Monday, January 30, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Free Magazine
The Cyber Express
Ransomware 2023 Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Firewall Daily

Fraudulent Cybersecurity Certifications Out in the Open, Sold on Underground Forums

The reach of the fraudsters and the gravity of this cybercrime indicate that cybersecurity professionals must be chosen after an extensive background check.

Vishwa Pandagle by Vishwa Pandagle
January 25, 2023
in Firewall Daily
0
Cybersecurity Certifications
598
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

Cybercriminal forums have been flourishing despite new, more secure technologies and constant pressure from law enforcement. Researchers have come across a groundbreaking revelation of cybercriminals offering fraudulent cybersecurity certifications to those seeking them on underground forums.

The Cyble Research and Intelligence Labs (CRIL) report revealed that study material, allegedly from prominent institutions, was found on the forum post advertising the sale. Moreover, exam material was also being sold on the threat actor’s e-commerce site.

You might also like

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

What CRIL researchers found on the cybercrime forums 

Remote exam services for cyber security certifications wherein an exam can be taken by another person on behalf of someone else were offered on the cybercrime forums and darknet marketplaces. These maneuvers have branched out to LinkedIn as well, where fraudulent certificates are offered to legitimate job seekers. 

The cost of taking a practical exam has been charged higher than its remote counterparts, suggesting that the service also would forge documents enough to send an individual to sit for exams with other legitimate candidates.

The cybersecurity trade advertisement sold exam manuals, and brain dumps i.e., stolen question samples along with their answers to help candidates pass exams without the effort of taking the entire certification course. 

Cybersecurity Certifications
Screenshot of the e-commerce site advertising the sale of exam materials (Source: Cyble)

The post had received no reviews or ratings at the time of writing. Nor did it mention any figure in the number of products sold through the darknet marketplaces. The materials cost between $85 to $153. Titled, “Providing customer services since January 2023,” the post indicated that it is a new trade that is yet to take off in full swing.  

Prestigious organizations and vendors that were mentioned in fraudulent cybersecurity certifications advertisements were: 

  1. INE (eLearnSecurity) 
  2. EC Council 
  3. (ISC)2 
  4. CompTIA 
  5. Offensive Security 
  6. Burp Suite 
  7. TCM Security 
  8. SANS 
  9. Zero Point Security 
Cybersecurity Certifications
Subsections of exams advertised on the darknet forum (Source: Cyble)

The post shows ongoing communication about buying and selling study materials which researchers found were offered to be done using gift cards, PayPal, and cryptocurrency. Practical assessments were provided for $500 to $800. 

The reach of the fraudsters and the gravity of this cybercrime indicate that cybersecurity professionals must be chosen after an extensive background check failing which, endless possibilities could be encountered.

The worst of them are spies or threat actors themselves being added to the workforce who would leak inside data to competitors. Other threats include: 

  1. Faking falling prey to phishing attacks while allowing remote access to their gang leader. 
  2. Working to create more allies in the firm by offering higher incentives. 
  3. Leaking trade secrets. 
  4. Targeting other employees in the company to blame them for all their illegal activities. 
  5. Offering well-chosen dark web leads to their seniors or company to appear resourceful. 

Cybercriminals are also offering to sell a custom remote access tool for exam assistance that might suggest installing keyloggers or malware on their device. Moreover, they claim to be using legitimate apps such as AnyDesk and TeamViewer for the same.  

Who will be found on underground forums for certifications for cybersecurity? 

Cybersecurity Certifications
Screenshot of a certificate with blurred names and signatures (Source: Cyble)

Those looking for certificates specifically for cybersecurity on the dark web can also be threat actors who want to avenge their loss caused by another cybersecurity professional or company. The research report by Cyble also read that a post by a threat actor claimed to have already helped over 100 individuals to pass their exams.  

Those individuals with fraudulent credentials from unknown locations may be looking for a job or worse, might have found one.

