Cybersecurity researchers at Trellix are countering the glamorization of cybercriminals by publishing "Dark Web Roasts" that use mockery and memes to undermine the perceived status of threat actors.

Key Points

• Trellix VP John Fokker launched the initiative to demystify cybercriminals, arguing they are ordinary individuals rather than invincible, mythical entities.
• The "Dark Web Roast" blog series uses humor and satire to highlight criminal incompetence, such as ransomware gangs inflating stats or hackers undervaluing stolen data.
• Law enforcement agencies, including the UK's National Crime Agency, have adopted similar tactics by trolling groups like LockBit to fracture trust within criminal networks.
• Intelligence gathered during operations like the Rhadamanthys infostealer takedown is used to expose internal corruption, such as administrators stealing from their own criminal partners.
• These efforts aim to disrupt the cybercrime business model by creating paranoia and distrust among affiliates, developers, and initial access brokers.

Why it Matters

By shifting the narrative from fear to ridicule, security firms and law enforcement hope to destabilize the collaborative nature of the cybercriminal underground. This psychological approach aims to break the trust necessary for these groups to function, ultimately making it harder for them to operate effectively.