{"id":24857,"date":"2019-02-01T16:21:54","date_gmt":"2019-02-01T16:21:54","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29776\/Bullish-On-Cybercrime.html"},"modified":"2019-02-01T16:21:54","modified_gmt":"2019-02-01T16:21:54","slug":"bullish-on-cybercrime","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/","title":{"rendered":"Bullish On Cybercrime"},"content":{"rendered":"<div class=\"wysiwyg\">\n<p>As the U.S. economy takes investors on a wild ride, turning all the usual indicators topsy-turvy and sparking concern that the bear will usurp the bull, one market seems to be on a perpetual upswing<\/p>\n<p>\u2014 cybercrime. Threat intelligence researchers agree that adversaries are well connected in the sophisticated virtual labyrinths of the dark web, providing a supportive yet disparate ecosystem cloaked in anonymity.<\/p>\n<p>Despite law enforcement shutdowns of the popular illicit marketplaces AlphaBay and Hansa 18 months ago, new underground storefronts continue to spring up to help facilitate the sale of stolen PII that\u2019s increasingly robust, even including voter records.<\/p>\n<p>\u201cThe [hacker] ecosystem is alive and responds to setbacks,\u201d says McAfee Chief Scientist Raj Samani, noting the emergence of Tor shops and Telegram groups after the AlphaBay and Hamsa takedowns.<\/p>\n<p>Hidden wiki and deepdotweb sites provide insight into the emergence and types of marketplaces, platforms and discussion forums available for dark web-related content, Samini added.<\/p>\n<p>\u201cNot only will you find people selling and buying stolen data, but also threat actors advertising their services and looking for business partners,\u201d promises David Shear, senior analyst for Flashpoint. \u201cThe problem for most threat actors is not finding a community, it is deciding which one they want to be part of.\u201d<\/p>\n<p>Flashpoint closely followed the July 2017 shuttering of AlphaBay and how its successor, Empire Market, copied its website design and user experience. Empire Market doubled its user base from approximately 3,000 listings in April 2018 to more than 6,000 listings in July 2018.<\/p>\n<p>Tor indexing services feed search engines used to find what cybercriminals seek. Milligan notes he\u2019s found a particular website to promote cybercriminals\u2019 virtual storefronts. \u201cThis [hackers\u2019] news website is accessible from Tor and the surface web, acting as somewhat of a dark web archive with lists of markets and forums with descriptions, ratings, and links.\u201d<\/p>\n<p>Much like archive.org\u2019s \u201cWayback Machine,\u201d the site keeps track of markets and forums that existed at one time, creating a kind of timeline or history of the dark web. In addition, the site features articles and other content on the home page that gives an indication of the topics dark-web denizens are interested in.<\/p>\n<p>Before the successful takedowns of large marketplaces, such hotbeds weren\u2019t as complicated to track, points out Ross Rustici, Cybereason\u2019s senior director.<\/p>\n<p>\u201cWhere as before you had a few large pools of nefarious activity, currently we are seeing an increased splintering of the community into smaller more protected communication modes,\u201d Rustici says.<\/p>\n<p>It\u2019s also a marketplace that\u2019s not hurting financially. Armor recently found the going prices of stolen credit cards, bank accounts and personal identities globally jumped between 10 percent to 83 percent in the past three years. For example, stolen U.S. Visa credit card credentials increased in value from $4.88 in 2015 to $9 in 2018, but when coupled with its CVV code and PII, it fetches $65 on the dark market for Visa, MasterCard and Amex in the U.S. (and $75 in the U.K.). The latest findings build on Armor\u2019s Threat Resistance Unit (TRU) team report in March 2018 analyzing the underground cybercriminal markets in the fourth quarter of 2017.<\/p>\n<p>\u201cMore unique, larger datasets, which have already been vetted for legitimacy, will be more expensive than smaller or partial datasets, like unvetted credit card numbers,\u201d comments Dan Byrnes, Recorded Future\u2019s threat intelligence researcher.<\/p>\n<p>These complete datasets, called \u201cFullz\u201d (full identity data), can encompass: first and last name; current\/previous home and billing address, city, state, zip code; mobile and\/or home phone number; SSN or national identity number; date of birth; mother\u2019s maiden name; credit card number; bank name and location; date account was opened; average monthly balance; checking account and routing number; driver\u2019s license; and even voting records, all of which is typically priced collectively or available a la carte.<\/p>\n<p>Armor threat researcher Corey Milligan is impressed by the dark web\u2019s level of organization and maturity.<\/p>\n<p>\u201cThe dark websites that facilitate these markets are professionally built and hosted in the cloud using the latest technology,\u201d Milligan notes. \u201cThey understand the products they are selling and the customers they are selling to.\u201d<\/p>\n<p>Not unlike the Amazon seller\/product rating and review system, these 21st Century bazaars \u201cprovide ratings to help customers choose sellers they can trust and easy-to-navigate interfaces that give the vendors ample space to advertise and the customers the ability to sort through offerings to find precisely what they are looking for.