A workforce with a fraudster or a genuine candidate who was desperate for a cybersecurity job could bring both harm and loss to the company by failing to fulfill their responsibilities in the absence of the required education. 

Cybercriminals have breached high-security websites and apps to steal information. Hence, it is not impossible to steal course details, exam materials, certificates, etc., from the systems of cybersecurity institutions.

The onus in part lies on these institutions to tighten their security infrastructure and promptly report any incidents for others to know that some legitimate material might have gotten out creating further frauds like creating fraudulent cybersecurity certificates.  

Seeing underperforming candidates with fraudulent cybersecurity certifications would not only impact the reputation of the organization but also the name of the institute on their certificates. It can bring down the revenue of the vendors and the value of certification in the market more so after unearthing cheating scams.  

Legitimate employees must also report someone who was found indulging in criminal activities. Such fraud in the sector that offers security calls for a stringent investigation in hiring and to wipe clean the data on the dark web forums by legal authorities.

Companies must sift through the newly hired and those in the queue to find any fraudulent cybersecurity certificates that might be sitting on the human resource database. 

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: cybersecurity certifications on saledarknet marketplaces selling cybersecurityfraudulent cybersecurity certificatesThe Cyber ExpressThe Cyber Express Newsunderground forums selling cybersecurity certifications
Previous Post

Avast Faces DDoS Attack, Days After Security Breach at Parent Firm Gen Digital

Next Post

The Ultimate Guide to Understanding Ransomware: Types, Top Attacks, and How to Protect Yourself

Vishwa Pandagle

Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes cybersecurity news related to data breaches, ransomware, phishing, and best practices among others. She also writes about cybersecurity developments and likes interacting with experts in this field. When not working, she likes self-reflecting, meditating, volunteering, and going for long walks.

Related Posts

Westmont Hospitality
Cybersecurity News

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

by Chandu Gopalakrishnan
January 28, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

by Chandu Gopalakrishnan
January 28, 2023
Dr Pepper Russian Branch
Data Breach News

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

by Ashish Khaitan
January 27, 2023
Amadey Botnet
Firewall Daily

Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

by Editorial
January 27, 2023
Verizon
Dark Web News

Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

by Editorial
January 27, 2023
Next Post
The Ultimate Guide to Understanding Ransomware Ransomware news

The Ultimate Guide to Understanding Ransomware: Types, Top Attacks, and How to Protect Yourself

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Issue is Out. Subscribe Now

Cybersecurity Person of The Year 2023
Download Now

Sign Up For Newsletter

Name*

Recommended

Westmont Hospitality

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

January 28, 2023
Guacamaya Mexico Breach

Mexico Government Confirms Hacking of Military Data

October 3, 2022

Categories

  • Appointments
  • Budgets
  • Business News
  • Compliance
  • Cyber Essentials
  • Cyber Warfare
  • Cybersecurity News
  • Dark Web News
  • Data Breach News
  • DDoS Attacks
  • Espionage
  • Features
  • Firewall Daily
  • Gitex2022
  • Governance
  • Hacks
  • How to
  • Interviews
  • Learning & Development
  • Main Story
  • Malware News
  • Mergers & Aquisitions
  • Partnerships
  • Podcast
  • Policy Updates
  • Press Release
  • Ransomware
  • Regulations
  • Research
  • Resources
  • Startups
  • Vulnerabilities
  • Workforce

Don't miss it

Cyber Security for Water Treatment Plants
Interviews

The Threat is Real: Cyber Security for Water Treatment Plants Demands Attention

January 29, 2023
Westmont Hospitality
Cybersecurity News

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

January 28, 2023
SOCs
Features

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

January 28, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

January 28, 2023
Dr Pepper Russian Branch
Data Breach News

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

January 27, 2023
How to protect and recover your Facebook and Instagram accounts – a complete guide
Resources

How to protect and recover your Facebook and Instagram accounts – a complete guide

January 27, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

© 2022 The Cyber Express | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.