Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Dark Web. Show all posts
User Privacy
Cyber Security Dark Web threat report Travel Agencies User Privacy

Trustwave Reveals Dark Web Travel Agencies' Secrets

 

Within the underground economy, dark web travel agencies have become one of the more sophisticated and profitable businesses. 

According to the Wall Street Journal's report on Trustwave's findings, these shady companies use credit card fraud, compromised loyalty program accounts, and fake identification documents to provide drastically reduced airfare, upscale hotel stays, rental cars, and full vacation packages. However, what some may consider to be inexpensive vacation packages are actually the last in a series of cybercrimes.

One of their main advantages is their flexibility; as soon as one channel is closed, another one opens up, often with better strategies and more extensive service offerings. The core of the issue is a robust, decentralised underground economy that views fraudulent travel as just another way to make money, rather than any one platform or provider. 

Credential theft campaigns, automation, and the development of AI tools only increase the accessibility and scalability of these services. Dark web travel firms will persist as long as there is a need for big travel bargains with no questions asked and as long as data breaches continue to generate profits. 

Potential red flags in the system 

For airlines, hotels, car rental services, and booking platforms, the symptoms of fraud perpetrated by dark web travel companies are often subtle at first, but if ignored, these indicators can swiftly develop into financial losses, reputation harm, and increased fraud risk exposure. Recognising early symptoms of carded bookings is critical for any organisation involved in the travel industry. 

One of the most prevalent red flags is a high-value or international booking made under a newly formed account, especially if it's linked with last-minute travel or same-day check-in. These are traditional methods to shorten the time frame for detecting or reversing fraud. 

  • Mismatched information is another crucial indicator. This includes discrepancies between the ID shown at check-in, the credit card name, and the booking name. In situations involving hotels and rental cars, a visitor may act evasively when asked for confirmation, appear unfamiliar with the booking details, or refuse to provide further proof. 
  • Loyalty-based bookings may show high or unexpected point redemptions, particularly from dormant accounts or those accessed from foreign IP addresses. Fraudsters frequently abuse these apps using previously compromised login credentials or phishing efforts. 
  • Finally, be wary of repeat bookings with similar names or patterns that come from different accounts. This could imply organised abuse, in which a dark web agency operates primarily through a specific travel platform or API.

Safety tips 

  • Monitor the Dark Web and Telegram Channels for Brand Abuse: Invest in threat intelligence tools or collaborate with cybersecurity firms that can detect unauthorised mentions of your company on underground forums, marketplaces, and encrypted messaging platforms.
  • Improve loyalty program security: Add MFA, transaction alerts, and geofencing to your loyalty accounts. These programs are commonly targeted since they make it easy to monetise miles and points for bookings. 
  • Review API Access and Third-Party Integrations: Dark web retailers frequently exploit flaws in booking APIs or third-party aggregators. Regularly check these systems for abuse patterns, access controls, and rate-limiting enforcement.
Read more »
Ransomware
AI Cyber Security Dark Web Extortion Internet Ransomware

Investigation Reveals Employee Secretly Helped in Extortion Payments

Investigation Reveals Employee Secretly Helped in Extortion Payments

Employee helped in ransomware operations

Federal agents are investigating allegations that a former employee of a Chicago-based firm, DigitalMint, which specializes in cryptocurrency payments and ransomware negotiations, may have profited by collaborating with hackers in extortion cases. Founded in 2014, DigitalMint operates under the name Red Leaf Chicago and is recognized for securing cryptocurrency payments for companies that face ransomware threats. 

About DigitalMint

DigitalMint has taken over 2,000 ransomware cases since 2017, offering services like direct negotiations with hackers and incident response. The clients range from small firms to Fortune 500 companies. 

DigitalMint President Marc Jason told partner firms that the US Department of Justice (DoJ) is investigating the allegations. The employee (identity unknown) was sacked soon after the scam was found. According to Bloomberg, Grens said, “As soon as we were able, we began communicating the facts to affected stakeholders.” 

About the investigation

DigitalMint is currently working with the DoJ, and it clarified that the company is not the target of investigation. Grens did not provide more details as the investigation is ongoing. The DoJ declined to offer any comments. 

The incident has led a few firms to warn clients against dealing with DigitalMint, concerned about the dangers involved in ransomware deals. Ransomware attacks can compromise systems, leak sensitive information, and encrypt data. The ransom demands sometimes go upto millions of dollars, worldwide, the extortion attacks cost billions of dollars every year.

