as a force multiplier for cybercrime. With its ability to emulate human language for social engineering and even automate the development of malware code, with the right prompts and guidance, threat actors can streamline the entire attack chain. ChatGPT allows novice and less sophisticated cybercriminals to carry out malicious acts faster, with relative ease. AI technology is making cybercrime more accessible and lowering the barrier of entry by enabling threat actors to quickly write malicious code and perform other "pre-ransomware" preparatory activities.</p>
<p>Commercializing Cybercrime with As-a-Service Offerings - The as-a-Service business model is increasing, given its ability to help cybercriminals commercialize their expertise and scale operations. By purchasing sophisticated hackers' services, infrastructures, or tools, threat actors can outsource the groundwork required to launch a cyberattack with minimal effort. Especially concerning is the continued rise of Ransomware-as-a-Service (RaaS). The RaaS business model operates much like a modern business, whereby ransomware developers and operators lease out their ransomware technology and infrastructure to a network of lesser skilled 'affiliates' for distribution in return for a cut of the ransom extortion profits, thereby scaling their operations. This as-a-Service offering makes the extortion business accessible and profitable to a larger pool of cybercriminals driving the rapid increase in ransomware attacks year over year.</p>
<p>Every connected asset within an organization's sprawling attack surface presents cybercriminals with a potential entry point for attack. Today, protecting the expanding organizational attack surface with cyber threat intelligence alone to evaluate exposure is a near impossible task. The modern attack surface is increasingly external, extending beyond the known network perimeter to include a vast ecosystem of unknown assets from cloud-based resources, connected IPs, SaaS applications, and third party supply chains. As a result, most organizations suffer from major blindspots into their complete attacker-exposed IT environment, while struggling with overwhelming quantities of cyber threat intelligence data. To effectively defend against cyber threats, security teams need complete visibility into their unique attack surface and real-time insight into their threat exposure.</p>
<p>Given the ever-expanding threat landscape of the Digital Age, the ability to identify the highest priority risks facing their organization and focus their efforts accordingly offers tremendous benefits to resource-constrained security teams.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html">https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html</a></p></div>Don't Mess with my Boozehttps://redskyalliance.org/xindustry/don-t-mess-with-my-booze2023-01-25T13:35:00.000Z2023-01-25T13:35:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10948566071,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10948566071,RESIZE_400x{{/staticFileLink}}" alt="10948566071?profile=RESIZE_400x" width="250" /></a>On 12 January, Canadian alcohol retail giant LCBO announced that an “unauthorized party embedded malicious code” onto its website in order to steal information from customers in the process of checking out. Over five days in January, they wrote, customers “may have had their information compromised.” In fact, the infection was one of several to target LCBO customers in the last month, including an attack that lasted for more than a week that the company has not publicly acknowledged.</p>
<p>Researchers said they found the first payment-skimming malware infection occurred on LCBO’s website on 28 December, and that it lasted until 4 January 2023. The second infection, acknowledged by LCBO in statements released last week, began on 5 January 2023 and lasted until 10 January.<a href="#_ftn1">[1]</a> </p>
<p>LCBO, which stands for Liquor Control Board of Ontario, is a government enterprise and now one of the largest retailers and wholesalers of alcoholic beverages in the world. It said last week that it was shutting down its website and app to investigate a “cybersecurity incident.”<a href="#_ftn2">[2]</a> Their 680 retail stores are still able to operate, according to a statement the following day. Third-party experts were hired to address the incident. “At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process,” LCBO <a href="https://www.lcbo.com/content/lcbo/en/corporate-pages/about/media-centre/news/2023-01-12.html">said</a>, adding that customer information provided on their checkout pages may have been “compromised.” The information stolen included names, email and mailing addresses, membership account details, account passwords and credit card information. They urged customers who made purchases in that time period to check their credit card payments and report suspicious transactions. </p>
<p>Last week, an LCBO spokesperson said that they are continuing to investigate the situation and are identifying specific customers who were impacted so that they can communicate with them directly. The website and app are back up and running but all account passwords have been reset. The website has had an average of 3,058,000 monthly visits over the past three months, with 94% coming from within Canada and 3% coming from the US. </p>
