RESOURCE
Page

As consumers implement a variety of connected devices, to include smart speakers and security systems, among others, the larger the potential attack surface. This is particularly important as employees of many organizations have adapted to remote work, with more endpoints attempting to reach company networks.

Many sites on the deep and dark web can quickly go from providing valuable, nonmalicious programming resources, to fully dedicated repositories for stolen data and attack methods. The forums of the gaming hacks and Twitch exploits analyzed in this report contain hundreds of thousands of posts referencing carding/fraud techniques, and credit card data for sale.

Narrowing in on the dark web drug economy reveals a microcosm of how illicit economies adapt to such crises, showcasing the unique rule of the internet in providing flexibility and resilience to illicit activities.

If there’s one thing that is certain on the dark web, it’s that these threat actors sensed an opportunity last month when the U.S. government announced it would deposit checks into the accounts of millions of Americans. And multiple news sources have noted that the stimulus checks and the forgivable loans made under the Paycheck Protection Program (PPP) were attractive targets for a myriad of fraud schemes. 

At the end of 2019, account takeover (ATO) fraud accounted for 16% of fraud-related losses. The dark web provides fraudsters with intelligence that enables them to infiltrate your customers’ accounts without raising any suspicions. Once activity in a compromised account goes undetected, the potential for loss is much higher than with stolen credentials fraud.

The worldwide Coronavirus pandemic has forced millions of people to adapt their lives and work from home. With this new normal came a quantum leap in the use of video conferencing apps such as Zoom—along with many users unfamiliar with the technology—has created an opening for hackers and internet trolls.

While the overwhelming majority of discourse surrounding COVID-19 is informational, there is a troubling rise in malicious intent, as threat actors seek to monetize this crisis through a variety of illegal methods. We must caution that the dark web is a testing ground of malign ideas; if an actor shares a “success story” of how he made money, many copycat attacks should be expected in the immediate future.

Dark web activity is very often focused on computer viruses. Sometimes, however, it takes a virus of another kind—biological—to remind us of the dark web’s original intended use, as a medium for anonymous communication between individuals, unimpeded by governments and geography. Undoubtably, many want to discuss COVID-19 on more secure channels, including those wishing to avoid Chinese state surveillance. Accordingly, we noted interesting patterns of discourse in secure messaging apps, such as Telegram, QQ, and Discord, as well as a spike in discourse on deep and dark web forums.

What kind of activities are really happening on the Dark Web? How much is myth and how much is real? Organizations from all industries need to understand the importance of monitoring the Dark Web to prevent future threats and attacks that could be costly and tarnish their reputation.

Download our Ultimate Guide To Dark Web Intelligence to find out.

During the last six months of 2019 (H2-2019), 76,230,127 compromised cards
were offered for sale by threat actors in illegal credit card markets monitored
by Sixgill in the deep and dark web. In H1-2019, 23,319,709 cards were offered
for sale.

SIM swapping is a form of identity theft through social engineering, in which an attacker convinces a wireless carrier to port a phone number from the victim’s SIM card to a SIM belonging to the attacker. Once in posession of the victim’s phone number, the attacker can take control of any account that uses an SMS/call to authenticate login or reset passwords, including email, bank accounts, and cryptowallets.

As the holiday shopping frenzy officially begins around the Thanksgiving period, many consumers will turn to e-commerce stores to make their purchases. Given the increase in commerce during the holiday period, threat actors will capitalize on this increased spending for their own gain.

What kind of activities are really happening on the Dark Web? How much is myth and how much is real? Organizations from all industries need to understand the importance of monitoring the Dark Web to prevent future threats and attacks that could be costly and tarnish their reputation.
Download our Ultimate Guide To Dark Web Intelligence

Autoclickers are software that simulates clicking, i.e. user interaction, with a computing device. While they can have legitimate uses, threat actors have found several ways to improve and weaponize them. Sixgill has identified many autoclickers distributed on the underground, including some that employ sophisticated methods to mimic human actions and bypass antivirus software.

Credit card sniffers are relatively few lines of malicious code that are injected into payment pages of e-commerce sites. Sniffers copy input credit card information and send it to the attackers’ servers. These attacks are difficult to detect, as sniffers are generally small and stealthy, blending in with legitimate elements of a website. While making a purchase on a reputable site, an e-commerce client can unknowingly be victimized by this type of attack.

The criminal cyber-underground has long been fertile ground for financial fraud. With increasing overall activity in underground forums and the global transition to economies based on payment cards, malicious activity targeting compromised credit cards is as rampant as ever.

In the first six months of 2019, 23,319,701 compromised credit cards were offered for sale in the underground deep and dark web stolen credit card markets monitored by Sixgill.

CVEs (Common Vulnerabilities and Exposures) are lists of publicly available vulnerabilities and exposures related to software and hardware. Their purpose is to facilitate the sharing of data and to alert users of required actions to mitigate potential threats in the cyber world.

