Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Darknet. Show all posts
Privacy Breach
Boulanger Cyberhackers Cybersecurity Darknet Data Breach Data Leak data threat Privacy Breach

Millions Affected by Suspected Data Leak at Major Electronics Chain

 


Cybersecurity experts and users alike are worried about a recent report that the hacking group ShinyHunters is offering more stolen data on the darknet marketplace in a concerning development. It has been reported that the group is attempting to sell four additional datasets following the sale of three large databases of compromised user information last week. Boulanger Electroménager & Multimédia, a long-established French retailer specialising in household appliances and multimedia products, has attempted to sell four additional databases. 

Since its establishment in 1954, Boulanger has operated a nationwide network of physical stores in addition to delivering goods across the country. As well as offering digital retail channels, the company offers a mobile application that has been downloaded more than one million times from both Google Play store and Apple's App store, demonstrating its broad consumer reach and ability to engage consumers digitally. 

Upon discovering the compromised data related to Boulanger through a forum post located on the open internet, cybersecurity researchers concluded that the breach was a consequence of cybercrime. The platform on which this message board is located is a well-known platform that distributes a wide variety of digital content, such as leaked databases, cracked software, and other illicit materials. 

Since the stolen information is available on such an easily accessible and public site, there are serious concerns that the customer data could be exposed to the public domain and misused if it were to be misused. In this respect, this discovery highlights the challenges that companies face when it comes to data protection, especially in the retail sector, where both online and offline companies operate at a large scale. As a result of the alleged exposure of these platforms, there are serious concerns raised about the privacy of users and the security measures that are in place at these companies. 

The exact nature and extent of the compromised information have not yet been publicly confirmed by all the affected organisations, but early reports suggest that this information could include email addresses, hashed passwords, as well as other personal information. Security researchers and organisations affected by the breaches continue to assess the full scope of the breaches, as the situation continues to unfold. Cyble made its disclosure to keep tabs on cybercrime forums and darknet marketplaces, where stolen data can often be bought and sold. 

A team of security researchers at Safety Detectives has confirmed the presence of sensitive customer information that was stolen from a French electronics retailer in 2024 and is currently available online for free distribution. By analysing some samples of the exposed data, researchers were able to verify its validity and trace its origins to Boulanger Electroménager & Multimédia, a well-established French retailer established in 1954. In addition to offering an extensive selection of household appliances and multimedia products through both physical stores as well as through its online platform, Boulanger also provides a variety of electronic products. 

There is a report that Safety Detectives discovered that leaked information was found in a public forum thread on Clearweb, where a user had posted two download links to the compromised database that contained the leaked information. One link was able to provide access to a 16GB unparsed dataset contained in a 16GB JSON file that was reportedly containing more than 27 million records. Using the second link, one could access a parsed version.SV file of around 500MB in size, which contained a subset of five million records contained in a subset. 

In both datasets, sensitive customer information appears, but the full scope and specific nature of the information exposed have not yet been disclosed, although it is believed they contain sensitive customer information. According to reports, Boulanger was targeted by a coordinated ransomware attack in September 2024 that affected several French retailers, including Truffaut and Cultura, as well as several well-known French brands.  It was the cyber threat actor known as Horrormar44 who claimed responsibility for the breach. 

At the time, the stolen data had been listed for sale on a separate, clear web forum, which is no longer available, for €2,000 as a price. It is unclear whether any transactions have successfully taken place, although there were some indications that potential buyers were interested. In recent times, the compromised data has resurfaced and is now being offered for free on another publicly accessible site. 

A careful analysis of the data revealed that there were just over a million unique customer records within the cleaned version of the dataset with a few instances of duplicate records. This number, which is significantly lower than the five million claimed by the original author of the post, suggests that the original listing may have been either exaggerated or inflated. 

There are still over a million verified customer entries in the system, which is still a significant data exposure incident, and it raises serious concerns about how retailers will handle and protect personal data over the long term. As a result of the fact that a significant amount of verified individual data is currently being circulated openly online, there has been an increasing concern about data security in the retail industry. 

Both the parsed as well as the raw versions of the data are available online, which implies that there was a deliberate intent to make the stolen information accessible to those who may misuse it. There are still investigations going on, and cybersecurity experts are calling upon affected individuals and organizations to take immediate precautions. As far as the hacking group ShinyHunters is concerned, it remains unclear whether they are directly responsible for the initial breaches, but they have been actively brokering the sale of multiple stolen databases. 

The cybersecurity firm ZeroFox has recently published a report that reveals ShinyHunters have been linked to a high-profile data breach that has affected Tokopedia, a major Indonesian e-commerce platform, with the claim that approximately 15 million users' records have been compromised. In addition to this, there has been some press coverage that indicates that this group has allegedly taken over 500 gigabytes of private Microsoft GitHub repositories to steal data. There is still a considerable amount of investigation to be conducted on this alleged breach, but a Microsoft spokesperson confirmed to Information Security Media Group that the company is aware of the claim and will be investigating it immediately. 

A number of large databases have been sold on darknet forums by ShinyHunters, an organization associated with this group. There is a database that costs $2,500, and is reportedly made up of around 8 million user records allegedly sourced from HomeChef, a meal delivery service. The dataset includes information that can be used to identify a user, including phone numbers, zip codes, email addresses, IP addresses, and passwords hashed using the Bcrypt algorithm, among other things. 

Additionally, it contains entries that include the last four digits of the Social Security numbers for users. A sample of this information can be found on a darknet marketplace by searching for the name "First Stage: HomeChef [8M]" One more database that is listed for $2,500 is said to contain 15 million records, allegedly the result of a breach of Chatbooks, which is a platform for creating photo books. Among the items in the dataset are email addresses, social media access tokens, passwords hashed using the SHA-512 algorithm, as well as other personally identifiable information. 

