Dark web listings for malware aimed at companies on rise


There's been a significant rise in the number of dark web listings for malware and other hacking tools which target the enterprise, and an increasing number of underground vendors are touting tools that are designed to target particular industries.

A study by cybersecurity company Bromium and criminologists at the University of Surrey involved researchers studying underground forums and interacting with cyber-criminal vendors. The study found that the dark web is fast becoming a significant source of bespoke malware.

In many cases, the dark web sellers demonstrated intimate knowledge of email systems, networks and even cybersecurity protocols in a way that suggests they themselves have spent a lot of time inside enterprise networks, raising questions about security for some companies.

"What surprised me is the extent you could obtain malware targeting enterprise, you could obtain operational data relating to enterprise," Mike McGuire, senior lecturer in Criminology at the University of Surrey and author of the study, told ZDNet.

"There seems to be an awareness and sophistication among these cyber criminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that," he said, adding: "What surprised me is just how easy it is to get hold of it if you want to."

McGuire and his team interacted with around 30 sellers on dark web marketplaces – sometimes on forums, sometimes via encrypted channels, sometimes by email – and the findings have been detailed in the Behind the Dark Net Black Mirror report.

The study calculated that since 2016, there's been a 20 percent rise in the number of dark web listings that have the potential to harm the enterprise.

Malware and distributed denial of service (DDoS) form almost half of the attacks on offer – a quarter of the listings examined advertised malware and one in five offered DDoS and botnet services. Other common services targeting enterprises that were for sale include espionage tools, such as remote-access Trojans and keyloggers.

Your Profile Up For Sale Somewhere On The Dreadful Dark Web For Rs. 140/day?





After hacking feats, cyber cons have stooped to selling hacked profiles on the dreadful dark web for a minimal cost of Rs. 140/day.


What’s even more unsettling is the fact that organizations, market researchers and people looking for business related data could also be behind this profile marketing.

The corner of the “dreadful dark web” where these profiles are available is not accessible via regular browsers.

By way of tools like “Tor” which is an open source software that aids anonymous communication and access to a whole new world of stolen passwords, data and profiles.

According to researchers, other than cyber attackers the people tracking the consumer behavior are after free access to video streaming sites that have already been paid for by the victim.

It’s super disconcerting the way rival companies are buying profiles to get "Intel" on their competitors consumer base, sensitive data and even tracking key executives.

These hacking goons are working in groups where one sells encrypted data and the other quite conveniently decrypts all for dear money.

Then there’s a third group which stores a list of the decrypted passwords into a central server which provides data sets from these breaches.

WARNING! If you happen to use a single password or even passwords that are a teensy bit different for more than one log in sites and multiple websites you are in serious trouble.

Reportedly, the hackers have collected over 8000 databases from small websites singly. It’s only up to the imagination what kind would have been from major sites.

On the dark sites, the data is being sold in packages ranging from a minimal Rs.140 ($2) to a staggering Rs.4900 ($70).

Payment methods of Crypto-currencies like Bitcoin, Litecoin, Dash, Ripple, Zcash and Ethereum are all available to the users’ comfort.

If several passwords are bought from the website a profile could be fabricated within minutes, because quite foolishly users have the same passwords for multiple sites.

This makes the user’s behaviour extremely predictable and it becomes easy for the buyers to track the victim’s activities all over the internet.

The people who spend more time on the internet are more susceptible to such hazards because they are easier to track.

A normal user’s passwords are available for as little as a rupee but then the hot shot public figures like politicians’ or actors’ passwords’ cost ranges from Rs.500- Rs.2500/password.

QUICK TIP!
·       Try not to use common, mainstream passwords that are only easily hack-able and guess-able.

·       Especially after a company experiences a breach or a hacking feat they should make their security stronger.

·       The systems should be made more accountable than ever.

No company has faced any adversities as of yet due to this profile marketing freak-show.






Darknet: The digital underground



The arrest of two Delhi youths for the import and sale of illegal marijuana through the darknet in December last year sparked widespread discussion on the rising prominence of the darknet in India. With dark net being the new market for drug peddlers and illegal traders, it is slowly becoming one of the most challenging problems to be tackled in this cyber age.

What is the darknet?

The world wide web can be divided into three categories- the surface web, the deep web and the dark web. While pages on the surface web(visible web ) are indexed and can be easily accessed by the public, pages on the deep web are not indexed and hence cannot be readily accessed. The content of the deep web is hidden behind HTTP forms and includes many common uses such as webmail, online banking, and services that users must pay for, and which is protected by a paywall, such as a video on demand, some online magazines and newspapers, and many more. Content of the deep web can be located and accessed by a direct URL or IP address and may require a password or other security access past the public website page. The dark web is that part of the internet which can be accessed only by ‘overlay networks ‘ and needs special browsers like TOR to access. Browsers like TOR ensure anonymity to the host as well as the user, by protecting the IP address with its ‘overlay network’ structure.