Is ransomware negotiation worth it?

The controversy has also raised questions about conflicts of interest in the ransomware negotiation industry. According to James Talientoo, chief executive of the cyber intelligence services company AFTRDRK, “A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple.”

Security experts cautioned that paying ransom is a dangerous effort, even when done by expert ransom negotiation firms. A payment helps in furthering the operations of ransomware gangs, and sometimes it can also lead to further attacks.

Read more »
Windows
Dark Web Dire Wolf Ghost LockBit malware Ransomware Windows

Dire Wolf Gang Hits Tech and Manufacturing Sectors, Targets 11 Countries


New Group Dire Wolf Attacks

A new group, known as “Dire Wolf”, launched last month, has targeted 16 organizations worldwide, primarily in the manufacturing and technology sectors. The group deploys a double extortion technique for ransom and uses custom encryptors made for particular targets. Trustwave SpiderLabs experts recently found a ransomware sample from the Dire Wolf group and learned about its operations. 

The targets were from 11 countries, and Thailand and the US reported the highest number of incidents. At the time of this story, the Dire Wolf had scheduled to post leaked data of 5 out of 16 victims on its website due to not paying ransoms. 

"During investigation, we observed that the threat actors initially publish sample data and a list of exfiltrated files, then give the victims around one month to pay before releasing all the stolen data," said Trustwave Spiderlabs. The ransom demand from one of the victims was approximately $500,000,” it added.

A deep dive into the incident

The experts studied a Dire Wolf ransomware sample, which contained UPX- a common technique used by hackers to hide malware and restrict static analysis. 

Upon unpacking, the experts discovered that the binary was in Golang, a language that makes it difficult for antivirus software to find the malware written in it. After execution, the ransomware checks for the encryption and presence of the mutex "Global\direwolfAppMutex" in the system to ensure a single operation runs at a time. If any condition is met, the ransomware removes itself and ends the execution.

If the condition is not met, the ransomware disables event logging and ends specific processes that can stop its completion.  One such function is designed to “continuously disable Windows system logging by terminating the 'eventlog' process … by executing a Powershell command," experts said. It also stops apps and services, and executes a series of Windows commands to stop system recovery options. 

How to stay safe

Dire Wolf reminds us that new threat actors are always emerging, even when infamous gangs such as LockBit and Ghost are disrupted. Organizations are advised to follow robust security measures, securing endpoints to stop initial access and also patch flaws in the systems to avoid exploits.

Read more »
Online Security
Cyber Scammers Cyber Security Dark Web Dark web malware Dark web marketplace Dark Web Monitoring Illegal Sites Malwares Online Security

Why Exploring the Dark Web Can Lead to Legal Trouble, Malware, and Emotional Harm

 

Venturing into the dark web may seem intriguing to some, but even well-intentioned users are exposed to significant risks. While many people associate the dark web with illegal activity, they may not realize that just browsing these hidden spaces can lead to serious consequences, both legal and emotional. Unlike the regulated surface web, the dark web operates with little to no oversight, which makes stumbling across disturbing or illicit content dangerously easy.

A simple click on an unfamiliar link can redirect users to graphic or illegal material. This content is not always clearly labeled, and visitors may not realize what they’re seeing until it’s too late. In several jurisdictions, merely viewing certain types of content—whether or not you meant to—can have legal repercussions. Users may also experience lasting psychological impact after encountering explicit or violent media. Reports of anxiety, stress, and trauma are not uncommon, even among casual users who were simply exploring out of curiosity.  

Malware, spyware, and keyloggers are often disguised as legitimate downloads or hidden in popular tools. Many websites host dangerous files designed to infect your device as soon as they are opened. Even privacy-focused platforms like Tor can’t fully shield users from malicious code or phishing attempts, especially when browsers are misconfigured or when users interact with suspicious content. 

Technical errors—like enabling JavaScript, resizing your browser window, or leaking DNS requests—can also expose your identity, even if you’re using encrypted tools. Cybersecurity professionals warn that mistakes like these are common and can be exploited by attackers or even government agencies. Law enforcement agencies actively monitor known dark web nodes and can use advanced techniques to track user behavior, collect metadata, and build profiles for surveillance. 

Additionally, scammers thrive in the anonymous environment of the dark web. Fake login portals, spoofed forums, and crypto wallet traps are rampant. And if you’re scammed, there’s little you can do—there are no refund options or customer service teams to help you recover lost funds or data. 