ShinyHunters is also promoting the purchase of a third database allegedly containing 3 million records that were allegedly sourced from an incident at The Chronicle of Higher Education. Despite the fact that ZeroFox does not know what type of data is included in this set, which is priced at $1,500, there has been no mention of sample or specifics.

In light of these ongoing sales, ShinyHunters demonstrates the magnitude and sophistication of data trafficking operations connected to ShinyHunters and reinforces the urgent need for stronger security measures, especially among high-profile organisations and digital platforms. Leaked user data linked to ShinyHunters and similar threat actors is becoming increasingly available and more accessible, which is indicative of the troubling escalation of cybersecurity threats worldwide. 

There are many risks associated with the open sale of sensitive information, even free sharing of sensitive data on both the darknet and clearweb platforms. As a result, the risks to individuals and organisations have increased in recent years. Cyber threats are no longer just a threat to the corporate world; they affect every industry and location equally. The security professionals in the industry suggest that businesses prioritise proactive defence strategies, such as data encryption, continuous security audits, employee training, and protocols for responding to breaches as soon as possible. 

A consumer's vigilance is equally important, as is regularly updating their passwords, activating multi-factor authentication, and monitoring their identities for signs of identity misuse. In an increasingly vulnerable digital environment, this is the most important protection. It is becoming increasingly apparent that investigations will continue into these incidents, underscoring the urgent need for a coordinated, resilient and national approach to data security.
Read more »
TOR
anonymization Browser Cyber Security Darknet Encryption Network Online Privacy Security servers TOR

Exploring the Tor Network: A Comprehensive Look at Online Anonymity and Privacy

 

The Tor network, originally developed in the early 2000s by the U.S. Naval Research Laboratory, has been operated since 2006 by the independent non-profit organization, The Tor Project. The project's primary goal is to offer a free method for anonymizing internet traffic. Approximately 85% of The Tor Project’s funding comes from U.S. government entities, while the remaining 15% is sourced from private donations and NGOs.

Tor, which stands for "The Onion Router," functions by routing a user's connection through three randomly selected servers (nodes), layering encryption like the layers of an onion. The destination site only detects the IP address of the final node, called the exit server, masking the user's original address. The system refreshes the connection route every 10 minutes, though the access node remains stable for two to three months.

Data transferred within the Tor network is encrypted until it reaches the exit server. However, users must still encrypt any sensitive information entered on websites, as data exiting the network can be read if it's not further encrypted. To access Tor, users need a specialized browser—like the Tor browser, based on Mozilla Firefox and configured for secure browsing.

With about 6,500 servers currently active worldwide, individuals, companies, and organizations operate these nodes. Any internet user with a DSL connection can set up a Tor node. However, the network's openness can be a vulnerability; if an exit node operator is not vigilant, unencrypted data can be intercepted. Additionally, sophisticated entities, such as intelligence agencies, could potentially track Tor users by analyzing traffic patterns or compromising nodes.

Despite these risks, Tor remains the most secure method of maintaining anonymity online. Around two million people, particularly those in heavily monitored states, use the Tor network daily. The darknet, a collection of hidden websites, also depends on Tor's anonymization for access.
Read more »
NTA
Cyber Crime cyber threat Darknet Exam Scam India NTA

NTA Faces Exam Security Crisis Amid Darknet Threats

 

The National Testing Agency (NTA) in India is in the midst of a serious crisis, with its staff worried about the safety of any exam due to claims that the NTA's website was hacked. 

Following the cancellation of the UGC-NET due to claimed cyberthreats, an NTA officer has come forward, suggesting further risks to examinations.

According to the local media outlet, a senior NTA official stated that the testing organization's IT and administrative staff are concerned that re-conducting the examinations will be impossible owing to "terrorist organisations" getting into the NTA's security systems via the dark web to expose the chinks this year. 

Earlier this week, the Bihar Police asked for data about six candidates, including their roll numbers. Two of the roll numbers do not exist, and the names of the remaining two candidates do not match. There are other discrepancies, including the timing of the seizures, which took place after the exam, when all of the question papers had already been made public, the official added.

He also stated that simply looking at exam models would not be sufficient, saying that the computer-based ITEP exam had to be cancelled since each file of the examination was 5 GB and had to be downloaded at the allocated centres, and that some applicants received false question papers. 

What's happened so far?

Earlier, the NTA published a statement, claiming that the NTA website and all of its other web portals are completely secure and that accusations of hacking were false and misleading. The clarification comes amid a debate over suspected irregularities in exams such as NEET-UG and UGC-NET.

The investigation into the irregularities in the medical entrance exam NEET-UG has also been handed over to CBI, followed by the assigning of the India Trade Promotion Organisation (ITPO) Chairman and Managing Director Pradeep Singh Kharola as the additional charge of the NTA.

A high-level seven-member team, led by a former ISRO chairman Dr K Radhakrishnan, has been constituted to investigate the functioning and fair conduct of exams by the NTA, and will give its report in two months, the Centre revealed on June 22.
Read more »
malware
Credential Darknet Data Theft Kaspersky malware

Rise In Cybercrime: Dark Web Fueling Credential Attacks

 


In an unsettling situation, cybercriminals are increasingly turning to credential theft as a lucrative business, aided by the rise of infostealer malware attacks. Over the past three years, these threat actors have capitalised on the opportunity, compromising millions of personal and corporate devices globally.

The Rise of Infostealer Malware

According to cybersecurity experts at Kaspersky, infostealer malware attacks have surged sevenfold in recent years, with over 10 million devices compromised in 2022 alone. These sophisticated attacks enable hackers to silently collect login credentials and sensitive data from devices, posing a significant cybersecurity threat.

