now browsing by tag


#deepweb | The Deep and Dark Web Analysis

Source: National Cyber Security – Produced By Gregory Evans

Dark Web Analysis By Anna Chung, Principal Researcher at Unit 42, Palo Alto Networks


Within the Deep and Dark Web, ransomware attacks are expected to continue in 2020. This year, my team and I came across an increasing number of threat actors selling ransomware, ransomware-as-a-service, and ransomware tutorials. Underground products and services like these enable malicious threat actors who are not technically savvy to enter the game.

Threat actors will continue exploring new methods to monetise compromised IoT devices, beyond IoT botnets and IoT-based VPNs, due to the uncapped profit potential. IoT devices remain a popular target among hackers, mostly because IoT security awareness and education is not as prevalent as it should be, and the number of IoT devices will continue to grow at an exponential rate as 5G develops and becomes mainstream.

We’re continuing to see instances where the failure to configure containers properly is leading to the loss of sensitive information and as a result, default configurations are posing significant security risks to organisations.

Misconfigurations, such as using default container names and leaving default service ports exposed to the public, leave organisations vulnerable to targeted reconnaissance. The implications can vary greatly, as we’ve already seen simple misconfigurations within cloud services lead to severe impacts on organisations.

Dark Web Analysis: Authentication Mechanism

When a company is beginning to address or prepare for these types of attacks, it’s important they never expose a Docker daemon to the internet without a proper authentication mechanism. Note that by default the Docker Engine (CE) is not exposed to the internet. Key recommendations include:

  • Incorporate Unix sockets – Using these allow you to communicate with Docker daemon locally or use SSH to connect to a remote docker daemon.
  • Leverage the firewall – Whitelist incoming traffic to a small sets of sources against firewall rules to provide an extra added layer of security.
  • Caution against the unknown – Never pull Docker images from unknown registries or unknown user namespaces.
  • Employ always-on searches – Frequently check for any unknown containers or images in your system.
  • Identify malicious containers and prevent cryptojacking activities – When a new vulnerability in the internal container environments is revealed, it is critical to patch it up quickly as attackers will be on a race to exploit any systems they can access. Having tools that actively scan your environment for known vulnerabilities and provide alerts on dangerous configurations can help to maintain the security of all container components consistently and over time.
  • Integrate security into DevOps workflows – This will allow for your security teams to scale their efforts in an automated way. Developers have a lot of power in the cloud, and your security needs to be able to keep up.
  • Maintain runtime protection – As your organisation’s cloud footprint grows, being able to automatically model and whitelist application behavior becomes a powerful tool for securing cloud workloads against attacks and compromises.

Many data breaches today are driven by financially motivated cyber threat actors, and this type of attack prefers targets that have rich personal identifiable information (PII), including financial institutes, hospitals, hotels, airlines, and almost all e-commerce sites.

From an underground economic perspective, this is data that can be quickly monetised and resold multiple times. Different data has different buyers, but overall speaking in regard to PII, payment information is preferred due to the card-not-present type of fraud. Therefore, sites that process and collect individual payment information typically are more attractive to attackers in this instance.

While we have seen a certain amount of cyber-offensive behavior using AI, such as identity impersonation by using deep faking, we are still in the very early stages of seeing the full potential of AI-enabled attacks. On the flipside, we are seeing an increase in cyber defenders using AI to detect and mitigate threats.

Dark Web Training

Businesses and CSOs should prioritise security awareness training for all employees, going beyond just explaining how cyber-attacks occur and how they may impact an organisation as a whole, but educating their workforce at individual level  on proactive steps they can take to identify and prevent security attacks. Simple exercises like issuing phishing email detection tests or software update reminders, help raise security awareness among employees to make for more secure daily operations and help reduce the success rate of attacks.

One of the major security challenges facing today’s digital age is the fact that there are too many devices and security policies in place, making it difficult to monitor and maintain. Prioritising highly-automated security solutions that cover multiple environments will increase visibility and control over the entire operational environment by simplifying the management process, reducing costs and freeing up more time to identify the existing pain points and future roadmaps.


Source link

The post #deepweb | <p> The Deep and Dark Web Analysis <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web

Source: National Cyber Security – Produced By Gregory Evans

Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibaba’s Security Research Lab posted on Weibo that millions of Weibo users’ data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on “phone number search.”

