Dear folks,

This is Dancho (https://ddanchev.blogspot.com).

I wanted to take the time and effort and elaborate on a personal observation.

Back in 2008-2010 at the peak of my cybercrime research career while doing the usual to communicate my findings there were several rules that I didn't just follow but rules that are rules that are supposed to be.

01. Rule 01 - never reveal your sources - back in that period of time it was also an interesting observation that based on my experience in the field having sources was impossibe thing to exist for Russia and Eastern European cybercriminals. It will be simply surreal t think that there's a way to have sources in this aspect that would or have anything to do with you or for you.

02. Rule 02 - a market segment practice known as buying logs back then today emerged as the infostealer market segment - now here comes the interesting part as I find it highly unusual compared to back then to have today's over supply of free infostealer logs including their general availability for download and purchase. There's an important observation to make here going beyond the economic supply and over supply naturally going beyond commonditization underground market goods most importantly because I think that a botnet master and I don't mean to sound weird for those who know me from 2008-2010 with my research but there's a low probability that today's market segment for infostealers can be compared to the logs market segment from back in 2008-2010 and also from economic perspective due to a variety of reasons. Taking a deeper look at what's available for free daily on the infostealer market segment we see an impossibe trend namely that there isn't a high probability that shouldn't apply basic logic that I can't keep in mind share 1TB of working logs daily and have another 1TB of working logs for clients unless we cannot really call this true cybercrime the one I was originally busy communicating in 2008-2010. It means that we don't just have the same cybercrime players from back then involved in this but we gave in a way a distorted a little bit puzzled cybercrime market trend in terms of where did all of this started how come it took place and who's involved in terms of driving growth for this market segment.

03. Rule 03 - for me today's ransomware epidemic sparks a variety of interesting questions. Where are your online and offline backups? Have you forgotten that it's more important to worry about competition going through your leaked files instead of hackers? If you were asked in a questionnaire what drove you and who told you to contact the hackers and how did you contact them?

04. Rule 04 - never ever talk with cybercriminals - this is one of the most logical rules that I always followed simply because it's the most logical one.

Thanks,
Dancho

Did you know that I send approximately 2,000 abuse notifications daily? Here's how I'm doing it. I always source through direct sandboxing and C&C domain extraction from the samples to ensure the Q&A of the process. I then use a custom dashboard with workflows to monitor the case process and produce the graphs and statistics.

Find attached some statistics.

Thanks,
Dancho

Did you know that I send approximately 2,000 abuse notifications daily? Here's how I'm doing it. I always source through direct sandboxing and C&C domain extraction from the samples to ensure the Q&A of the process. I then use a custom dashboard with workflows to monitor the case process and produce the graphs and statistics.

Find attached some statistics.

Thanks,
Dancho

Did you know that I send approximately 2,000 abuse notifications daily? Here's how I'm doing it. I always source through direct sandboxing and C&C domain extraction from the samples to ensure the Q&A of the process. I then use a custom dashboard with workflows to monitor the case process and produce the graphs and statistics.

Find attached some statistics.

Thanks,
Dancho