The Lucrative Market for Stolen Credentials

The value of corporate credentials in the cybercrime market has soared, leading to a 643% increase in data theft attacks. Cybercriminals act as initial access brokers, stealing corporate credentials and selling them on dark web forums for substantial profits. Kaspersky researchers highlight various sales models, with prices starting at $10 per log file.

Emerging Dark Web Hubs

Darknet markets have become key enablers of cybercrime, facilitating the sale of stolen credentials and victim profiles to cybercriminal groups. Following the takedown of Genesis Market, new hubs like Kraken Market and DNM Aggregator have emerged, offering seamless payment options via crypto processors.

Regional Impact

Regions like the Asia-Pacific and Latin America have been particularly affected by credential stealing attacks, with millions of credentials stolen from countries like Brazil, India, Colombia, and Vietnam. In Australia, compromised credentials accounted for the majority of cybersecurity incidents, with compromised or stolen credentials implicated in 56% of all incidents.

The Role of Initial Access Brokers

The number of initial access brokers (IABs) operating worldwide has risen significantly, with the APAC region experiencing a particularly sharp increase. These brokers play a critical role in fueling cybercrime operations, selling access to corporate networks and facilitating activities like ransomware attacks.

Despite the perception of cyberattacks as complex operations, the reality is that many exploit the simplicity of credential vulnerabilities. According to the Cybersecurity and Infrastructure Security Agency (CISA), over half of government and critical infrastructure attacks leverage valid credentials, with stolen credentials implicated in 86% of breaches involving web-based platforms. Credential stuffing, a technique where attackers use stolen usernames and passwords on various websites, has become increasingly popular due to individuals' tendency to reuse login information for convenience. 

With cybercriminals exploiting vulnerabilities in corporate and personal networks, organisations and individuals must remain a step ahead to protect against this pervasive threat.




Read more »
Security Framework
Crypto Exchange Crypto heist Crypto Phishing Cryptocurrencies Cyber Security Darknet Financial Institution Law Enforcement Security Framework

India Strengthens Crypto Crime Vigilance with Dark Net Monitor Deployment

India has made a considerable effort to prevent crypto-related criminal activity by establishing a Dark Net monitor. This most recent development demonstrates the government's dedication to policing the cryptocurrency market and safeguarding individuals from potential risks.

India has made a considerable effort to prevent crypto-related criminal activity by putting in place a Dark Net monitor. This most recent development demonstrates the government's dedication to overseeing the cryptocurrency industry and safeguarding citizens from any potential risks.

Drug trafficking, cyberattacks, and financial crimes using cryptocurrency are just a few of the criminal activities that have long been the center of the Dark Net, a secret area of the internet. Indian officials hope to efficiently identify and stop these illegal activities by implementing a Dark Net monitor.

According to officials, this cutting-edge technology will provide critical insights into the operations of cybercriminals within the crypto space. By monitoring activities on the Dark Net, law enforcement agencies can gain intelligence on potential threats and take proactive measures to safeguard the interests of the public.

Sneha Deshmukh, a cybersecurity expert, commended this move, stating, "The deployment of a Dark Net monitor is a crucial step towards ensuring a secure and regulated crypto environment in India. It demonstrates the government's dedication to staying ahead of emerging threats in the digital landscape."

India's stance on cryptocurrencies has been closely watched by the global community. The government has expressed concerns about the potential misuse of digital currencies for illegal activities, money laundering, and tax evasion. The deployment of a Dark Net monitor aligns with India's broader strategy to strike a balance between innovation and regulation in the crypto space.

A spokesperson for the Ministry of Finance emphasized, "We recognize the transformative potential of blockchain technology and cryptocurrencies. However, it is imperative to establish a robust framework to prevent their misuse. The Dark Net monitor is a crucial tool in achieving this goal."

Experts believe that this move will bolster confidence among investors and industry stakeholders, signaling a proactive approach towards ensuring a secure crypto ecosystem. By leveraging advanced technology, India is poised to set a precedent for other nations grappling with similar challenges in the crypto space.

Initiatives like the deployment of the Dark Net monitor show India's commitment to staying at the forefront of regulatory innovation as the global crypto scene changes. This move is anticipated to be crucial in determining how cryptocurrencies will evolve in the nation and open the door for a more secure and safe digital financial ecosystem.

Read more »
VMware
Cyber Secuirty Cyber Security Darknet Double extortion Linux Ransomware Attacks. Russian Hacker VMware

ESXi , Linux, and Windows Systems at Risk From New Luna Ransomware

Luna is a brand-new ransomware family that was written in Rust, making it the third strain to do so after BlackCat and Hive, according to Kaspersky security researchers

The experts who examined the ransomware's command-line options believe that Luna is a reasonably straightforward ransomware program. 

Luna ransomware

This interesting encryption method combines x25519 with AES. The researchers discovered that the Linux and ESXi samples, which are compiled using the identical source code, differ only slightly from the Windows version.

Darknet forum advertisements for Luna imply that the ransomware is only meant to be used by affiliates who speak Russian. Due to spelling errors in the ransom note that are hard-coded into the malware, its main creators are also thought to be of Russian descent.

The Luna ransomware is also able to avoid automated static code analysis attempts by utilizing a cross-platform language.

"The source code used to compile the Windows version and the Linux and ESXi samples are identical. The remaining code is almost unchanged from the Windows version" the researchers added. Luna "confirms the trend for cross-platform ransomware," the researchers wrote, pointing out how hackers are able to target and strike at scale while avoiding static analysis, thanks to the platform flexibility of languages like Golang and Rust.