<p>The hackers reportedly injected JavaScript into the website, allowing them to exfiltrate data stolen from the checkout page. Researchers said they have seen this form of hack in a variety of forms since August 2020. They have discovered five other e-commerce domains with infections that used the same malicious domain, lotilabs[.]org for either e-skimmer hosting or exfiltration.</p>
<p><em><a href="{{#staticFileLink}}10948565500,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10948565500,RESIZE_584x{{/staticFileLink}}" alt="10948565500?profile=RESIZE_584x" width="500" /></a>RECORDED FUTURE EXPERTS USED A BROWSER’S DEVELOPER VIEW TO SHOW THE MALICIOUS LINE OF CODE EMBEDDED IN LCBO’S WEBSITE.</em></p>
<p><em> </em></p>
<p>LCBO did not respond to requests for comment about whether their investigation included the first infection or whether customers from that first infection were also being notified alongside those from the second. Tanium said e-skimmer attacks have been around for years, yet many retailers still haven’t learned lessons from high-profile incidents involving Target and Ticketmaster; namely by starting to patch frequently. “Many business owners are simply using a service and do not have the technical expertise or resources to do that work,” they said. “From the consumer side it is always prudent to use cards that have fraud protection, use virtual cards where possible for web e-commerce, monitor purchases regularly (most financial institutions allow account activity to be sent via text).”</p>
<p> </p>
<p>Recorded Future discovered 1,520 unique malicious domains involved in the infections of 9,290 unique e-commerce domains in 2022. Most involved campaigns that saw groups use fake payment card forms or taking over legitimate merchant web infrastructure to install e-skimmers. The company reported breaches that exposed customer payment card data at over 1,000 unique merchants in 2022. “For 77% of the merchants, we have identified compromised payment cards from the breaches on the dark web,” they said. </p>
<p>The e-skimmers led to 45.6 million compromised payment card records posted for sale on dark web platforms in 2022.<a href="#_ftn3">[3]</a> </p>
<p> </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p> </p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p> </p>
<p> </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/canadas-largest-alcohol-retailer-infected-with-card-skimming-malware-twice-since-december/">https://therecord.media/canadas-largest-alcohol-retailer-infected-with-card-skimming-malware-twice-since-december/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.lcbo.com/content/lcbo/en/corporate-pages/about/media-centre/news/2023-01-10.html">https://www.lcbo.com/content/lcbo/en/corporate-pages/about/media-centre/news/2023-01-10.html</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://therecord.media/59-4-million-compromised-payment-card-records-posted-for-sale-on-dark-web-in-2022-report/">https://therecord.media/59-4-million-compromised-payment-card-records-posted-for-sale-on-dark-web-in-2022-report/</a></p></div>War = 62% Decline in Stolen Cardshttps://redskyalliance.org/xindustry/war-62-decline-in-stolen-cards2023-01-22T14:20:00.000Z2023-01-22T14:20:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10945933054,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10945933054,RESIZE_400x{{/staticFileLink}}" alt="10945933054?profile=RESIZE_400x" width="250" /></a>The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.</p>
<p>In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report. It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.</p>
<p>Researchers traced this significant decline to two key events at the start of the year. The first was an unexpected crackdown by the Russian state on cybercrime groups, which included arrests of suspected members of the REvil ransomware collective. “The governing theory is that Russia sought to signal its intent to cooperate with the West against cybercrime should the West acquiesce to Russian demands regarding Ukraine,” the report claimed.<a href="#_ftn1">[1]</a></p>
<p>Whatever its intent, the clampdown had a chilling impact on card fraud from the second half of February to April, including the shuttering of several top-tier carding shops, Recorded Future said.</p>
<p>However, what came next arguably had an even bigger impact. “After April, slack carding demand and depressed volumes of ‘fresh’ records were likely a result of Russia’s war,” the report continued. “It is highly likely that the war has significantly impacted Russian and Ukrainian threat actors’ ability to engage in card fraud as a result of mobilization, refugee and voluntary migration, energy instability, inconsistent internet connectivity and deteriorated server infrastructure. Russian-occupied areas of the Donbas region of Ukraine were long suspected to have hosted cyber-criminal server infrastructure.”</p>
