Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Once upon a time, a high-profile dark web marketplace seizure or exit scam would have been big news in the cybercriminal community. When Empire marketplace went down we saw widespread expressions of shock, fear, and speculation. But is the strength of reaction to such events beginning to diminish?
The recent alleged seizure of the carding AVC Joker’s Stash’s Blockchain DNS domains didn’t generate as much discussion as we might have expected. And, a few weeks on from the takedown of the “largest darknet marketplace”, DarkMarket, the ripples in the cybercriminal underground are barely discernible. Taking this as our starting point, in this blog we’ll dive into the cybercriminal community’s reaction to the recent seizure of DarkMarket and ask why this news has not had the impact some might have expected.
DarkMarket launched in June 2019 and increased in prominence throughout 2020, especially after the exit scam of the former number one marketplace Empire in August 2020. After the demise of a significant marketplace, so-called “refugees” of the platform usually seek to transition their buying and selling activities to an alternative service. In this instance, DarkMarket would have been one of many criminal marketplaces capitalizing on Empire’s downfall and looking to increase its user base.
It seemed to have worked. As recently as December 2020, an announcement on the reddit-style forum Dread highlighted that DarkMarket had hit the milestone of half a million users, signifying its popularity across the criminal underground and status as one of the “go-to” marketplaces. After DarkMarket’s seizure in January 2021, reporting suggested the marketplace had 2,400 active vendors and had facilitated over 320,000 transactions. Conservative estimates calculated that around USD 170 million had changed hands on the site throughout its tenure.
Back in early January 2021, German law enforcement agencies announced the successful arrest of a man believed to be the administrator of the English-language cybercriminal marketplace DarkMarket. This represented the culmination of months of coordinated efforts between Europol and several other nations and also resulted in the seizure of over 20 servers located in Moldova and Ukraine alleged to have hosted the marketplace’s infrastructure.
While its transaction figures sound impressive, the reality is that DarkMarket was often excluded from cybercriminals’ discussions about marketplace preferences or recommendations because of their relaxed security practices. So how did DarkMarket garner such a high number of users? In short, user-friendliness and ease of access to an array of vendors and goods.
Even if a marketplace is as secure as Fort Knox, if it doesn’t have a high number of quality goods or offer user-friendly payment methods then the masses will not take to it. This dilemma appears to be dividing the criminal landscape: is it worth forgoing ease of use and a limited audience in favour of a secure and anonymous marketplace? Or is it better to stick with the formula that, despite resulting in numerous law enforcement actions and regular exit scams, offers access to a much wider user base and a simpler transaction process?
A Crowded Sector
Although we have observed various discussions on the fallout of DarkMarket’s seizure, the initial reaction to the announcement has largely been underwhelming. Media headlines about the takedown of the dark web’s “largest illegal marketplace” suggest the news should have had a bigger impact. But the reality is that the marketplace sector is extremely crowded. There were various platforms actively competing with DarkMarket for the top spot. And with DarkMarket now no longer a threat, there is a pool of candidates offering discounts and free vendor bonds for refugees looking for a new “home”. Crucially, another law enforcement seizure only strengthens the more secure marketplaces’ argument that the cybercriminal community leave behind the platforms they are accustomed to.
Post-Empire Diversification
Empire’s exit scam may have pushed buyers and sellers to reject marketplaces altogether and seek alternative technologies such as cybercriminal forums or messaging applications like Telegram and Discord. Digital Shadows (now ReliaQuest) (now a ReliaQuest company) repeatedly reported on the potential of these alternative technologies to become contenders to the marketplace model. However, they are ultimately problematic due to the efforts required to build a decent customer base ,which is much easier to establish on large, reputable criminal marketplaces, and the increased likelihood of scams if reliable escrow processes are not implemented (usually a default option on marketplaces).
The recent disruption we’ve seen in the marketplace scene may have encouraged vendors to diversify their activity, splitting their sales between different marketplaces. That way, if one goes down, their bottom-line remains largely unaffected. The impact of DarkMarket’s closure might have been reduced if cybercriminals have slowly been building resilience against such eventual shutdowns and exits with alternative marketplaces and technologies.
In recent months, DDoS activity affecting the entire Tor network had impacted DarkMarket, among others. The administrator of Dread even initiated a thread accusing marketplace owners of organizing such attacks against their competitors or even performing retaliatory attacks. The administrator said that DDoS attacks on the Tor network would not only harm the intended target but also damage the whole of the cybercriminal community. DDoS activity between cybercriminals is not uncommon, but the fact that DarkMarket was already being targeted and struggling to remain online before its seizure may have dulled the impact of the takedown as the community was used to it being offline for long periods.
Despite these recent dark web market problems that the cybercriminal community is experiencing, it’s unlikely that the marketplace model will go anywhere anytime soon. It may be the case that the golden era of the marketplace is over, and threat actors who are jaded by the news of yet another marketplace’s departure from the scene will continue to react in muted ways. But we’re also entering an exciting new era in the sense that, up until now, the marketplace model has always had a recognized leader for other sites to emulate and compete with. These days, the scene is now a crowded arena with business flourishing and no obvious front runner. Perhaps this situation will encourage diversification and innovation that could breathe new life into the marketplace scene and ensure its survival for months and years to come.