Nevertheless, considering that Luna is a recently identified criminal organization and its activities are still being constantly monitored, there is very little knowledge available regarding the victimology trends.

Black Basta

Researchers have also revealed information about the Black Basta ransomware group, which modified its software to target ESXi systems. By adding compatibility for VMware ESXi, various ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil, hope to increase their potential targets.

The double-extortion attack model is used by Black Basta, a ransomware operation that has been operational since April 2022.

Researchers from Kaspersky said that operators had introduced a new feature that relies on launching the computer in safe mode before encrypting data and imitating Windows Services in order to maintain persistence.

Black Basta can avoid detection from a variety of endpoint security solutions by starting Windows in safe mode.




Read more »
Versus
Criminal Darknet Cyber Security Darknet IP Address Server Versus

Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak

 

The Versus Market, one of the most prominent English-speaking criminal darknet marketplaces, is shutting down after a severe vulnerability was discovered that might have given access to its database and disclosed the IP addresses of its servers. 

Dark web markets must keep their physical assets secret when performing illicit operations online; otherwise, their operators risk being identified and arrested. The same is true for users and vendors who must stay anonymous while utilising these unlawful sites. Anything that undermines their faith in the platform to secure their information makes it exceedingly dangerous. Apparently, after discovering these flaws, the Versus operators opted to pull the plug themselves, considering it too unsafe to continue. Versus debuted three years ago and quickly gained traction in the hacking world, offering drugs, coin mixing, hacking services, stolen payment cards, and exfiltrated databases. 

Versus went offline to undertake a security assessment, as the website claims it has done twice previously, in response to concerns of serious problems or possibly real hacking. Users were concerned that the Versus was executing an exit scam, that the FBI had taken over the site and other common assumptions that follow these sudden moves. However, the platform's operators soon reappeared, announcing the closure of the marketplace. 

The following PGP-signed message was uploaded by a Versus staff member who is one of the major operators: "There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability. After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+-month-old copy of the database as well as a potential IP leak of a single server we used for less than 30 days. We take any and every vulnerability extremely seriously but we do think that it's important to contend with a number of the claims that were made about us."

"Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption) Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years." 

The letter concludes with a note to platform providers, pledging to post a link allowing them to make transactions without time constraints, permitting the return of escrow amounts. 

Versus was revealed for IP breaches in March 2020, and then in July 2020, a large Bitcoin theft from user wallets occurred. In all situations, the platform accepted responsibility for the errors and was extremely open about what occurred. Versus was able to grow and become a significant marketplace in terms of user numbers and transaction volumes as a result of this. 

However, the operators most likely recognised that the risk of exposure was too considerable to continue. It remains to be known if or not personnel of law enforcement has already exploited the current vulnerability in the next weeks/months.
Read more »
Profiles for sale
Bank Data Darknet Data Breach Data Leakage DLBI Location data location tracking Personal Data Personal Data Breach Profiles for sale

The DLBI Expert Called the Cost of Information about the Location of any Person

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that the exact location of any Russian on the black market can be found for about 130 dollars. 

According to him, this service in the illegal market is called a one-time determination of the subscriber's location. Identification of all phones of the client linked to the card/account using passport data costs from 15 thousand rubles ($200). 

"The details of the subscriber's calls and SMS for a month cost from 5 thousand ($66) to 30 thousand rubles ($400), depending on the operator. Receiving subscriber data by his mobile phone number cost from 1 thousand rubles ($13)", he added. 

Mr. Oganesyan said that fixing movement on planes, trains, buses, ferries, costs from 1.5 thousand ($20) to 3 thousand rubles ($40) per record. Data on all issued domestic and foreign passports will cost from 900 ($12) to 1.5 thousand rubles ($20) per request. Information about crossing the Russian border anywhere and on any transport costs from 3 thousand rubles ($40) per request, Ashot Oganesyan clarified, relying on the latest data on leaks. 

According to him, both law enforcement agencies and security services of companies are struggling with leaks, but only banks have managed to achieve some success. The staff of mobile network operators, selling data of calls and SMS of subscribers, are almost weekly convicted, however, the number of those wishing to earn money is not decreasing. 

The expert noted that under the pressure of the Central Bank of Russia and the constant public scandals, banks began to implement DLP systems not on paper, but in practice, and now it has become almost impossible to download a large amount of data unnoticed. As a result, today it is extremely rare to find a database with information about clients of private banks for sale. 

However, another problem of leakage from the marketing systems of financial organizations has emerged. The outsourcing of the customer acquisition process and the growth of marketplaces have led to information being stored and processed with a minimal level of protection and, naturally, leaking and getting into sales.
Read more »
United States
Bitcoin Bitfinex Crypto Currency Cyber Crime Dark Web Darknet FBI United States

Russian Man and his Wife Arrested in U.S. for Stealing Record $4.5 billion in Bitcoins

Russian citizen Ilya Lichtenstein and his wife Heather Morgan were arrested in the United States on Tuesday. The U.S. Justice Department in a statement called them the largest Internet fraudsters in history. 

The spouses are suspected of hacking the Hong Kong cryptocurrency exchange Bitfinex in 2016 and withdrawing 120,000 bitcoins from its accounts, which is $4.5 billion at current prices. Intelligence agencies managed to confiscate $3.6 billion worth of bitcoins stored in the Russian's e-wallets. 

On Tuesday night, after the arraignment in the Court of the Southern District of New York, Magistrate Judge Debra Freeman decided to release the suspects on bail of $8 million for two. However, the spouses were unable to leave federal prison as the judge's decision was put on hold by Washington. 

According to the prosecution, the couple should remain in custody because "they are sophisticated cybercriminals and money launderers, and there is a serious risk of their escape." Prosecutors admit that the couple may have passports in other names. 

