The U.S. Justice Department announced the coordinated seizure of 39 internet domains and related servers that formed a Pakistan-based network of online marketplaces selling hacking and fraud-enabling tools operated by an individual known as Saim Raza, also called HeartSender.

According to court filings, this network had operated since at least 2020 and supplied phishing toolkits and other malicious software to transnational organized crime groups. The crime groups used them to target numerous victims in the United States and caused more than $3 million in losses.

The seized websites functioned as marketplaces for tools such as phishing kits, scam web pages, and email extractors. These tools helped cybercriminals build and maintain schemes including business email compromise attacks, in which victim companies were deceived into sending payments to accounts controlled by the perpetrators.

These tools were used to harvest user credentials and conduct additional fraud. They were marketed as fully undetectable by antispam software. Operators also provided training by linking to online instructional videos explaining how to use the tools against victims, lowering the technical barrier for would-be offenders.

The seizures are intended to halt the immediate use of the domains and impede the distribution of the hacking tools they hosted. Seizures will disrupt the broader cybercrime system that relied on those services, while investigations and related enforcement actions against associated actors continue.

Source: https://www.justice.gov/opa/pr/justice-department-announces-seizure-cybercrime-websites-selling-hacking-tools-transnational

Commentary

As the above matter describes, cybercrime has become a service business.

On dark web markets and other underground forums, criminals can now buy or rent ready-made malware, phishing kits, botnets, and access to compromised systems much like they would purchase legitimate software subscriptions.

Malware-as-a-Service, Ransomware-as-a-Service, and broader "crimeware-as-a-service" offerings provide user-friendly dashboards, technical support, and even updates. These services allow relatively unskilled offenders to launch sophisticated attacks for a modest fee.

In the above matter, law enforcement disrupted the HeartSender network, which sold phishing and fraud tools through dozens of domains. The network helped fuel business email compromise schemes causing millions of dollars in losses, but similar marketplaces continue to emerge.

Because these criminal tools are cheap, scalable, and constantly available, organizations of every size face a higher volume of attacks and more rapid weaponization of new vulnerabilities.

Traditional perimeter defenses and occasional awareness campaigns are no longer sufficient when criminals can assemble full attack chains from commercialized malware and pair them with convincing phishing and social-engineering content.

To reduce loss, organizations need to treat cybercrime as a persistent, industrialized threat. Maintain patched and monitored environments; enforce strong access controls and multifactor authentication; and segment critical systems.

Review anomalous activity, and rehearse incident responses so organization operations and data can be recovered quickly when attacks occur.

Limit human error by providing more training not only on malware, but also on phishing and other online crimes.