In the comment section, netizens claimed that they found 538 million user records including user IDs, number of Weibo posts, number of followers, gender and geographic location available for purchase on the dark web. Among all the user records, 172 million had basic account information, all of which was available for sale for 0.177 Bitcoin.

Luo Shiyao, Weibo’s Security Director responded on Weibo that the Internet security community was merely “overreacting.” “Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet,” adding that “When we found the security vulnerability we took measures to fix it.” Luo stated that this is likely another “dictionary attack” instead of a direct drag from Weibo’s database.

Both Wei’s thread and Luo’s Weibo post have been deleted.

Flow chart of the information purchase process (Source: Phala Network)

Weibo responded to media admitting that the data leak is true, while no users’ passwords or ID numbers were under threat. Weibo also claimed that its security policy has since been strengthened and is under continuous optimization. The company also stated that the leak traced back to an attack on Weibo in late 2018, when hackers used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment. Weibo concluded that no other information besides users’ IDs was leaked and its normal services would not be affected.

However, according to Phala Network‘s research, users’ ID numbers, emails, real names, phone numbers and related QQ numbers can all be obtained through the Weibo information leak on the dark net. One search costs approximately 10 RMB. According to TMT Post, a source had purchased their own personal information including name, email, home address, mobile phone number, Weibo account number and password on the dark web and confirmed it to be accurate. Another source revealed to TMT Post that even some user’s license plate numbers and previous passwords could be found. Chat app Telegram is a major platform where transactions for the leaked data are conducted.

Source link

The post #deepweb | <p> Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | The “Apollon” Dark Web Marketplace Might Be Exit-Scamming

Source: National Cyber Security – Produced By Gregory Evans

  • The “Apollon” marketplace is most likely exit-scamming and has been in the process for many weeks now.
  • Users and platforms who reported this news and warned others were DDoSed, possibly by Apollon.
  • Someone claimed that Apollon’s admin had their identity leaked, and is now trying to muddy the waters.

Seeing darknet marketplaces exit-scamming isn’t something unusual. There is no customer-brand trust relationship to protect, there is no credibility stemming from anything tangible, and these platforms simply don’t respect their members. Everyone joins marketplaces to sell or buy illegal goods and services, so they’re in a dangerous, risky, and untrustworthy place. Thus, we often see marketplaces suddenly grabbing all the deposits of their members’ wallets, sending everything to their personal crypto coin stash, and then shutting down the website. Recent dark web rumors say that “Apollon” might be the latest marketplace in the process of doing precisely that.

According to a report by “digital shadows,” Apollon has initiated the process of exit-scamming on January 26, 2020. Around that time, its operators started launching DDoS (Distributed Denial of Service) attacks against other English-language forums and marketplaces on the dark web. The vendors who were locked out of their accounts naturally went elsewhere to post about the problem and about the fact that Apollon was exit-scamming. Hence, the marketplace operators thought it would be a good idea to try and silence them by DDoS-bombing their websites.

apollon DDoS dark web
Source: Digital Shadows

The Torum administrators added a permanent banner on the forum to warn everyone about Apollon’s ongoing exit-scam. At the same time, the Kilos search engine announced they would delist all Apollon offerings from their index. Apollon responded by DDoSing Torum, Empire, Dread, DarkBay, DarkMarket, Avaris Market, Envoy, The Hub, Avengers, and possibly many more. The fact that Apollon stayed online during the DDoS attacks was a telltale sign for many that the marketplace was behind the attacks. At the same time, the Apollon admins chose not to respond to the allegations, while some moderators openly claimed that they suddenly lost their privileges on the platform.

Source: Digital Shadows

Amidst this situation, a Torum user reported something interesting that introduces an alternative explanation for Apollon’s actions. He claimed that Apollon’s server had a flaw that resulted in a leak of the site’s IP address, and so the admin’s identity was on the line. The admin was allegedly extorted by the person who held this info but denied paying a ransom. Thus, the DDoS attacks are an effort to hinder the dissemination of this sensitive information. Right now, Apollon remains online and still doing business, so it’s unclear if they are really exit-scamming or not. Possibly, they are now trying to make the most out of Apollon by grabbing the deposits of the last remaining unsuspecting victims before they shut down the platform for good.