In particular, agents found a file named Passport_ideas on Liechtenstein's computer. And a plastic container with disposable phones was found under the bed in the apartment of the defendants. Under American law, Ilya Lichtenstein and Heather Morgan face up to 25 years in prison. 

A few years ago, 34-year-old Ilya Lichtenstein unsuccessfully tried to create a technology startup and become an investor. He came to the United States from Russia at the age of six, when his family was granted asylum for religious reasons. 

His wife, Heather Morgan, called herself an economist, a journalist, and a "Crocodile of Wall Street", was a freelance writer for Forbes magazine and even performed as a rapper under the name Razzltkhan. According to the New York Times, giant billboards with her image decorated Times Square. 

According to the investigation conducted by the FBI and the US Internal Revenue Service, Lichtenstein and Morgan hacked the Bitfinex protection system and made about 2 thousand illegal transactions, transferring funds from the accounts of the exchange's clients to their electronic wallet. 

In subsequent years, the suspects managed to launder about 25 thousand bitcoins through third-party exchanges and online services on the darknet. A new hearing on Lichtenstein and his wife's bail application will be held in Washington on February 11.
Read more »
Russian Hackers
Cyber Attacks Darknet Group-IB Ransomware REvil REvil Hacker group Russian Hackers

The Reaction of Russian Hackers to the Arrests of REvil Became Known


Russian hackers have made their own security issues a priority after the arrests of other cybercriminals, including from the REvil group. Dmitry Volkov, CEO, and founder of Group-IB spoke about this reaction of the darknet to the events taking place. "Security and anonymity have become priorities after the precedents with the shutdown of REvil servers, the arrests of members of the group, as well as the detention in Russia of criminals who helped to cash out the incomes of cybercriminals. Another catalyst for this was the release of the fight against ransomware to the state level,” Mr. Volkov said. 

At the same time, partner programs that distribute ransomware on the dark web have become more closed. Now only those who are personally acquainted with its organizer can take part in such a project. According to Group-IB analysts, all this is happening against the background of the consolidation of the darknet around ransomware and the groups involved in it. 

"The entire criminal underground unites around ransomware. Everyone found a job: both those who sell access to hacked companies, those who attack them, and those who negotiate for ransom or post stolen data on the darknet. New groups will constantly appear in this market, reassembled from previous associations," Mr. Volkov is sure. 

According to Group-IB, the main list of victims at the country level, as well as the industry preferences of hackers remained unchanged. Globally, almost half of ransomware attacks are in the US (49.2 percent in 2021). Canada (5.6 percent) and France (5.2 percent) followed closely behind. Manufacturing enterprises are most often attacked (9.6 percent of attacks), the real estate sector (9.5 percent), and the transport industry (8.2 percent). 

"This became apparent after the ransomware attack on a hospital in Germany, which killed a person, and also after the attack on the Colonial Pipeline, which attracted the attention of US authorities. At the same time, individual groups, of course, can violate these unspoken prohibitions,” Mr. Volkov concluded.
Read more »
smartwatch
Bluetooth Cyber Crime Darknet Data Theft ESET Personal Data Russia Smart Devices smartwatch

ESET: Criminals will be Able to Steal Personal Data Using Smartwatches

 

ESET analysts reported that cybercriminals can use smartwatches to steal personal data and warned Russians about the main dangers associated with this gadget. 

"According to our estimates, the market for smartwatches and fitness trackers will grow by 12.5 percent annually and will exceed $118 billion by 2028. Such indicators cannot but attract scammers. Therefore, it is worth understanding in advance the security and privacy risks associated with this," the ESET study says. 

The threat of data interception is due to the fact that many smartwatches and fitness trackers are synchronized with the owners' smartphones, including some applications such as e-mail or messengers. Thus, attackers can hijack both devices, which threatens, in particular, the loss of passwords. ESET further warns that the stolen personal data can then be sold on the darknet. 

Another serious risk for a cybercriminal's victim is tracking the GeoPosition of the device. Such data allows hackers to draw up a detailed diagram of the user's movements in order to attack his home or car. "The safety of children's smartwatches, which can be monitored by outsiders, is even more worrying," ESET states. Speaking about the specific vulnerabilities of smart fitness trackers, cyber specialists pay attention to Bluetooth technology, in which "numerous vulnerabilities have been discovered over the years," weak software of gadgets and paired smartphone applications that may contain coding errors. 

According to ESET analysts, risks can be reduced via the use of two-factor authentication, the use of a strong password to lock the screen, as well as a ban on external connections to smartwatches will also prevent threat. 


Data can be leaked both via the Internet and via Bluetooth a critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gaining full control over the device's system, as well as carrying out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data.
Read more »
Ukraine
Bitcoin Crypto Currency Darknet Technology Tether Ukraine

Eastern Europe is a Hotspot for Illegal Cryptocurrency Trading

 

According to a new study, Eastern Europe is a hub for illicit cryptocurrency operations. According to Chainalysis data published on Wednesday, Eastern European cryptocurrency addresses contributed $815 million to investment ponzi scams that attract customers with false promises of large returns between June 2020 and July 2021. Ukraine, in particular, provided a large amount of traffic to fraud websites in the region, outnumbering the United States by about 20 million visits.

Eastern Europe is the region that sends the most cryptocurrency to darknet markets. This is attributable in great part to activities at Hydra Market. Hydra is the largest darknet market in the world, although it mainly serves Russian-speaking users in Eastern Europe. 

Finiko, a scam, received half of the money sent to the region. Finiko was a Ponzi scheme established in Russia that collapsed in July 2021, shortly after participants reported being unable to withdraw payments from their accounts. Finiko encouraged customers to invest with Bitcoin or Tether, promising monthly profits of up to 30%, and then established its own cryptocurrency that was sold on various platforms. 