<p>As a result, the future of the card fraud market will depend on external events, the report concluded. “Should Russia’s unprovoked war in Ukraine continue, the factors influencing regional threat actors’ ability to engage in card fraud will likely persist, and threat actors’ ability to engage in card fraud will remain lower than before the war, even as they continue to adapt,” it noted. “If the war should end, monitoring the region’s post-war economies will be crucial to determine whether the conditions and incentives exist for a renewal or possibly even an increase in card fraud activity.”</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.infosecurity-magazine.com/news/russias-ukraine-62-slump-stolen/">https://www.infosecurity-magazine.com/news/russias-ukraine-62-slump-stolen/</a></p></div>Old Problem – New Techniqueshttps://redskyalliance.org/xindustry/old-problem-new-techniques2022-09-28T15:07:12.000Z2022-09-28T15:07:12.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10829724884,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10829724884,RESIZE_400x{{/staticFileLink}}" width="250" alt="10829724884?profile=RESIZE_400x" /></a>Stealing, skimming and scams are nothing new in the credit card industry. But a new report by Reason Labs shows new twists to a credit card scam. In 2022, the cybersecurity world is no stranger to phishing attacks, credit card scams, virus distribution, and identity theft. They are ongoing on a daily basis and we have almost reached the point where we think we have seen it all. However, researchers have just uncovered potentially one of the largest fraudulent online credit card schemes active today. This significant and widespread global credit card scheme appears to have been operating since 2019. They estimate it has amassed tens of millions of dollars in fraud from tens of thousands of families and individuals and estimate it is operated by a crime syndicate and found evidence that it originated in Russia. The scam seems to abuse several security brands, such as McAfee and ReasonLabs, to execute fraudulent credit card charges. The infrastructure is built on top of Amazon Web Services and uses GoDaddy to circulate hundreds of domains. The fraudster’s strategy includes operating a massive fake network of dating and adult websites with functional customer support capabilities. Once the sites are live, the scammers coerce payment providers to gain the ability to accept credit card payments. At this point, the fraudsters search the darknet and acquire thousands of stolen credit cards and charge them to their fake website’s services.</p>
<p>This link: <a href="{{#staticFileLink}}10829723099,original{{/staticFileLink}}">IR-22-270-002_CC_Scam.pdf</a> breaks down how this elaborate scheme has been operating in three integral stages and offer possible ways for consumers to protect themselves to combat such schemes in the future.<a href="#_ftn1">[1]</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://reasonlabs.com/research/credit-card-scam-report/">https://reasonlabs.com/research/credit-card-scam-report/</a></p></div>Jokers Stash - Going out of Business?https://redskyalliance.org/xindustry/jokers-stash-going-out-of-business2021-01-19T15:59:17.000Z2021-01-19T15:59:17.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8439801081,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8439801081,RESIZE_400x{{/staticFileLink}}" width="250" alt="8439801081?profile=RESIZE_400x" /></a>Red Sky Alliance has long reported on the underground carding site – Joker’s Stash (JS). Well several research firms have identified that JS is ‘goiong out of business.’ Joker’s Stash is reportedly (or was…) the largest underground forum/shop for selling stolen credit card and identity data. JS is reporting they are closing its shop by the middle of February 2021. This news was shared after a crazy 2020 for the major cybercrime store, and several weeks after US and European law enforcement authorities seized a number of their servers.</p>
<p>The Russian and English language carding store began operations in October 2014, and quickly became a major source of credit card “dumps,” which is information stolen from compromised payment cards that crooks can buy and use to create physical counterfeit copies of those credit cards.<a href="#_ftn1">[1]</a></p>
<p>But 2020 turned out to be a tough year for Joker’s Stash. Researchers at Intel 471 recently explained that the owner of JS reported last October that he had contracted COVID-19 and spent a week in the hospital. In that time frame many of JS’s ardent customers started complaining that the shop’s payment card data quality was increasingly poor. “The condition impacted the site’s forums, inventory replenishments and other operations,” reported Intel 471.<a href="#_ftn2">[2]</a></p>
<p> </p>
<p><a href="{{#staticFileLink}}8439803486,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8439803486,RESIZE_400x{{/staticFileLink}}" width="300" alt="8439803486?profile=RESIZE_400x" /></a></p>
<table width="100%">
<tbody>
<tr>
<td>
<p>Figure 1. Image: Gemini Advisory</p>
</td>
</tr>
</tbody>
</table>
<p>That COVID diagnosis may have affected the shop owner’s ability to maintain fresh and valid inventory on his site. Gemini Advisory,<a href="#_ftn3">[3]</a> who monitor underground carding shops, observed a “severe decline” in the volume of compromised payment card accounts for sale on JS over the past six months. “Joker’s Stash has received numerous user complaints alleging that card data validity is low, which even prompted the administrator to upload proof of validity through a card-testing service,” Gemini wrote in a blog post about the planned shutdown.</p>