Source link

The post #deepweb | <p> The “Apollon” Dark Web Marketplace Might Be Exit-Scamming <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | 17 things you can buy on the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

The “Dark Web” is commonly associated with criminal activity, hacking, and other controversial topics, but it is not illegal by nature.

However, it is a common tool among criminals due to the anonymity of the Tor Browser which is required to access it.

Ordering various products for delivery is also possible on the dark web, including drugs and fake credit cards.

Various services are offered to visitors of specific websites, too, including hacking and assassination services.

Using Tor, we visited several marketplaces that offered guns, drugs, illegal services, fake goods, and malware through a similar interface to a regular online store.

Additionally, it must be noted that the dark web not only plays host to a variety of illegal marketplaces – is also used to distribute illegal material.

MyBroadband in no way endorses these aspects of the dark web and many of the items shown below are illegal. This article is for information purposes only.

Below is a list of what we found on the dark web, with prices converted from Bitcoin to rand at the time of writing.

Credit card dumps – R348

Credit card dumps

Marijuana (227g) – R7,106

Marijuana (227g)

Counterfeit gold bar – R1,108

Counterfeit gold bar

“Gucci” Hoodie – R554

Gucci Hoodie

“Air Jordan” 1 Low sneakers – R1,232

Air Jordan 1 Low sneakers

Bitcoin ransomware bundle – R143

Bitcoin ransomware bundle

Fake IDs and driver’s licences – R4,028

Fake IDs and driver's licences

330ug LSD Blotters – R4,742

330ug LSD Blotters

Crack cocaine (0.5g) – R932

Crack cocaine (0

Aviator Blue “Ray-Ban” sunglasses – R80

Aviator Blue Ray-Ban sunglasses

$5,000 in counterfeit US bank notes – R11,177

$5,000 in counterfeit US bank notes

Cryptocurrency trading tips – R639

Cryptocurrency trading tips

Heroin (5g) – R5,435

Heroin (5g)

Desert Eagle 357 handgun – R12,724

Desert Eagle 357 handgun

Custom AK 47 rifle – R23,876

Custom AK 47

Barrett M107A1 rifle – R33,419

Barrett M107A1

FN PS90 rifle – R10,341

FN PS90 rifle

Now read: The easiest way to browse the dark web

Subscribe to our daily newsletter

Source link

The post #deepweb | <p> 17 things you can buy on the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Smoke DZA Enlists T-Pain On “Dark Web”

Source: National Cyber Security – Produced By Gregory Evans

Smoke DZA dropped off A Closed Mouth Don’t Get Fed this past week, and fans are calling it some of his best work. DZA has been dropping gems for years, but his latest project just has a certain vibe to it. It’s futuristic but still grounded in the present. “Dark Web” featuring T-Pain highlights this fact. A majestic instrumental comprised of an eastern sounding synth and high energy kicks set the background for DZA to drop braggadocious bars. 

T-Pain has never lost it and it doesn’t look like he will anytime soon. He comes through with a truly spectacular chorus that is reminiscent of early T-Pain. He’s still the best sounding artist in autotune, using harmonization to really hammer home the vibe of the record. “Dark Web” is radio and club ready, but it is also a track you can bump in the car or at home. 

Quotable Lyrics
You can never underestimate genius
My old lady asking for space
A may fuck around, give her Venus
You can see the coldness all in my pose
They like, “how he flex so seamless?”

Source link

The post #deepweb | <p> Smoke DZA Enlists T-Pain On “Dark Web” <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | How to Get Dark Mode Everywhere in Safari for Mac

Source: National Cyber Security – Produced By Gregory Evans

Browsing the internet late at night isn’t exactly a fun experience when you’ve got websites flashing white backgrounds and gnashing their teeth at you. If Safari is your go-to browser on the Mac, then I’m sure that is a problem. It’s natural to want the Dark Mode everywhere in Safari when you are browsing.

Get Dark Mode Eveywhere Safari Mac Featured

So, you have Night Shift. But sometimes, there’s nothing like dark mode to lessen the strain on your eyes. However, enabling dark mode in Safari is easier said than done. The browser does sport the ability to switch to a dark theme. But that doesn’t really have an impact on the majority of websites out there.