Finiko was led by Kirill Doronin, a popular Instagram influencer who has been linked to numerous Ponzi scams, according to the Moscow Times. Finiko received approximately $1.5 billion in Bitcoin in over 800,000 distinct donations between December 2019 and August 2021.

While Eastern Europe is primarily thought of as a recipient of illicit cryptocurrency funds, the research points out that due to the region's economic instability, it is also home to an increasing number of victims. Scam payments outperformed all kinds of crime in Eastern Europe, as well as every other region analyzed by Chainalysis, despite the constant rise in ransomware assaults. 

Eastern Europe came in second place in terms of ransomware funds received, at $46 million. However, due to overlap in services, some of the $51 million in activity attributed to Western Europe could be credited to Eastern Europe, according to researchers. 

Cryptocurrency scams have also grown in popularity in the United States, which came in third in terms of scam payments after Eastern and Western Europe. Despite this, the firm discovered that fraudsters have amassed tens of millions of dollars in cryptocurrency ransomware payments.
Read more »
Database Leaked
Dark Web Darknet Data Breach Database Leaked

The average price of access to a hacked company in the darknet reached $5,400

Specialists of the Israeli company Kela analyzed more than 1 thousand ads for the sale of initial access to the internal computer networks of hacked organizations published on the darknet from July 2020 to June 2021. The average lot price is about $5.4 thousand.

Kela noted that pricing depends on the revenue of the hacked company: this indicator also determines the nominal value of the ransom that hackers can request. Therefore, access to small firms costs $100-200, and the most expensive lots are thousands of times more.

The highest price tag that the experts met was equal to 12 bitcoins (about $540 thousand at the exchange rate on August 18). That's how much the brokers asked for access to an unnamed Australian company with an annual income of $500 million. The second most expensive access cost 5 bitcoins (about $225 thousand). For this amount, an account was sold in the ConnectWise Control remote desktop access system from the network of one of the American IT companies. Another lot from the top three most expensive accesses was a lot for $100,000, which promised access to the network of some Mexican government agency.

Kela's specialists have compiled a rating of countries, access to companies from which are most often sold on the darknet. The United States led the top by a large margin: 27.9% of ads concern American organizations. France is on the second line with an indicator of 6.1%. Next are the United Kingdom and Australia with shares of 4% each. Canada closed the top five with a result of 3.8%. Then there are Italy (3.5%), Brazil (3.2%), Spain and Germany (2.3% each), the United Arab Emirates (2%).

The researchers noted that Russia and the CIS countries could not enter the top 10, since working with local companies on Russian-language hacker forums is not customary.


Read more »
Technology
Bitcoin Crypto Currency Darknet Digital Money Money Laundering Technology

Cyber Criminals Using a New Darknet Tool to Escape Detection

 

There has been an ongoing war between criminals and authorities in cyberspace for years. Although cryptocurrencies are anonymous in nature, new techniques for tracking funds around the cryptocurrency blockchain have led to the arrest of dozens of cyber-criminals in the previous two years. 

But recently a new website has surfaced on the darknet that allows criminals to assess how "clean" their digital currencies are. 

Dr. Tom Robinson, chief scientist and founder at analysis provider Elliptic, who discovered the website explained, "We're seeing criminals start to fight back against blockchain analytics and this service is a first." 

"It's called Antinalysis and criminals are now able to check their own Bitcoin wallets and see whether any association with criminal activity could be flagged by authorities." 

According to Elliptic, the finding demonstrates how complex cybercrime networks are becoming and how concerned criminals are about being detected. 

"It's a very valuable technique. If your funds are tainted, you can then do more laundering and try to remove that association with a criminal activity until you have clean coins," he said. 

According to Dr. Robinson, this new trend is concerning that could make their work and law enforcement difficult. However, as per the researchers who examined it, the service isn't functioning very well right now. 

"It actually wasn't very good at identifying links to criminal sites. However, it will inevitably improve over time. So I think this is going to be a significant capability for criminals and money launderers in the future." 

Authorities all across the world, including China, the United Arab Emirates, and the United Kingdom, are attempting to address the rising problem of money laundering using cryptocurrencies. Cryptocurrency monitoring has resulted in several high-profile arrests, such as US teenager Graham Ivan Clark, who is presently in prison for plotting one of the largest-ever social media hacks. 

Last year, on July 15, Clark hacked into the accounts of dozens of celebrities, including Kim Kardashian, Elon Musk, Bill Gates, and Joe Biden, on Twitter.

"Everyone is asking me to give back," Mr. Gates stated in a tweet purportedly sent from his account. "You send $1,000, and I send you $2,000 back." After that, Clark and his hacking team tweeted an ad for a cryptocurrency fraud, which resulted in hundreds of transfers from people wanting to profit from the fraudulent giveaway. 

Clark gained more than $100,000 (£72,000) in only a few hours and began the process of transferring the money around to cover his tracks. He is now 18 years old, pleaded guilty, and is currently serving a three-year sentence in a Florida jail. 

The growing usage of so-called privacy coins is another trend that authorities are concerned about. Cryptocurrencies like Monero, for example, provide more secrecy than popular coins like Bitcoin. 

Hackers are now urging victims to pay with these currencies in return for a discount in some extortion incidents. This is a trend that is yet to completely take off, and Kim Grauer, director of research at bitcoin monitoring firm Chainalysis, believes that this technique offers disadvantages for criminals. 

