HQ/EMEAFind out how we can help your business
Since its initial emergence on January 19, the new dark web marketplace, STYX, has been thriving in trading illegal products and services for cyberattacks.
Some services this underground marketplace offer are identity theft, DDoS, stolen credentials and databases, malware, bypassing 2FA, cash-out services, and identity lookup. The market also has several Telegram channels for directing clients’ purchasing process, with bots appointed to interact and assist with service-related queries.
For payment, the STYX dark web market supports multiple cryptocurrencies, allowing threat actors to have a wide range of payment options.
The STYX dark web market concentrates on financial fraud services.
Upon assessing the infrastructure of the STYX dark web market, researchers found its main focus of offered services is mostly financial fraud.
These services include bypassing anti-fraud filters, selling stolen credit card credentials and PII, data lookup services of individuals and orgs, fake IDs and forged documents, telephone, text, email flooding, money laundering, malware injection, and provision of tutorials on cybercrime campaigns.
Despite the law enforcement agencies’ active campaigns against cybercriminal bases, numerous underground platforms like STYX continue to surface. These malicious platforms aid threat actors in their cyberattack campaigns through a wide array of accessible services, thus playing a significant part in how this malicious ecosystem has flourished until today.
Especially for financially-motivated cybercriminals, STYX has provided them with more opportunities to continue their campaigns and victimise individuals and companies worldwide.
In related news, the FBI recently seized two of the most prolific underground infrastructures. These two are the Genesis Market and BreachForums, where cybercriminals assemble to purchase cybercrime goods and converse about cybercrime-related discussions.
STYX’s presence could be an effective replacement for the two’s absences; thus, organisations are warned that threat actors will not stop anytime soon, regardless of how authorities manage to cripple the cybercriminal ecosystem.
More robust enforcement of cybersecurity measures must be implemented, along with learning how to combat even the most effective and modernised cyber threats from malicious actors.