Nowadays, CVE identification and prioritization have become a prominent part of every vulnerability management tool, and an integral component in any risk assessment.

Cybercriminals dedicated to the practice of carding have proven their resiliency over the years, developing new techniques to successfully circumvent the continuously evolving anti-fraud measures deployed by the financial and retail industries, and adapting many of the old techniques they employ. With the introduction of EMV card technology in 2015, the United States witnessed a decrease in fraud rates for card-present transactions. Nevertheless, the business of online carding has remained as relevant as ever. Credit card checking tools have remained a key element in sustaining high success rates of online carding.

The Digital gaming industry grossed over $100 billion in 2017. With more than 125 million players and revenues of over 300 million dollars every month, the online multiplayer game “Fortnite” has rocketed to the top of the online gaming industry, surpassing established giants like “World of Warcraft” and “Minecraft”.  Fortnite’s format and popularity have drawn the attention of cyber criminals, and resulted in a thriving criminal eco-system around the game.

Threat actors are constantly looking for quick and easy ways to commit fraud, and document forgery is a significant part of that effort. These fake documents can serve a number of illicit purposes, from providing proof of residence for a false identity, through creating legitimate business accounts under that identity, to even traveling internationally using fake biometric passports.

The competition between legitimate authorities and the fraudsters who attempt to dupe them, is likely to continue for years to come. While encryption and identification technologies are constantly improving, threat actors find ways keeping up with these developments. As long as there’s gain to be had, cyber criminals will continue to manufacture and sell forged documents in the deep and dark web.

Although the practice of alerting the public with new CVEs (Critical Vulnerabilities and Exposures) is a crucial component in contemporary cyber-security strategy,  Dark Web threat actors are actively searching for new vulnerabilities and investing considerable effort in finding ways to exploit them before organizations can protect themselves.

Cybercriminals have managed to redirect web-based crypto-wallet DNS queries to a malicious mirror website. By doing so, they were able to steal $17m in Ethereum.1 The hackers pulled off a BGP (Border Gateway Protocol) hijacking attack on the website’s DNS service host, causing it to receive a false IP address and direct users to a phishing website. As a result, the users became victims of the attack, losing their stored wallet’s crypto-currency.

During the last few months, global corporations have been extremely busy with implementing the needed changes in order to be compliant with the upcoming GDPR regulation. While this happens, cyber-threat actors are preparing themselves for the possible consequences, without a clear picture of whether GDPR will hurt them or benefit them.

In this investigative report, Sixgill analyzes how the exponential growth in the value of bitcoin has inadvertently disrupted the dynamics of the cybercrime economy, and put criminals at an unprecedented crossroads, bringing speculation and uncertainty to the core of financially motivated cybercrime.

In Sixgill’s latest threat report, malicious activity of the Slovakian “Anonymous” group was found in the Deep Web message board ‘Hidden Answers’, where threat actors were looking to recruit accomplices for an operation targeting NATO and EU websites.

The second half of 2017 has been very rocky for Dark Web markets.  Two of the largest Dark Web markets were taken down by law enforcement in 2017, AlphaBay and Hansa, the latter being run for a while by law enforcement without users knowing. For a variety of reasons, Dark market vendors are looking for alternative platforms and methods to protect themselves while carrying on their business.

Similar to other verticals, the health care industry is vulnerable to cyberattacks that can cause tremendous damage, both to the medical organizations themselves and to their patients. Download new Sixgill Threat Report on the vulnerability of the Health Care Industry.

Ever wonder what the Dark Web really is? How it got started? How it became the dangerous place it is? More importantly, what kind of threats are lurking out there, why you need to know about them and what you can do about them? Sixgill has released a White Paper that takes a look at the Dark Web and answers these questions. 

A wealth of security-related information can be found on Telegram, a secure encrypted messaging application operating in the deep web. During the past couple of years, the German-Russian-based Telegram application has emerged as the jihadists’ preferred application for encrypted communications. Looking at examples from just the past few months regarding the use of new weapons by “The Islamic State” (ISIS) demonstrates just how prevalent this trend has become.

Why put Sixgill Dark-i on your radar?
Today, the dark web conceals a vast underworld of cybercriminals who are collaborating and cooperating on exploits, as well as sharing methodologies. There is clearly a need for platforms suchb as Dark-i so that the enterprises who are targeted by these individuals and gangs can investigate who is focusing on them, what attacks vectors they are using, and how they go about their business,enabling them to organize and structure their response.

Sixgill researchers encountered a post in one of the leading, closed Russian cybercrime message boards. The author of the thread announced a RAT dubbed Proton, intended for installation exclusively on MAC OS devices. The author offered this product in one of the leading underground cybercrime markets. This report contains information about the malware which has drawn extensive interest in the industry. As a result of this discovery, Sixgill was written up in numerous industry articles.