"Privacy coins haven't been adopted to the extent that one may expect. The primary reason is they aren't as liquid as Bitcoin and other cryptocurrencies. Cryptocurrency is only useful if you can buy and sell goods and services or cash out into mainstream money, and that is much more difficult with privacy coins."
Read more »
Vulnerabilities and Exploits
Darknet Flashpoint Jokers Stash Kela Vulnerabilities and Exploits

Darknet Markets are Scrambling to Attract Joker’s Stash Clients

 

The administrator behind Joker's Stash professes to have formally closed down the operation on 15th February. Meanwhile, criminal gangs offering stolen payment cards for sale have stepped up their promotional efforts. Among the darknet marketplaces vying to get previous Joker's Stash clients are Brian's Club, Vclub, Yale Lodge, and UniCC, Kela says. Joker's Stash clients were likely already searching for a new marketplace, says the threat research firm Digital Shadows, because of the site's declining customer service and having its service hindered by law enforcement officials in December 2020. 

Brian's Club has gone the additional mile with its marketing efforts, Kela says. For instance, it has supplanted Joker's Stash as the official sponsor of the popular underground forum Omerta, which focuses on payment card trading. "With the heavy marketing and advertising that Brian's Club has been investing in, it seems that the long-time attempts of marketing to credit card traders may be finally paying off now that Joker's Stash is out of the picture," says Victoria Kivilevich, a threat intelligence analyst with Kela.

Kela and Flashpoint additionally say that Yale Lodge could arise as a dominant market for stolen card information since it operates both Tor and clear web card shop and has a self-facilitated checking service. This service permits the buyer to verify whether the card data being purchased is substantial. Kivilevich brings up, however, that Yale Lodge charges a $150 registration fee and a minimum deposit of $200, which is 10 times higher than what Joker's Stash required.

Flashpoint says the operators of the Ferum market likewise have a wealth of experience and give simple access, yet the site has less card information available for sale than others. Then, Trump's Dumps, which is a newer operation, has expanded its publicizing, Flashpoint reports. It offers an assortment of services, including a self-facilitated checking service. Kivilevich says she has spotted Vclub members attempting to enlist Joker's Stash clients on darknet forums. Be that as it may, Kela's research has discovered numerous complaints about the quality of cards accessible on Vclub. 

“Cybercriminals buy cards and dump not only in specialized shops but also on forums, via instant messaging channels, and behind closed doors in private deals," Kivilevich says.
Read more »
Hackney Council
Darknet Data Breach data security Data Stolen Hackney Council

Cyber Criminals Leak Hackney Council Files on the Darknet Website

 

Cybercriminal group recognized as Pysa/Mespinoza has leaked the sensitive information stolen from the Hackney Council on the Darknet website. The group of attackers claimed that the stolen documents are from Hackney Council in a ransomware attack last year. The council in East London stated that they are collaborating with the Ministry of Housing and the UK’s National Cyber Security Centre (NCSC) to scrutinize and perceive the impact of the incident.

The stolen data published on the ‘dark web contains the personal information of council staff and residents; the files include critical information regarding the PhotoID, staff data, passports dump’. Cybercriminal group is utilizing the stolen data as their leverage to extort payment from the Hackney Council.

Cybersecurity expert, Brett Callow stated that “It’s an increasingly common place for ransomware groups to steal data and use the threat of its release as additional leverage to extort payment. Organizations in this position are without good option. Whether they pay or not, they’ve had a data breach and the criminals have their information. The most they can hope for is a pinky-promise that it will be destroyed”.

In this regard, the National Cyber Security Centre (NCSC) guidelines announced that there is no assurance that organizations, companies, or councils will get access to their stolen data even if the ransom demand from extorters is fulfilled. Hence law enforcement ‘does not encourage, endorse, nor condone the payment of ransom demands’.

Hackney council spokesperson asserted that in their initial investigation there are no indications that the majority of the critical and personal information of our residents have been published or affected. There are also not any signs of this critical information visible via search engines on the Internet.

He further asserted that necessary precautionary measures have been taken and they are closely monitoring the whole incident. They have collaborated with the local authorities including the Information Commissioner’s Office, Metropolitan Police, and National Crime Agency to investigate the whole incident.
Read more »
Spam
Dark Web Darknet Phishing and Spam Russian Hackers Spam

Russian hackers selling program in darknet that bypasses spam protection

The Russian-language Darknet site sells a program that allows you to distribute spam messages bypassing traffic and email protection tools. The program uses a function in the IMAP protocol

A new tool for spammers is actively being sold on the Darknet, which allows you to bypass the standard protection of e-mail accounts. By exploiting a feature in the Internet Message Access Protocol (IMAP), attackers upload the messages they need directly into the mailboxes of victims.

To trigger the attack, it is necessary that the attackers already have access to the victim's account. The Email Appender malware has been actively promoted on Russian-language hacker forums since the fall of 2020.

The author offers to use the program through a subscription — $50 for one day, $300 for a week or $1000 per month. This is very expensive, but judging by the latest campaigns, the demand for this service is very high.

Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the United States have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change usernames and passwords.

Databases of usernames and passwords to mail are actively sold out on hacker forums. According to Gemini Advisory, an attacker can upload such a database to Email Appender, after which the program will try to connect to accounts that match pairs of usernames and passwords via IMAP. Next, it remains to use the IMAP function, which allows hackers to upload ready-made mail messages to the mailbox.

"There are a number of ways to block such spam campaigns, but the main one is to regularly change passwords and not use the same combination (or similar to it) more than once," said Alexey Vodiasov, technical Director of the company SEC Consult Services.

In addition, according to Vodiasov, two-factor authorization is effective, so that even a compromised account cannot be connected without attracting the attention of its rightful owner.

The expert added that it is also possible to enable notifications of cases of logging into an account from unusual IP addresses. Mail systems are quite capable of doing this.

