The dark web is a collection of websites only reachable by a specialized web browser. It is basically used for keeping activities on the internet private and anonymous.
The Dark Web can be helpful in both illegal and legal applications. Whereas some users use it to get away from government censorship, it is also famous for being used for high-level illegal activities.
Analysts researched three dominant dark web marketplaces: “Empire Market”, “The Canadian HeadQuarters” and “White House Market,” arranging all data listings into six divisions: payment cards, personal data, financial accounts and credentials, fraud guides, non-financial accounts, and credentials, and fraud templates and tools.
Dark web forums act as big-box retailers
Cybercriminals have completely changed the operational form of this dark web forum over time to intimate the fast growth of big retailers like eBay and Amazon, complete with search competence, seller ratings, and e-commerce.
These marketplaces exceptionally are more presumably to capture higher chances of tempering data to corporations because of the unique combination of cheap financial and personal information including simple “how-to” type data that allows cybercriminals to conduct attacks easily.
According to the discovery in data, fraud guides – listings implicating to sell processes and guides – were the most sold data (49%), personal data (15.6%), non-financial accounts and credentials (12.2%), credentials and financial accounts (8.2%), fraud templates and tools (8%) and lastly payment cards (7%).
Fraud guides adverse consequences mostly overlooked
The dangers to businesses are aggravated by the reality that cybercriminals can get an advantage for their cash. The average expense of only a single fraud guide is a mere $3.88, considering that a couple of guides sold below a single listing cost $12.99.
The adverse effects of fraud guides are frequently neglected by institutions, heading towards higher digital risks to a business, such as credential harvesting, phishing, account takeover, business email compromise, and fraud.
The component within fraud guides allows for the most newcomer cybercriminals to create loss to organizations and individuals equally, and organizations alike, spinning commodity data into financial crime.
Major trends of Dark Web Intelligence
Even though the dark web has been standardized as an underground criminal space, there are valid security matters that authorize effective analysis and monitoring. During the time period of the last 12 months, ZeroFox has noticed the strategies and methods threat actors have opted to complete the remote work environment created by the COVID-19 pandemic.
Boost in Double Extortion Ransomware
In 2020, corrupt ransomware groups progressively embraced new techniques to put an extra burden on their targets. A large number of groups switched to a double extortion model all over the year, encrypting the data for ransom and then threatening to launch it online also. Considering the second half of 2019, ZeroFox has noticed the formation and chased updates to more than two dozen Tor-hosted leak sites raised by ransomware groups to get rid of the data of irregular victims.
Maze, Revil, DoppelPaymer, and Netwalker, showed the way in 2020, boosting up their sites earlier in the year. Successive groups such as Conti, who released in August, and another gang named Egregor, who released in September, and supposedly hired operators from Maze (who formally shut down in November), immediately became leading players in this space likewise.
Apart from data exposure, some gangs tested some other techniques besides their successful allocation of ransomware, for instance, Distributed Denial of Service (DDoS) attacks, humiliating victims via social media advertisements, soliciting victims who deny paying and contacting customers via messages, not only corporate representatives, of aimed companies with fraud threats.
The worth of personal data
The second most widespread data type present on these marketplaces is personal data which reveals organizations to business email compromise, phishing attacks, including account takeovers, allowing criminals to aim singletons more perfectly that portray their victims.
The approximate charges for a single personal record were $8.45, as compared to the low cost of a personal record which was very low i.e. $1.00.
Forum Brokers of Data and Access
The boosts in double extortion ransomware activities demonstrate a wider trend of the rising professionalization of the cybercriminal privately during the last few years. Dangerous threat actors perform to create their influences as trustable great brokers of data and access all over different forums.
A few sellers rigidly pursue established forum principles for representing their products, while some others through complete or partial leaks of crucial information free of cost to gain attention and create a brand. Collectors and buyers then misuse these offers for plenty of follow-up on petty targeting, such as account takeover and credential suffering, ransomware and malware delivery, credential stuffing and account takeover, and other social engineering. ZeroFox carefully monitors the settled operators and blooming stars of these actions as a portion of its dark web monitoring attempts.
The flexibility of Illegitimate Marketplaces
The pandemic of COVID-19 and integrated law enforcement behaviors made new threats for different illicit marketplaces. ZeroFox distinguished a few Tor-based marketplaces that supposedly looted their users’ cash and closed down, the most famous Empire Market i.e. Apollon Market and Icarus Market in 2020. Jurisdiction declared the decision of DisrupTor targeting dark web opioid smuggling in September 2020, which led to the arrests of 179 vendors. In January 2021, a global police operation gained charge of DarkMarket, temporarily the biggest marketplace on the dark web, and took its administrator in custody. This convulsive attack caused the “proof-of-life” post that required proof of ongoing business by other market managers.
The dark web is mainly used by criminals that buy data and use organizations’ important information against them and exploit it.
It is very important for institutions to keep their eyes open and detect completely and acknowledge stolen data prior – when it’s at a very initial and in making stage – in order to lessen the loss and avert it from ever being utilized efficiently as a tool for expensive cybercrime.