If you want dark mode everywhere, then let’s check out what you must do below. Let’s start with how to enable the dark theme in Safari.

Note: The following instructions apply to Safari v13.0 running on macOS Catalina.

Enable Dark Mode for Websites in Safari

Thankfully, there are a couple of ways that you can easily use to get websites — the ones that don’t sport a native dark theme — to render in dark mode. The first method involves using Reader View. The second method requires you to use an extension.

1. Use Reader View

Reader View is a built-in Safari functionality that strips ads and other unwanted elements from webpages and presents them in an easily readable format. It also lets you change the default white background color to black. Couple that with Safari’s dark theme, and you’ve got full-fledged dark mode functionality in your hands.

But there’s a catch — Reader View can’t be enabled everywhere. Usually, it’s limited to blog posts and articles, such as the one that you are reading right now. Regardless, let’s check it out in action.

Step 1: Click the Reader View icon to the left-corner of the Safari address bar. Keep in mind that this icon will only show up on Reader View-supported web pages.

Get Dark Mode Eveywhere Safari Mac 5

Step 2: Click the aA icon to the right corner of the Safari address bar, and then switch to the darkest background color. You only have to do that once since Safari remembers your preferences automatically.

Get Dark Mode Eveywhere Safari Mac 6

And voila! That should render the page in complete dark mode. Perfect.

Get Dark Mode Eveywhere Safari Mac 7

By default, you must enable Reader View manually each time you visit a webpage. If that gets tedious, you can set it to kick in automatically on supported webpages. Here’s how to do that.

Step 1: Click Safari on the menu bar, and then click Preferences.

Get Dark Mode Eveywhere Safari Mac 8

Step 2: Switch to the Websites tab, and then click Reader on the left pane.

To enable automatic Reader View for websites that are open in Safari, click the menu next to each listed website underneath the Currently Open Websites section, and select On.

To enable other websites to always switch to Reader View, click the menu next to When Visiting Other Websites, and then select On.

Get Dark Mode Eveywhere Safari Mac 9

Exit the Preferences window. Safari will automatically switch to Reader View whenever you visit a page that supports the functionality.

2. Use Safari Extension

Dark mode with Reader View works well, but it doesn’t function on all websites and webpages. It is apt if you read a lot at night, but not ideal for web browsing in general.

If you want dark mode just about everywhere, you must resort to using a Safari extension. However, almost every dark mode extension that I ran into on the Mac App Store required a fee. Sadly, this included the fantastic Dark Reader extension, which is available free of charge for Chrome and Firefox.

But eventually, I did come across an extension that didn’t ask me to pay upfront — Night Eye. Here’s how to install and enable it.

Step 1: Install Night Eye via the Mac App Store.

Step 2: Open Safari Preferences.

Get Dark Mode Eveywhere Safari Mac 10

Step 3: Click the Extensions tab, and then check the box next to Night Eye.

Get Dark Mode Eveywhere Safari Mac 11

And that’s it. Every website, except very few such as Google Docs, that you come across should now render in dark mode.

The extension works quite well, and even sports the ability to work alongside the system color scheme, controls to adjust brightness, contrast, and saturation, etc. To access these options, click the Night Eye icon to the left of the address bar.

Get Dark Mode Eveywhere Safari Mac 12

However, Night Eye isn’t totally free. You need to pay to keep using some of the advanced features in the extension after three months. The supposed ‘Lite’ version that it switches to afterward limits you to using dark mode for up to five websites.

If you like the extension, you can buy it. But I don’t recommend doing that. Its price is quite steep at $8.99 for a one-year subscription or $39.99 for a one-off license. Instead, Dark Reader for Safari only requires a one-time fee of $4.99. There are also multiple other dark extensions — such as Dark Mode for Safari — that you can find on the Mac App Store for just $1.99.

Next up:

Is Firefox better than Safari on the Mac? Read our comparison to figure out which is the better browser for you.

Source link

The post #deepweb | <p> How to Get Dark Mode Everywhere in Safari for Mac <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Dark Web Fentanyl trafficker, ‘The Drug Llama,’ sentenced to 13 years in federal prison

Source: National Cyber Security – Produced By Gregory Evans

ST. LOUIS -Melissa Scanlan, known as ‘The Drug Llama,’ has been sentenced to 160 months in federal prison in the United States District Court for the Southern District of Illinois for trafficking fentanyl throughout the United States via the ‘dark web,’ engaging in an international money laundering conspiracy, and distributing fentanyl that results in death.

