<div dir="ltr"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="https://www.securityweek.com/where-theres-will-theres-way-beyond-dark-web-marketplaces">https://www.securityweek.com/where-theres-will-theres-way-beyond-dark-web-marketplaces</a><br><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Nearly a year has passed since the takedowns of<span> </span><a href="https://www.securityweek.com/dark-web-market-alphabay-goes-down" style="font-weight:700;text-decoration:none;color:rgb(0,118,180)">AlphaBay</a><span> </span>and<span> </span><a href="https://www.securityweek.com/us-european-police-say-dark-web-markets-shut-down" style="font-weight:700;text-decoration:none;color:rgb(0,118,180)">Hansa</a><span> </span>by law enforcement efforts that left many speculating about the future of dark web marketplaces. Expectations of an older, established market replacing AlphaBay, or the emergence of a new marketplace, have fallen short. Dream Market and Olympus are among those to have made a play, but no single marketplace has risen to the top, at least among the English-speaking community. And mistrust, fear and high barriers to entry are preventing new marketplaces from flourishing. But as the adage goes, “where there’s a will there’s a way.” So instead, we’re seeing cybercriminals rely on a patchwork of alternative solutions to conduct illegal, online trade.</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Users are retrenching to more specialized forums dedicated to hacking and security, which often act as a platform for trade. Sites like CrimeNet, HPC, and Exploit[.]in contain many examples of threat actors offering products such as ransomware variants, exploit kits, compromised accounts and payment card data. These sites work on a direct transfer system where vendors and customers will communicate directly to arrange payment, often through messaging services such as Jabber. Typically, sellers will advertise their products on these forums, and then direct users to dark web sites to arrange payment. </span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Learning valuable lessons from the takedowns of AlphaBay and Hansa, administrators of these forums have been incorporating new technologies and processes for added security and trust among users. </span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Some have been experimenting with a decentralized Blockchain domain name system (DNS), which do not have a central authority, and is deemed to be much harder for law enforcement to take down criminal sites. Despite this promising model, the adoption of blockchain in this way hasn’t taken off yet, but merits ongoing monitoring. Administrators are also updating processes to improve site security – advertising the store without revealing the domain, limiting new users’ access using mechanisms such as posting limits and area access restrictions to hamper law enforcement activity, or requiring multiple invitations or referrals from established members. </span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Another significant shift is that many cybercriminals are choosing to conduct their business away from </span></span><span style="font-family:"trebuchet ms",geneva;font-size:medium">dark web marketplaces and underground forums altogether. Increasingly, they are using their site to advertise their service and then directing users to dedicated channels on Jabber, Internet Relay Chat (IRC), Skype, Discord and Telegram to conduct their business. Buyers can contact sellers directly through peer-to-peer networks and private chat channels and execute transactions using cryptocurrencies or electronic payment services. With buyers and sellers spread widely across an increasingly decentralized community, the belief is that it will be more difficult for law enforcement operations which took advantage of having users congregated into a single, central location such as a marketplace.</span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">As cybercriminals incorporate new processes, technologies and communication methods to continue their operations and realize financial gain, businesses and consumers should remain vigilant. The data and services cybercriminals are advertising within dark web markets and forums, point to four areas of concern:</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva"><span style="color:rgb(51,51,51)">● </span><strong>Payment card fraud</strong>: the sale of credit cards as well as carding support, such as </span></span><span style="font-family:"trebuchet ms",geneva;font-size:medium">manuals and support services.</span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva"><span style="color:rgb(51,51,51)">● </span><strong>Account takeover</strong>: user accounts for sale, including high profile breaches, </span></span><span style="font-family:"trebuchet ms",geneva;font-size:medium">repackaged credential sets, and cracking software.</span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva"><span style="color:rgb(51,51,51)">● </span><strong>Counterfeits</strong>: fraudulent documents, scans, currencies and luxury goods.</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva"><span style="color:rgb(51,51,51)">● </span><strong>Insider threat</strong>: sharing of access to corporate networks and information.</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Preventing your data from circulating within the cybercriminal ecosystem is a major challenge. But here are five general tips that can help reduce the chances of your data falling into the wrong hands:</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">1. Know where your most sensitive data resides, and then understand how a cybercriminal would monetize that data. </span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">2. Monitor the open, deep and dark web for mentions of your business, brand or personal information.</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">3. Increase your monitoring to cover peer-to-peer platforms and messaging channels that are increasingly being used by cybercriminals.</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">4. Use unique and strong passwords on your most sensitive or personal accounts and enable multifactor authentication to prevent account takeovers.</span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;padding-left:30px"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">5. Don’t forget about third parties. Contractors and suppliers with privileged access to your sensitive information are also a weak point. Monitor and secure your supply chain networks in the same way you would your own employees and assets. </span></span></p><p style="color:rgb(51,51,51);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:12px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:medium"><span style="font-family:"trebuchet ms",geneva">Despite the demise of AlphaBay and Hansa, and the success of law enforcement operations, illicit online business will continue, and the same data and services will remain valuable. It is the marketplaces, forums and communication channels that will change. By closely following these shifts and trends, and watching for new activities and actors across a variety of data sources – not just the dark web – security professionals can continue to take steps to mitigate the digital risk to their enterprises, partners and customers.</span></span></p><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>