<p><a href="{{#staticFileLink}}8439805294,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8439805294,RESIZE_400x{{/staticFileLink}}" width="400" alt="8439805294?profile=RESIZE_400x" /></a></p>
<p>Figure 2. Image: Gemini Advisory</p>
<p>On 16 December 2020, several of JS’s long-operated domains began displaying notices that the sites had been seized by the US Department of Justice and Interpol, yet JS quickly recovered, moving to new infrastructure and assuring customers that it would continue to operate normally.</p>
<p>Gemini researchers estimate that JS produced more than a billion dollars in revenue over the past several years. Much of that revenue came from high-profile breaches, including tens of millions of payment card records stolen from major merchants including: Saks Fifth Avenue, Lord and Taylor, Bebe Stores, Hilton Hotels, Jason’s Deli, Whole Foods, Chipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ.</p>
<p>Joker’s Stash routinely teased big breaches days or weeks in advance of selling payment card records stolen from those companies, and periodically linked to this site and other media outlets as proof of his shop’s prowess and authenticity. Like many other top cybercrime forum/shops, JS was a frequent target of phishers looking to rip off unwary or unsophisticated thieves. In 2018, KrebsOnSecurity (KoS) detailed a vast network of fake Joker’s Stash sites set up to steal login credentials and bitcoin. The fake sites all traced back to the owners of a Pakistani web site design firm. Many of those fake sites are still active (e.g. jokersstash[.]su).</p>
<p>As noted by KoS in 2016, JS attracted an impressive number of customers who kept five and six-digit balances at the shop, and who were granted early access to new breaches as well as steep discounts for bulk buys. Those “partner” customers will be given the opportunity to cash out their accounts. But the majority of Stash customers do not enjoy this status and will have to spend their balances by 15 February 2021 or forfeit those funds.</p>
<p><a href="{{#staticFileLink}}8439808491,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8439808491,RESIZE_400x{{/staticFileLink}}" width="400" alt="8439808491?profile=RESIZE_400x" /></a></p>
<p>Figure 3. The dashboard for a Joker’s Stash customer who has spent over $10,000 buying stolen credit cards from the site.</p>
<p>Gemini said another event that may have contributed to this threat actor shutting down their marketplace is the recent spike in the value of Bitcoin. A year ago, one bitcoin was worth about $9,000. Today a single bitcoin is valued at more than $35,000. “JokerStash was an early advocate of Bitcoin and claims to keep all proceeds in this cryptocurrency,” Gemini stated in a recent blog post. “This actor was already likely to be among the wealthiest cybercriminals, and the spike may have multiplied their fortune, earning them enough money to retire. However, the true reason behind this shutdown remains unclear.” If the bitcoin price theory holds, that would be fairly rich considering the parting lines in the closure notice posted to JS.</p>
<p>“We are also want to wish all young and mature ones cyber-gangsters not to lose themselves in the pursuit of easy money,” the JS site administrator(s) warns. “Remember, that even all the money in the world will never make you happy and that all the most truly valuable things in this life are free.” Regardless, the impending February shutdown is unlikely to have much of an impact on the overall underground carding industry, Gemini explains. “Given Joker’s Stash’s high profile, it relied on a robust network of criminal vendors who offered their stolen records on this marketplace, among others. Gemini assesses with a high level of confidence that these vendors are very likely to fully transition to other large, top-tier dark web marketplaces.”</p>
<p>As stated, Red Sky Alliance has been collecting, analyzing and documenting cyber threats and vulnerabilities for over 9 years and maintains a resource library of malware and cyber actor reports – to include Joker’s Stash. As Gemini warns, the underground criminal activity will keep in operation, long after JS disappears. Specifically, our analysts are currently collecting and analyzing numerous underground forums, which include carding sites. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings: <a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p><a href="#_ftnref1">[1]</a> <a href="https://krebsonsecurity.com/2021/01/jokers-stash-carding-market-to-call-it-quits/">https://krebsonsecurity.com/2021/01/jokers-stash-carding-market-to-call-it-quits/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://intel471.com/blog/jokers-stash-closed-february-2021/">https://intel471.com/blog/jokers-stash-closed-february-2021/</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://geminiadvisory.io/jokers-stash-shuts-down/">https://geminiadvisory.io/jokers-stash-shuts-down/</a></p></div>