\u201d<\/p>\n<p>The administrators of the markets are very connected, pointed out Milligan. \u201cIn many cases they not only run a market, they run a parallel dark web forum,\u201d he says, adding that such forums allow them to get feedback on their market, as well as invaluable insight into topics being discussed between vendors, customers, and people that just need a place to discuss activities under the cloak of anonymity.<\/p>\n<p>Armor found that the vendors, based on how they advertise themselves, are often also the threat actor that harvested whatever illicit digital product they are selling.<\/p>\n<p>\u201cThese threat actors are connected in a way that is very similar to how the security community is connected,\u201d Milligan says, adding they participate in forums and discuss everything from the reputation of others in the forum to the new vulnerabilities, exploits, and techniques they are trying to perfect for their next attack.<\/p>\n<p>The vendors also use side channels, such as encrypted chat services, to have detailed discussions about their operations, meaning their communications and connectedness extend beyond the dark web.<\/p>\n<p>It\u2019s a unique subculture and ecosystem with different tiers of participants connected mostly by motivation. \u201cLanguage is still somewhat of a barrier that separates people into groups, but it\u2019s not hard to overcome for those that want to move between groups,\u201d Milligan says.<\/p>\n<p>Using the adage it takes money to make money, the underground ecosystem borrows Wall Street\u2019s speculative nature when a credit-card thief can simply go online, use a Tor service to hide his IP address, then purchase high-end items worth thousands of dollars using the stolen card data. \u201cThe criminal can then turn around and sell those items, making an outstanding profit from their nominal investment of $9 to $75 [for the card data],\u201d Armor\u2019s report explains. Other schemes involve utilizing the services of a well-established money mule with a solid reputation and multiple accounts in various top financial institutions; the mule gets 10 percent of the take.<\/p>\n<p>Essentially, the increasingly sophisticated criminals replicate the legitimate list marketing industry, only the latter\u2019s data presumably wasn\u2019t procured through a hack, notwithstanding privacy policy transgressions (e.g., Cambridge Analytica).<\/p>\n<p>Most stolen data prices follow the principles of supply and demand.<\/p>\n<p>\u201cThe rise and commoditization of underground marketplaces for selling and buying access to compromised corporate machines introduces a new reality for security professionals,\u201d explains Cybereason CISO Israel Barak, \u201cone in which corporate machines, infected with malware can very quickly, sometimes within hours from the initial infection, become launch pads into the organizational network for targeted APT actors, that acquire access to those compromised machines via black market trading.\u201d<\/p>\n<p>For example, xDedic, one of the largest black markets, sells access via a gated, invite-only forum to compromised machines in online gambling, online dating, ecommerce and instant messaging services. \u201cTraditionally, most of the machines offered on those marketplaces were internet-facing servers, compromised by hackers that took advantage of poor server security hardening, exploits or just password guessing, and subsequently offered them for sale,\u201d Barak explains.<\/p>\n<p>Platforms like Tor and Telegram help cybercriminals remain anonymous, and their transactions are often paid with hard-to-trace cryptocurrencies.<\/p>\n<p>\u201cRansomware existed long before the likes of Bitcoin or Monero,\u201d notes Peter Mackenzie, global malware escalations manager at SophosLabs, which this year studied the SamSam ransomware attacks, resulting in the revelation that $6 million had been paid by 240 victims since late 2015 after examining Bitcoin addresses supplied on ransom notes and sample files.<\/p>\n<div class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com\/wp-content\/uploads\/sites\/4\/2019\/01\/petermackenzie-copy.jpg\" alt=\"\" class=\"wp-image-92480\" srcset=\"https:\/\/3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com\/wp-content\/uploads\/sites\/4\/2019\/01\/petermackenzie-copy.jpg 288w, https:\/\/3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com\/wp-content\/uploads\/sites\/4\/2019\/01\/petermackenzie-copy-225x300.jpg 225w, https:\/\/3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com\/wp-content\/uploads\/sites\/4\/2019\/01\/petermackenzie-copy-117x156.jpg 117w, https:\/\/3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com\/wp-content\/uploads\/sites\/4\/2019\/01\/petermackenzie-copy-234x312.jpg 234w\" sizes=\"(max-width: 288px) 100vw, 288px\"\/><br \/><strong>Peter Mackenzie, global malware escalations<br \/>manager at SophosLabs.<\/strong><\/div>\n<p>Some SamSam attacks originated from the aforementioned xDedic marketplace, where criminals advertise stolen credentials and access to networks via hacked RDP (remote desktop protocol) accounts.<\/p>\n<p>Such assaults are getting less successful. SamSam had been taking in an average of $300,000 each month in 2018, but in September only three victims paid ransoms, reports Mackenzie, resulting in the total that month being roughly $115,000, the attackers\u2019 lowest for a long time.<\/p>\n<p>Similarly, some ransom seekers are less talented than others, as Sophos detected many \u201camateur mistakes\u201d ranging from simple typos to coding errors, preventing an attack from working correctly.<\/p>\n<p>\u201cIt paints a picture of people who were new to the world of ransomware when they started,\u201d Mackenzie says.