The dark web is often underestimated, constant exposure to unsettling content and the need to stay hyper-aware of threats can wear down a person’s sense of safety and trust. In many cases, the psychological damage can linger far longer than the browsing session itself. 

In short, exploring the dark web without a thorough understanding of the dangers can backfire. It’s a space where curiosity offers no protection, and the consequences—ranging from infections and identity loss to legal charges and emotional distress—can affect even the most cautious users.
Read more »
TrickBot
Conti Cyber Crime Dark Web FBI ID Leak Internet Ransomware TrickBot

Mysterious Entity ExposedGang Exposes Cyber Criminals


An anonymous leaker is exposing the identities of the world’s most wanted cybercriminals. 

Recently, a mysterious leaker exposed leaders behind Trickbot and Conti ransomware, hacking groups that are known for some of the biggest extortions in recent times. 

Recently, The Register contacted an anonymous individual known by the alias GangExposed, who is on a personal mission to “fight against an organized society of criminals known worldwide”. GangExposed takes pleasure in thinking he can rid society of at least some of the cybercriminals. "I simply enjoy solving the most complex cases,” he said. 

Stern doxxed

One of the criminals doxxed is Stern, the mastermind of Conti ransomware operations and TrickBot. GangExposed claims Stern is Vitaly Nikolaevich, CySecurity reported about this case recently.

After the doxxing of Stern, GangExposed went after another important criminal, AKA professor, who is a 39-year-old Russian called Vladimir Viktorovich Kvitko. He is living in Dubai. Apart from exposing important individuals, GangExposed also leaked videos, ransom negotiations, and chat logs. 

About GangExposed

The leaker said it was not an “IT guy,” it just observed patterns that other people missed. 

"My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don't even notice," the leaker said. 

"I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than most of my investigations' subjects."

Leaked bought info to expose IDs

To expose the IDs of infamous threat actors, GangExposed used information received via “semi-closed databases, darknet services,” and through purchases. It has “access to the leaked FSB border control database.” GangExposed claims it purchased the database from the dark web for $250,000. 

GangExposed could have gotten at least $10 million in bounty from the FBI if it wanted to, but it has decided not to demand money.  This suggests the leakers may be resentful of former members looking for revenge, while some experts think taking the bounty would make them criminal as well. 

CySecurity had earlier reported on this incident, you can read the full story about the international crackdown on cybercrime gangs here

Read more »
Operation Endgame
Anti Virus Dark Web FBI Internet malware Operation Endgame

Undercover Operation Shuts Down Website Helping Hackers Internationally


Hackers used AVCheck to see malware efficiency

International police action has shut down AVCheck, an anti-virus scanning website used by threat actors to check whether their malware was detected by mainstream antivirus before using it in the attacks. The official domain “avcheck.net” now shows a seizure banner with the logos of the U.S. Secret Service, the U.S. Department of Justice, the FBI, and the Dutch Police (Politie).  

The site was used globally by threat actors

According to the announcement, AVCheck was a famous counter antivirus (CAV) website globally that enabled hackers to check the efficiency of their malware. Politie’s Matthijs Jaspers said, “Taking the AVCheck service offline marks an important step in tackling organized cybercrime." With the collaborative effort, the agencies have disrupted the “cybercriminals as early as possible in their operations and prevent victims." 

The officials also discovered evidence linking AVCheck’s administrators to encrypting services Cryptor.biz  (seized) and Crypt.guru (currently offline). Crypting services allow threat actors to hide their payloads from antivirus, blending them in the ecosystem. Hackers also use a crypting service to hide their malware, check it on AVCheck or other CAV services to see if is detected, and finally launch it against their targets. 

Details about the operation

Before the shutdown of AVCheck, the police made a fake login page warning users of the legal risks when they log in to such sites. The FBI said that “cybercriminals don't just create malware; they perfect it for maximum destruction.” Special Agent Douglas Williams said threat actors leverage antivirus services to “refine their weapons against the world's toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims' systems."

Operation Endgame

The undercover agents exposed the illegal nature of AVCheck and its links to ransomware attacks against the U.S. by purchasing these services as clients. According to the U.S. DoJ, in the “affidavit filed in support of these seizures, authorities made undercover purchases from seized websites and analyzed the services, confirming they were designed for cybercrime.”

The crackdown was part of Operation Endgame, a joint international law enforcement action that captured 300 servers and 650 domains used in assisting ransomware attacks. Earlier, the operation cracked down on the infamous Danabot and Smokeloader malware operations.

