Kaspersky Report Reveals Cybercriminals’ Reliance on Escrow Services on the Darknet

According to the latest research by Kaspersky, over 1 million messages were posted on the darknet between 2020 and 2022 mentioning escrow services. These intermediaries, who help to control the fulfillment of agreements and minimize the risk of cheating, partner with cybercriminals who want to buy or sell data, services, or form partnerships, earning between three to fifteen percent of the transaction. However, there is still a risk of failure, as escrow scams are common. The Kaspersky Digital Footprint Intelligence team has published a new report explaining how these transactions are carried out on the darknet.

To ensure their own security and avoid becoming victims of other cybercriminals, darknet cybercriminals use escrow agents as intermediaries for transactions involving expensive or atypical cases. These agents can be either a human or an automatic system. While escrow services have emerged to provide some form of security on the darknet, fraudulent activities related to them occur frequently, leading to cybercriminals having to worry about their security.

Figure 1. The total number of messages on shadow sites mentioning escrow agents by quarter, from 2020 to 2022

From January 2020 to December 2022, the Kaspersky Digital Footprint Intelligence team monitored the darknet and found over one million messages mentioning the use of an escrow agent or other related terms. These messages accounted for 14% of the total number of deal-related messages on various dark web resources. However, since cybercriminals often discuss detailed terms in person without specifying all the particulars in announcements and offers, the actual share of deals with escrow services could be higher.

In the second half of 2021, the number of messages mentioning escrow services surged, coinciding with the dynamics of cybercriminal activity on shadow Telegram channels, which saw an increase in members after several popular dark web forums were compromised in early 2021. In most of 2022, there was a decline in activity on shadow resources due to the escalated geopolitical situation, which motivated cybercriminals to cease their illegal activities and relocate using the accumulated money. However, the Kaspersky Digital Footprint Intelligence team observed growing escrow-related activity towards the end of 2022.

Despite the presence of escrow services, no service can protect against cheating on the darknet, and both the seller and buyer, as well as the escrow agent, can violate the deal arrangements. For effective protection against cybercriminals on the darknet, it is necessary to understand how it operates, how cybercriminals interact with each other, what kinds of deals there are, and how they are carried out.

Kaspersky researchers recommend implementing measures such as keeping software updated on all devices to prevent attackers from infiltrating your network, using the latest Threat Intelligence information to stay aware of actual tactics, techniques, and procedures (TTPs) used by threat actors, using Kaspersky Digital Footprint Intelligence to explore an adversary’s view of company resources and identify potential attack vectors, and utilizing Kaspersky Incident Response service to respond and minimize the consequences of a security incident. To read the full report on escrow services on the darknet, visit Securelist.com.

24 March 2023

Author: Terry KS

Share This Post On