<\/p>\n<p>In an effort to better understand these adversaries, Cybereason recently erected a honeypot that quickly was purchased on a dark web forum.<\/p>\n<p>\u201cThe most surprising thing was the speed and specificity with which our asset was sold,\u201d pointed out Rustici. \u201cThe actor who compromised the network originally flipped [the honeypot] in a very short amount of time and the buyers were specifically looking for a network they could ransom,\u201d he adds.<\/p>\n<p>Most likely the honeypot purchaser surmised it was being set up and decided to scrap its nefarious plot.<\/p>\n<p>Any time law enforcement may have caught the \u201cbad guys\u201d with their pants down this time, it will be that much harder to do in the future, points out Milligan.<\/p>\n<p>\u201cFrom the cybercriminals\u2019 perspective, it was two steps back and one step forward, meaning they had gotten complacent thinking law enforcement wasn\u2019t smart enough to catch them and there would never be enough international cooperation to bring them to justice,\u201d he said, summing up cybersecurity\u2019s whackamole nature in the wake of recent takedowns.<\/p>\n<p>\u201c[The opposition] took a significant hit, but now their eyes are open, and they are adjusting. They might have gotten exposed a bit, but they are now back on the alert and being extra careful, discussing the juiciest details of their activities in private, encrypted chat sessions and perhaps other mechanisms we haven\u2019t even discovered yet.\u201d<\/p>\n<p class=\"print-issue\"><a href=\"https:\/\/www.scmagazine.com\/print-issue\/february-2019\/\">From the February 2019 Issue of SC Media<\/a><\/p>\n<\/div>\n<section class=\"post-tags\">\n<h2>Topics:<\/h2>\n<p><a href=\"https:\/\/www.scmagazine.com\/tag\/cybercrime\/\" class=\"button -secondary\">Cybercrime<\/a> <a href=\"https:\/\/www.scmagazine.com\/tag\/feature\/\" class=\"button -secondary\">Feature<\/a><\/section>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29776\/Bullish-On-Cybercrime.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":24858,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[3012],"class_list":["post-24857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinecybercrimefraud"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Bullish On Cybercrime 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bullish On Cybercrime 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-01T16:21:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/bullish-on-cybercrime.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"288\" \/>\n\t<meta property=\"og:image:height\" content=\"384\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Bullish On Cybercrime\",\"datePublished\":\"2019-02-01T16:21:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/\"},\"wordCount\":1673,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/bullish-on-cybercrime.jpg\",\"keywords\":[\"headline,cybercrime,fraud\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/\",\"name\":\"Bullish On Cybercrime 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/bullish-on-cybercrime.jpg\",\"datePublished\":\"2019-02-01T16:21:54+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/bullish-on-cybercrime.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/bullish-on-cybercrime.jpg\",\"width\":288,\"height\":384},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bullish-on-cybercrime\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,cybercrime,fraud\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinecybercrimefraud\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Bullish On Cybercrime\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bullish On Cybercrime 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/","og_locale":"en_US","og_type":"article","og_title":"Bullish On Cybercrime 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-02-01T16:21:54+00:00","og_image":[{"width":288,"height":384,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/bullish-on-cybercrime.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Bullish On Cybercrime","datePublished":"2019-02-01T16:21:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/"},"wordCount":1673,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/bullish-on-cybercrime.jpg","keywords":["headline,cybercrime,fraud"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/","url":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/","name":"Bullish On Cybercrime 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/bullish-on-cybercrime.jpg","datePublished":"2019-02-01T16:21:54+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/bullish-on-cybercrime.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/bullish-on-cybercrime.jpg","width":288,"height":384},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/bullish-on-cybercrime\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,cybercrime,fraud","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinecybercrimefraud\/"},{"@type":"ListItem","position":3,"name":"Bullish On Cybercrime"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/24857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=24857"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/24857\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/24858"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=24857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=24857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=24857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}