Read more »
operation raptor
Cyber Crime Dark Web Drug Trafficking FBI operation raptor

FBI Cracks Down on Dark Web Drug Dealers

 


A major criminal network operating on the dark web has been disrupted in a large international operation led by the FBI. Over 270 individuals have been arrested for their involvement in the online trade of dangerous illegal drugs such as fentanyl, meth, and cocaine. This operation involved law enforcement teams from the United States, Europe, South America, and Asia.


What is the dark web?

The dark web is a hidden part of the internet that isn’t available through standard search engines or browsers. It requires special tools to access and is often used to hide users’ identities. While it can offer privacy to those in danger or under surveillance, it is also known for being a place where criminals carry out illegal activities — from drug dealing to selling stolen data and weapons.


What was Operation RapTor?

The FBI’s mission, called Operation RapTor, focused on stopping the sale of illegal drugs through online black markets. Authorities arrested hundreds of people connected to these sites — not just the sellers, but also the buyers, website managers, and people who handled the money.

One of the most alarming parts of this case was the amount of fentanyl recovered. Authorities seized more than 317 pounds of it. According to FBI estimates, just 2 pounds of fentanyl could potentially kill about 500,000 people. This shows how serious the danger was.


Why this matters

These drug sellers operated from behind screens, often believing they were untouchable because of the privacy the dark web provides. But investigators were able to find out who they were and stop them from doing more harm. According to FBI leaders, these criminals contributed to drug addiction and violence in many communities across the country.

Aaron Pinder, a key official in the FBI’s cybercrime unit, said the agency has improved at identifying people hiding behind dark web marketplaces. Whether someone is managing the site, selling drugs, moving money, or simply buying drugs, the FBI is now better equipped to track them down.


What’s next?

While this operation won’t shut down the dark web completely, it will definitely make a difference. Removing major players from the drug trade can slow down their operations and make it harder for others to take their place — at least for now.

This is a strong reminder that the dark web, no matter how hidden, is not out of reach for law enforcement. And efforts like these could help save many lives by cutting off the supply of deadly drugs.

Read more »
FBI. Cyberespionage
Cyber Security CyberCrime cybercrime awareness Dark Web Dark web marketplace Dark Web Monitoring FBI FBI. Cyberespionage

FBI Busts 270 in Operation RapTor to Disrupt Dark Web Drug Trade

 

Efforts to dismantle the criminal networks operating on the dark web are always welcome, especially when those networks serve as hubs for stolen credentials, ransomware brokers, and cybercrime gangs. However, the dangers extend far beyond digital crime. A substantial portion of the dark web also facilitates the illicit drug trade, involving some of the most lethal substances available, including fentanyl, cocaine, and methamphetamine. In a major international crackdown, the FBI led an operation targeting top-tier drug vendors on the dark web. 

The coordinated effort, known as Operation RapTor, resulted in 270 arrests worldwide, disrupting a network responsible for trafficking deadly narcotics. The operation spanned the U.S., Europe, South America, and Asia, and confiscated over 317 pounds of fentanyl—a quantity with the potential to cause mass fatalities, given that just 2 pounds of fentanyl can be lethal to hundreds of thousands of people. While the dark web does provide a secure communication channel for those living under oppressive regimes or at risk, it also harbors some of the most heinous activities on the internet. 

From illegal arms and drug sales to human trafficking and the distribution of stolen data, this hidden layer of the web has become a haven for high-level criminal enterprises. Despite the anonymity tools used to access it, such as Tor browsers and encryption layers, law enforcement agencies have made significant strides in infiltrating these underground markets. According to FBI Director Kash Patel, many of the individuals arrested believed they were untouchable due to the secrecy of their operations. “These traffickers hid behind technology, fueling both the fentanyl epidemic and associated violence in our communities. But that ends now,” he stated. 

Aaron Pinder, unit chief of the FBI’s Joint Criminal Opioid and Darknet Enforcement team, emphasized the agency’s growing expertise in unmasking those behind darknet marketplaces. Whether an individual’s role was that of a buyer, vendor, administrator, or money launderer, authorities are now better equipped than ever to identify and apprehend them. Although this operation will not completely eliminate the drug trade on the dark web, it marks a significant disruption of its infrastructure. 

Taking down major players and administrators sends a powerful message and temporarily slows down illegal operations—offering at least some relief in the fight against drug-related cybercrime.
Read more »
Subscribe to: Posts (Atom)