Cybercriminal forums have been flourishing despite new, more secure technologies and constant pressure from law enforcement. Researchers have come across a groundbreaking revelation of cybercriminals offering fraudulent cybersecurity certifications to those seeking them on underground forums.
The Cyble Research and Intelligence Labs (CRIL) report revealed that study material, allegedly from prominent institutions, was found on the forum post advertising the sale. Moreover, exam material was also being sold on the threat actor’s e-commerce site.
What CRIL researchers found on the cybercrime forums
Remote exam services for cyber security certifications wherein an exam can be taken by another person on behalf of someone else were offered on the cybercrime forums and darknet marketplaces. These maneuvers have branched out to LinkedIn as well, where fraudulent certificates are offered to legitimate job seekers.
The cost of taking a practical exam has been charged higher than its remote counterparts, suggesting that the service also would forge documents enough to send an individual to sit for exams with other legitimate candidates.
The cybersecurity trade advertisement sold exam manuals, and brain dumps i.e., stolen question samples along with their answers to help candidates pass exams without the effort of taking the entire certification course.
The post had received no reviews or ratings at the time of writing. Nor did it mention any figure in the number of products sold through the darknet marketplaces. The materials cost between $85 to $153. Titled, “Providing customer services since January 2023,” the post indicated that it is a new trade that is yet to take off in full swing.
Prestigious organizations and vendors that were mentioned in fraudulent cybersecurity certifications advertisements were:
- INE (eLearnSecurity)
- EC Council
- (ISC)2
- CompTIA
- Offensive Security
- Burp Suite
- TCM Security
- SANS
- Zero Point Security
The post shows ongoing communication about buying and selling study materials which researchers found were offered to be done using gift cards, PayPal, and cryptocurrency. Practical assessments were provided for $500 to $800.
The reach of the fraudsters and the gravity of this cybercrime indicate that cybersecurity professionals must be chosen after an extensive background check failing which, endless possibilities could be encountered.
The worst of them are spies or threat actors themselves being added to the workforce who would leak inside data to competitors. Other threats include:
- Faking falling prey to phishing attacks while allowing remote access to their gang leader.
- Working to create more allies in the firm by offering higher incentives.
- Leaking trade secrets.
- Targeting other employees in the company to blame them for all their illegal activities.
- Offering well-chosen dark web leads to their seniors or company to appear resourceful.
Cybercriminals are also offering to sell a custom remote access tool for exam assistance that might suggest installing keyloggers or malware on their device. Moreover, they claim to be using legitimate apps such as AnyDesk and TeamViewer for the same.
Who will be found on underground forums for certifications for cybersecurity?
Those looking for certificates specifically for cybersecurity on the dark web can also be threat actors who want to avenge their loss caused by another cybersecurity professional or company. The research report by Cyble also read that a post by a threat actor claimed to have already helped over 100 individuals to pass their exams.
Those individuals with fraudulent credentials from unknown locations may be looking for a job or worse, might have found one.
A workforce with a fraudster or a genuine candidate who was desperate for a cybersecurity job could bring both harm and loss to the company by failing to fulfill their responsibilities in the absence of the required education.
Cybercriminals have breached high-security websites and apps to steal information. Hence, it is not impossible to steal course details, exam materials, certificates, etc., from the systems of cybersecurity institutions.
The onus in part lies on these institutions to tighten their security infrastructure and promptly report any incidents for others to know that some legitimate material might have gotten out creating further frauds like creating fraudulent cybersecurity certificates.
Seeing underperforming candidates with fraudulent cybersecurity certifications would not only impact the reputation of the organization but also the name of the institute on their certificates. It can bring down the revenue of the vendors and the value of certification in the market more so after unearthing cheating scams.
Legitimate employees must also report someone who was found indulging in criminal activities. Such fraud in the sector that offers security calls for a stringent investigation in hiring and to wipe clean the data on the dark web forums by legal authorities.
Companies must sift through the newly hired and those in the queue to find any fraudulent cybersecurity certificates that might be sitting on the human resource database.