Read more »
Virtual Currency
Cybersecurity Dark Web Darknet Darkweb hackers FBI Virtual Currency

179 Dark Net Vendors Arrested in a Massive International Sting; 500 kg Drugs Seized


Global police agencies have confiscated over $6.5m both in cash and virtual currencies, 64 firearms, and 1,100 pounds of drugs - arresting 179 vendors across 6 countries including the U.S and Europe in one of the biggest raid on dark web marketplaces. The international sting operation saw considerable co-operation from Law enforcement agencies all over the world including the US, UK, Germany, Europe, Canada, Europe, Sweden, Austria, and the Netherlands.

The 500kg of drugs recovered by investigators during the operation included fentanyl, methamphetamine, oxycodone, ecstasy, cocaine, hydrocodone, MDMA, and several other medicines containing addictive substances, as per the findings.

The authorities dubbed the global sting operation as 'DisrupTor' and while announcing it, they claimed in a press release that the "golden age of the dark web marketplace is over." The roots of the operation go back to May 3, 2019; the day German authorities seized the dark web drug market, "Wallstreet market" and arrested its operators.

"Operations such as these highlight the capability of law enforcement to counter encryption and anonymity of dark web market places. Police no longer only take down such illegal marketplaces – they also chase down the criminals buying and selling illegal goods through such sites." The press release further read.

According to the Justice Department, it was the largest international law enforcement operation that targeted opioid traffickers on the dark web. The investigation witnessed an extensive range of investigators ranging from the FBI, ICE, DEA, Customs and Border Protection (CBP), to the Defense Department.

Commenting on the success of the operation, the head of Europol’s European Cybercrime Centre (EC3), Edvardas Å ileris said, “Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”

“With the spike in opioid-related overdose deaths during the Covid-19 pandemic, we recognize that today’s announcement is important and timely,” said Christopher Wray, FBI director. “The FBI wants to assure the American public, and the world, that we are committed to identifying dark net drug dealers and bringing them to justice.” He further added.
Read more »
Russian Cyber Security
Bank Cyber Security Dark Web Darknet Data Breach Russian Cyber Security

The data of clients of the Russian bank Alfa-Bank leaked to the Network


On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest Russian banks. The seller did not specify how many records he has on hand but assured that he is ready to upload 5 thousand lines of information per week.

One of the Russian Newspapers had a screenshot of a test fragment of the Alfa-Bank database, which contains 64 lines. Each of them has the full name, city of residence, mobile phone number of the citizen, as well as the account balance and document renewal date.

A newspaper managed to reach up to six clients using these numbers. Two of them confirmed that they have an account with Alfa-Bank and confirmed the relevance of the balance.

Alfa-Bank confirmed that they know about the data leak of several dozen clients.
The seller of Alfa-Bank's database said that he also has confidential information of clients of other credit organizations.

"I can sell a database of VTB clients with a balance of 500 thousand rubles or more with an update from July 17 for 100 rubles per entry," claimed the seller. However, the Russian newspaper was not able to get test fragments of these databases.

The newspaper also contacted two other sellers who offered information about users of Gazprombank, VTB, Pochta Bank, Promsvyazbank, and Home Credit Bank.
Information about the account balance is classified as a Bank secret. Knowing such confidential details makes it easier for attackers to steal money using social engineering techniques.

"There are two ways to get bases on the black market. One of them is the leak of data by an insider from a Bank or company. The second option is through remote banking vulnerabilities," said Ashot Hovhannisyan, founder of the DLBI leak intelligence service.
According to him, the reason for the ongoing leaks is inefficient investments in security. Companies often protect their systems from hacking from outside, but not from insiders.

Read more »
WhatsApp
CyberCrime Dark Web Darknet Telegram WhatsApp

IM Platforms Increasingly Used by Threat Actors in Place of Dark Web Marketplaces


Researchers at IntSight have discovered that IM platforms such as WhatsApp, Telegram, Discord, IRC, and Jabber are being used by cybercriminals for advertising and putting their goods and services on sale. One of the major reason as to why cybercriminals are switching to these IM platforms from the conventional ones is 'law enforcement practices'; law enforcement operations have been targeting online darknet markets one after another. Earlier in 2017, the world's largest dark web market, AlphaBay was taken offline, sending darknet users into chaos. Immediately after, the cyberspace witnesses the shut down of Hansa, another major darknet market. As more and more major dark web markets went offline due to the law enforcement penetrations, cybercriminals are wisely migrating to new platforms.

Although threat actors are loving IM platforms, the regular cybercrime sources such as dark web markets, credit card shops, and forums are still witnessing their web usual traffic. These platforms have more advantages such as chatbots, fewer rules, and automated replies due to their core nature, unlike IM platforms that are majorly meant for communication.

While giving insights, Etay Maor, IntSights CSO, said, "Telegram appears to be experiencing the most growth, with more than 56,800 Telegram invite links shared across cybercrime forums and over 223,000 general mentions of the application across forums. Telegram is also the platform most often discussed in foreign language forums."

"Financial threat actors and fraudsters exchange stolen carding information, selling or trading all kinds of credit card dumps, and publishing methods or techniques relevant for the fraud community. In addition, there is also a trade of physical items stolen or counterfeited from organizations in the retail industry.” He added.

“While the data itself is fully encrypted and law enforcement needs sophisticated algorithms in order to decrypt it, some countries have authorized law enforcement agencies to access the private information of their citizens if sanctioned by courts or other judicial authorities – including information that lives in IM platforms. Threat actors are worried about the cooperation between technology companies and law enforcement agencies, especially in the United States.” Maor further explained.
Read more »
Subscribe to: Posts (Atom)