Illicit drugs, weapons and online fraud : the endless dangers of darknet

The promise of anonymity the darknet offers has led to an alarming increase in its use in the last 4 years. A 2015 study showed that drugs are the most traded commodity on the dark web and 26 per cent of its content can be classified as ‘child exploitation’. A December 2014 study by Gareth Owen from the University of Portsmouth found that the most commonly hosted type of content on Tor was child pornography, followed by black markets. Stolen credit card details, forged documents, counterfeit currency and weapons are the other types of content. Reports of crowdfunded assassinations, hitmen and live streamed murders are believed to be available on the darknet.

How does it work?

Cryptocurrencies such as bitcoin are used for transactions on the darknet. Purchases on the darknet come with reviews and ratings just like on Amazon and Flipkart and are delivered to the customer’s doorstep just like any other order. Service providers like ‘escrow’ ensure that the transaction is made to the seller only after the customer receives the package. Often disguised, these illegal products mostly make their way through customs to the customers' doorstep.

Cracking the whip :

Though highly evasive, browsers like Tor aren’t completely untraceable. In early November, a coordinated action by the FBI and Europol known as Operation Onymous seized dozens of Tor hidden services, including three of the six most popular drug markets on the Dark Web. For now, just how the feds located those sites remains a mystery.

“ The Interpol, Europol and the FBI are the ones striving hard to keep the darknet dangers in check”, says J.Prasanna, Director of Cyber Security and Privacy Foundation, Singapore.

” The first step towards net safety comes down to parental supervision”, says J .Prasanna who provides dark web monitoring for banks.

“ The Indian government should ensure stringent punishment for the offenders using darknet for illegal trade and activities. The police department too should be technologically advanced to handle such crimes”, says V.Rajendran, Chairman, Digital Security Association of India.


The bright side :

It would be safe to say not everything is dark about the darknet. The privacy it provides is a major attraction to many who are looking to escape the watchful eyes of service providers and federal agencies. Anonymous messenger services and access to tonnes of resources (data, books, documents) argues the use of darknet for good.

Author:
Yamuna Chandran

World’s largest dark web marketplace shut down by authorities








In a joint operation between European and U.S. authorities servers of the major dark web marketplaces Wall Street Market and Valhalla has been seized in Germany and Finland, and its operators have been arrested from Germany, the U.S. and Brazil.

Both platforms were highly popular for peddling unlawful goods with over 1 150 000 and 5 400 vendors.  The Wall Street market was the second largest dark web marketplace that could be accessed via the Tor network.

The German authorities have arrested three suspects and have “seized over €550 000 in cash, alongside cryptocurrencies Bitcoin and Monero in 6-digit amounts, several vehicles and other evidence, such as computers and data storage.” 

“These two investigations show the importance of law enforcement cooperation at an international level and demonstrate that illegal activity on the dark web is not as anonymous as criminals may think,” said Europol’s Executive Director, Catherine De Bolle.

“Europol has established a dedicated Dark Web Team to work together with EU partners and law enforcement across the globe to reduce the size of this underground illegal economy.”


On dark web vendors could sell almost anything, from drugs to malware. You can also find out forged documents and cryptocurrencies. 

Hacker uploads about 1 billion user data in 2 months

A serial hacker who goes by the name of Gnosticplayers has released another 65.5 million records of users last week taking his grand total of 932 million records overall, with the consequences of the data pool as yet unknown. Since mid-February, Gnosticplayers has been putting batches of hacked data on Dream Market, which is a dark web marketplace for selling illegal products like hacking tools guns and drugs.

"The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations," the ZDNet reported late on Monday. The names of big companies that were hit included UnderArmor, 500px, ShareThis, MyHeritage and GfyCat. The releases have been grouped in four rounds -- Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).

"Last week, the hacker notified ZDNet about his latest release -- Round 5 -- containing the data of 65.5 million users, which the hacker claims to have been taken from six companies: gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women's fashion store Moda Operandi, and Apple repair center iCracked," the report added.

Earlier in March, the serial hacker stole and posted personal data of close to 843 million users of various popular websites. The companies impacted include GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak and Youthmanual.

Bitcoin hacker steals money and passwords from Dark Web users, jailed

Blockchain and cryptocurrency related crimes are something heard about in a very scarce quantity. But this week, a 37 year-old man in the US has been sentenced to one year and one day in prison for fraud in connection with a Bitcoin $BTC▲2.4% phishing scheme designed to rob victims of their cryptocurrency.

Michael Richo was allegedly running an elaborate bitcoin phishing scheme, all with the purpose of stealing confidential information from unaware victims, including various sums of cryptocurrency which they held.

Richo, of New Haven, was also ordered to forfeit $352,000 in cash, various computers and electronic devices, such as digital and hardware-based wallets, which contained a vast array of different precious metals and virtual coins that he purchased with the proceeds of his offense.

It was during the trial that evidence, such as court documents from the trial in question, as well as supplementary statements, illustrate just where Richo was going in order to target individuals for his Phishing attacks – The Dark Web.