This case was part of a months-long, coordinated national operation involving the Drug Enforcement Administration St. Louis Division, the Food and Drug Administration – Office of Criminal Investigations, the United States Postal Inspection Service, the Department of Homeland Security, United States Customs and Border Protection, the United States Attorney’s Office for the Southern District of California, and the United States Attorney’s Office for the Southern District of Illinois.

‘With accessibility of fentanyl, it is imperative that the Drug Enforcement Administration and its law enforcement partners exploit all distribution avenues utilized by drug traffickers in Scanlan’s case,’ said DEA St. Louis Division Special Agent in Charge William J. Callahan. ‘Scanlan distributed poison in our community that resulted in death and she is now being held accountable.’

The crimes for which Scanlan was sentenced are as follows: one count of conspiracy to distribute fentanyl, five counts of distributing fentanyl, one count of selling counterfeit drugs, one count of misbranding drugs, one count of conspiracy to commit international money laundering, and one count of distribution of fentanyl resulting in death. The 32-year old San Diego native pleaded guilty to those charges in October 2019. Scanlan’s co-conspirator, Brandon Arias, 34, was previously sentenced to nine years in federal prison for his role in the conspiracy.

Facts disclosed in open court revealed that Scanlan and Arias created an account on ‘Dream Market,’ a dark web marketplace where users buy and sell illegal substances and services, and used that account to sell substantial quantities of narcotics while operating under the moniker, ‘The Drug Llama.’ The charged fentanyl distribution conspiracy lasted from October 2016 to August 2018, during which time Scanlan sold approximately 52,000 fentanyl pills throughout the United States.

According to court records, Scanlan and Arias made over $100,000 from their dark web drug trafficking and split the money evenly. Court records also demonstrated Scanlan’s participation in an international money laundering conspiracy with Mexican cartel members, as well as her role in aiding and abetting the distribution of fentanyl pills to a woman identified as A.W., who later died.

Commenting on the case, U.S. Attorney Steven D. Weinhoeft assailed the culture of criminality that exists on the dark web.

‘Criminals like Melissa Scanlan who recklessly flood our communities with opioids may think they can evade detection in the shadowy corners and back alleys of the internet,’ said U.S. Attorney Weinhoeft. ‘But they will find no quarter there. Where they go, we will follow. With the collaboration of outstanding investigators at our partner agencies, we will use every tool and method available to find these people and prosecute them to the fullest extent of the law.’

‘Illicit opioid distribution, whether online or through conventional drug distribution methods, and the resulting overdoses and deaths, are a continuing national crisis. Those who contribute to that crisis through their illegal actions will be brought to justice,’ said Special Agent in Charge Charles L. Grinstead, FDA Office of Criminal Investigations Kansas City Field Office. ‘We are fully committed to disrupting and dismantling illegal prescription drug distribution networks that misuse the internet at the expense of public health and safety.’

The dark web is an underground computer network that is unreachable by traditional search engines and web browsers, creating a seeming anonymity to users. This false cloak has led to a proliferation of criminal activity on dark web marketplaces, like the one used by Scanlan and Arias.

American Conservative Movement

Join fellow patriots as we form a grassroots movement to advance the cause of conservatism. We have two priorities until election day: Stopping Democrats and supporting strong conservative candidates. We currently have 7500+ patriots with us in a very short time. If you are interested, please join us to receive updates.

Source link

The post #deepweb | <p> Dark Web Fentanyl trafficker, ‘The Drug Llama,’ sentenced to 13 years in federal prison <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Indian authorities arrest their first crypto dark web drug dealer

Source: National Cyber Security – Produced By Gregory Evans

  • The suspect, Dipu Singh, is accused of selling psychotropic and prescription pills on the dark web.
  • He was taken into custody by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act.

In an investigation done by the Narcotics Control Bureau (NCB), India has caught its first darknet crypto drug dealer. The authorities have seized 55,000 tablets in the arrest. The NCB participated in “Operation Trance” – a multinational crackdown on illicit dark web drug sales using couriers, international postal services, and private parcel deliveries.

