Tag Archive for: Darknet

Ransomware and Darknet Markets Top List For Most Prominent Crypto Crimes

/in


Rachel Wolfson

Last updated:

| 5 min read

Hacker with computer and golden coins on dark background. Cybercrime concept, hacker without a face is trying to steal cryptocurrency using a computer, AI Generated

A new report from blockchain analysis firm Chainalysis found that crypto related crimes decreased in 2023. While notable, findings also show that ransomware and darknet market activity involving cryptocurrency increased considerably.

Eric Jardine, cybercrime research lead for Chainalysis, told Cryptonews that both ransomware wallets and darknet market wallets saw more inflows during 2023 than 2022 measured in terms of dollars. Jardine further explained that these two categories of illicit activity involve different underlying patterns of behavior. He said:

“In the case of ransomware, for example, increased inflows mean that individuals, companies, critical infrastructure providers, and governments are paying more or larger ransoms after being the victim of a cyberattack by a malicious actor in 2023 than they did in 2022.  In the case of darknet markets, inflows often represent various forms of illegal activity, most notably the purchase of illicit drugs such as fentanyl, heroin, or cocaine.”

Why ransomware and darknet market activities are increasing


Unfortunately, Jardine believes that 2023 marked the recovery of the illicit darknet ecosystem. He mentioned that the closure of Hydra Marketplace in 2022 – one of the largest darknet marketplaces – reduced the aggregate inflows to darknet markets that year. However, this also resulted in an influx in darknet market activity during 2023.

Source: Chainalysis

A

Source…

Going into the Darknet: How Cynet Lighthouse Services Keep Cybersecurity Teams One Step Ahead of Hackers

/in


By monitoring the darknet, as well as underground forums, Cynet is able to identify and prepare for the latest cybersecurity threats before they reach deafening levels.

By Eyal Gruner, Co-Founder and CEO of Cynet

Data breaches are far from new, but the scale of attacks and sophistication of the attackers has reached all new levels in recent years. Since the pandemic, with the rise in remote work environments and work from home setups, compromised credentials became the most common initial access vector for data breaches in 2022 according to IBM – leading to rampant cybersecurity attacks. Because of the anonymity it offers, the darknet is fertile ground for bad actors looking to buy, sell, and trade large datasets of credential that can be used to access compromised accounts and systems left unchecked.

The alarming rise in compromised credentials led Cynet to launch its Lighthouse Service which monitors underground forums, private groups, and malicious servers for evidence of compromised credentials within the environment – taking its MDR team (CyOps) into the darknet and underground forums to search for potential cybersecurity threats before they become full-on attacks. Unlike traditional darknet monitoring services, Cynet focuses primarily on credential theft monitoring because of the swift rise in leaked credentials.

A Primer on the Darknet and Underground Forums  

Unlike the internet we all use to work, shop, and connect online, users must download a special Tor browser or browser add-ons to navigate the darknet. Because there is no link between a user and the user’s IP, the darknet requires specific access (software, configurations, authorization) – thus making it a prime location for illegal activity. Industry analysts estimate that the darknet accounts for 4% to 6% of internet content, with as many as three million users per day.

But the darknet is not the only gathering spot for cybercriminals. The internet we use on a daily basis (Clearnet) also houses underground forums that fuel and empower threat actors. The now seized “RaidForums” and its predecessor, “Breached,” are two popular sites that can be accessed via common web browsers. While the two are…

Source…

Hackers offer Novartis stolen data on darknet market place

/in


The transition to digital has created new cybersecurity concerns for pharmaceutical companies. © Keystone / Georgios Kefalas

Swiss pharmaceutical giant Novartis has been targeted by hackers, according to media reports. The Basel-based company says no sensitive data has been stolen.

This content was published on June 5, 2022 – 13:35

swissinfo.ch/ds

Novartis confirmed to Swiss media on Sunday that it had been the victim of a hacking attack, first reported by the specialised IT website Bleeping ComputerExternal link.

The company told Keystone-SDA news agency the case had been thoroughly investigated and that theft of sensitive data could be ruled out.

“We take data protection and data security very seriously and have taken industry-standard measures in response to this type of threat to ensure data security,” Novartis added.

According to the website Bleeping Computer, the hacker group Industrial Spy offered to sell stolen Novartis data on the darknet for $500,000, payable in Bitcoins.

The hacker group claims it stole the data directly from the laboratories of a Novartis factory. The information relates to RNA and DNA-based drug technology and tests.

Switzerland ranks third among the most targeted European countries, behind Germany and the UK, for advanced and targeted cyber-attacks (APT), according to insurance company Swiss Risk & Care.

In compliance with the JTI standards

In compliance with the JTI standards

More: SWI swissinfo.ch certified by the Journalism Trust Initiative

Source…

DarkOwl Ransomware API offers insight into content from ransomware websites hosted on the darknet

/in


DarkOwl released Ransomware API, the latest in their suite of darknet products. By enabling users to monitor darknet ransomware sites for their strategic assets – including first and third party vendors – organizations have the most accurate information available as to whether an entity has been extorted or compromised in a ransomware attack.

Ransomware API accesses the same database of darknet content as DarkOwl’s other data products, but targets results to content that was posted on ransomware group websites. These sites include those where actors post about their victims, and frequently leak compromised data that resulted from their attacks. Using this data, a company could expose potential risk for their own organization, assess supply chain vendor risk, or calculate risk to support cybersecurity insurance underwriting processes.

“As ransomware actors become ever more prevalent and advanced in the darknet, companies need tools that allow them to monitor and stay ahead of any cyberattacks. We hope that our deep coverage of this space can help illuminate a criminal economy that is constantly shifting and evolving,” said Mark Turnage, President and CEO of DarkOwl.

DarkOwl’s newest product was developed as a direct result of market demand, and is the first in the industry to offer streamlined, targeted insight into ransomware-hosted content on the darknet. As stated by DarkOwl’s Director of Product Technology, Sarah Prime, “We’re excited to release this new endpoint as a response to what we were hearing from our customers. Our insight into this area of darknet is unique, particularly our historical archive. Through this API product, organization mentions on these sites can now serve as a critical risk indicator.”

Source…