Per court documents associated with Richo’s case, he will be subject to three years of supervised release once he’s out of prison. His operation involved targeting individuals on the dark web using marketplaces.

He did so by posting fake links to online marketplaces on dark web forums. Once users clicked on them, these links would then direct users to fake login pages that resembled the real login pages for various dark web marketplaces. Once the victim entered his credentials, the hacker would steal them. He would then monitor the individual’s Bitcoin balance at the real marketplace and would withdraw the coins once the person deposited the funds. He would then either deposit the funds directly to his bitcoin wallet, or sell them on cryptocurrency exchanges for US dollars. The US dollars obtained as a result were deposited into bank accounts under his control or provided to him through Green Dot Cards, Western Union transfers, and MoneyGram transfers.

Hacker Puts Up For Sale the Data of Six Companies, Totalling 26.42 Million User Records



Gnosticplayers, a hacker who already is for the most part known for putting up for sale more than 840 million user records in the previous month has yet again made an appearance and has returned with a fourth round of hacked data that he's selling on a dark web marketplace.

Ever since February 11 the hacker has set available for sale, data for 32 companies in three rounds on Dream Market, a dark web marketplace. This time, Gnosticplayers is more focused on the information of six companies, totalling 26.42 million user records, for which he's asking 1.2431 bitcoin which is approximately $4,940.

The difference between this Round 4 and the past three rounds is that five of the six databases Gnosticplayers set available for sale were gained amid hacks that have occurred a month ago, i.e. in February 2019. What's more, it merits referencing that a large number of the companies whose data Gnosticplayers has sold in the past three rounds have already affirmed breaches.

The six new companies targeted this time are , namely game dev. platform GameSalad, Brazilian book store Estante Virtual, online task manager and scheduling applications Coubic and LifeBear, Indonesia e-commerce giant Bukalapak, and Indonesian  student career site YouthManual.


"I got upset because I feel no one is learning,” the hacker said in an online chat "I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry."

He says that he set up the data for sale essentially in light of the fact that these companies had neglected to ensure their passwords with solid encryption algorithms like bcrypt.

Albeit simply the last month the hacker said that he needed to hack and put up for sale more than one billion records and after that retire and vanish with the cash. But in a recent conversation, he says this is not his objective any longer, as he discovered that various other hackers have already just accomplished the similar objective before him.

Gnosticplayers likewise revealed that not every one of the information he acquired from hacked companies had been put on sale. A few companies surrendered to extortion demands and paid expenses so that the breaches would stay private.





New attack lets hackers run bad code despite users leaving web page

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected.

This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (crypto jacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said.
The MarioNet attack is an upgrade to a similar concept of creating a browser-based botnet that was described in the Puppetnets research paper 12 years ago, in 2007.

The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code.
This is possible because modern web browsers now support a new API called Service Workers. This mechanism allows a website to isolate operations that rendering a page's user interface from operations that handle intense computational tasks so that the web page UI doesn't freeze when processing large quantities of data.

Technically, Service Workers are an update to an older API called Web Workers. However, unlike web workers, a service worker, once registered and activated, can live and run in the page's background, without requiring the user to continue browsing through the site that loaded the service worker.

MarioNet (a clever spelling of "marionette") takes advantage of the powers provided by service workers in modern browsers.

The attack routine consists of registering a service worker when the user lands on an attacker-controlled website and then abusing the Service Worker SyncManager interface to keep the service worker alive after the user navigates away.

The attack is silent and doesn't require any type of user interaction because browsers don't alert users or ask for permission before registering a service worker. Everything happens under the browser's hood as the user waits for the website to load, and users have no clue that websites have registered service workers as there's no visible indicator in any web browser.

617 Million Account Details Put On Sale on the Dark Web


Account Details of approximately 617 million accounts including information details, like names of account holders, their passwords and their email address have been put on sale by hackers on the dark web. 16 websites including some well-known ones, like Dubsmash, MyFitnessPal and ShareThis have been a target.

Although there have been no reports of any financial data like the credit card details or banking passwords being undermined however there is a threat of the location data, the social authentication keys and the personal data of the users of being on sale.

A report by The Register, a British technology news and opinion website, states that "The above mentioned information is available for less than $20,000 in Bitcoin.”

Now, while some of the previously mentioned sites, as Animoto, MyHeritage and MyFitnessPal, knew about the security ruptures on their platforms and had already informed their users already about the issue, however the breaches reported on some other sites were new thus they haven't been accounted for beforehand.

Both 500px and EyeEm have taken appropriate measures and informed their users about the break all the while requesting them to change their passwords, as a prudent step.

The list of websites affected by the hack include: Dubsmash (162 million accounts), MyFitnessPal (151 million accounts), ShareThis (41 million accounts), Animoto (25 million accounts), MyHeritage (92 million accounts), 500px (15 million accounts), Artsy (1 million accounts), Armor Games (11 million accounts), BookMate (8 million accounts), Whitepages (18 million accounts), EyeEm (22 million accounts), 8fit (20 million accounts), HauteLook (28 million accounts) and Fotolog (16 million accounts).