Global post offices and international courier services were used as logistics for illicit trade. The payments gateways of cryptocurrency were used by the operators to conceal the transactions from law enforcement agencies.

The accused, Dipu Singh, is a 21-year old whose father is a retired army officer. Singh is accused of selling many psychotropic and prescription pills on the dark web and shipping them to the US, Romania, Spain, and other countries.

He started out by selling health supplements and erectile dysfunction medication on major dark web markets. Later, he began selling tramadol, zolpidem, alprazolam and other psychotropic prescription medications. The suspect was taken into custody by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act. 


Source link

The post #deepweb | <p> Indian authorities arrest their first crypto dark web drug dealer <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web

Source: National Cyber Security – Produced By Gregory Evans


If you’re wondering what this seemingly random set of words mean, that is how a fresh database of 461,976 payment card records currently on sale on Joker’s Stash, a popular underground cardshop in the dark web has been listed.

Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks.

At the moment, the source of this new breach is unknown. The card records were uploaded on the 5th of February and that the total estimated value of the database according to Group-IB, is USD4.2 million, at around USD 9 apiece. Till yesterday morning 16 cards details were found to have been sold. Those who buy these cards do so with the intention of committing payment card fraud.

The company says that they have already alerted India’s Computer Emergency Response Team (CERT-In). The Economic Times will update this story as and when we hear from CERT-In on the steps they have taken.

With the sharp rise in digital payments in India and a lack of corresponding rise in awareness of the best practices to use payment cards safely online and offline, the country has become an attractive destination for nefarious elements online.

This newest breach has, according to Group-IB, “exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.”

This is the second major database of Indian payment card details that Group-IB has detected since October when 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash with and estimated underground market value of USD130 million was detected in what became “the biggest card database encapsulated in a single file ever uploaded on underground markets at once.”

According to Dmitry Shestakov, the head of Group-IB cybercrime research unit, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”

They also say that unlike earlier breaches what “distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”

Shestakov adds “such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example.”

Source link

The post #deepweb | <p> Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Indian Government Emails Found Wandering on the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

  • Hundreds of email IDs and plaintext passwords belonging to Indian organizations are available on the dark web.
  • The emails may have been shared among crooks for quite some time, but this has just been discovered.
  • It is time for crucial government entities to use 2FA, and even better, 2SV physical security keys.

Researcher Sai Krishna Kothapalli has found 3202 email IDs on the dark web, belonging to people working on the Indian government and various organizations of the state. The infosec expert has been collecting data from dumps on the dark web for the past four years, creating a humongous database of 1.8 billion email IDs and passwords. According to him, approximately 85% of the passwords he holds are in plain text form, while others have been dehashed by hackers throughout the years. After analyzing this trove of data, Kothapalli recently found some ending with “.gov.in”.

The 365 email IDs belong to employees of the ‘Indira Gandhi Centre for Atomic Research’. Trailing just behind is the ‘Bhabha Atomic Research Centre’ with 325 email IDs. In third place, there is the ‘Securities and Exchange Board of India’ with 157 emails. In total, the 3202 emails belonging to 12 entities, as shown in the graph below.


The researcher tried to correlate his findings with the “Have I Been Pwned” service and found no entries there, so this was a fresh discovery. The conclusion that he drew was that this data must be the product of a targeted phishing campaign since there were no recorded breaches. This means that the employees who have had their IDs and passwords stolen could be at risk of having their accounts taken over. The employees could have changed their passwords in the meantime, but the chances of stuffing attacks against other accounts belonging to the same people remain high.

The researcher is still investigating the data and is in the process of contacting the governmental organizations to alert them about his findings. He points out that when he started investigating this, he was approached by someone who posed as an NDTV reporter. After additional research, he discovered that the email accounts used to contact him had been compromised in the previous months and that the news from back in the time attributed this to North Korean hackers.

So, could this all be the work of state-supported actors from North Korea? It’s quite possible, but nothing can be said with certainty until the investigation is concluded. Right now, the important part is to secure the email accounts by resetting the credentials as soon as possible. Also, and as the researcher points out in his report, it is high time for the government and its organizations to adopt two-factor authentication for the email accounts of their employees, or even better, physical security keys.

Source link

The post #deepweb | <p> Indian Government Emails Found Wandering on the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security