Attackers on the dark web have become more active by the end of 2022

Attackers on the dark web have become more active by the end of 2022

2023-03-15 23:59:34

By the end of 2022, illegal trade on the darknet began to recover after a sharp drop. During the second half of last year, the number of transactions with guarantors on the shadow Internet doubled – from 19,500 in June to 40,000 in December, according to a study by Kaspersky Lab (the document is at the disposal of Vedomosti). Guarantors are intermediaries whose services are used by cybercriminals to reduce risks when concluding transactions on the shadow Internet.

Kaspersky Lab analysts studied ads on 226 international forums and darknet platforms, as well as in 489 public Telegram channels used by cybercriminals. It turned out that the total number of messages on the dark web that somehow mention the use of the guarantor over the past three years (2020-2022) amounted to more than 1 million, of which almost 313,000 were published in 2022.

For most of last year, there was a decline in the activity of cybercriminals on the shadow sites, including those associated with guarantors, follows from the study data. In particular, in January 2022, the number of ads mentioning guarantors was slightly more than 50,000, and in June it dropped to 19,500. This may be a consequence of the aggravation of the geopolitical situation: the global crisis for many cybercriminals was the impetus for a temporary or complete cessation of illegal activities and moving to a new location at the expense of accumulated capital, analysts at Kaspersky Lab suggest.

In February-March 2022, traditional criminal activity on the dark web dropped to almost zero, explains Alexander Vurasko, an expert at the RTK-Solar external digital risk analytics center. This is due to the fact that against the backdrop of the departure of Visa and Mastercard payment systems from Russia, the usual forms of payment for illegal goods have become inaccessible, he continued. Restrictions on cross-border transfers and the operation of bank cards “broke” a large number of international fraudulent schemes, confirms Ashot Oganesyan, founder of the DLBI data leak intelligence and darknet monitoring service. Substantial part [криминальных] schemes somehow included Ukraine, for example, with call centers of “bank security services”, and carders cashed out funds from stolen cards through Western online stores, the expert explained.

In October 2022, the number of mentions of guarantors, primarily in shadow Telegram channels, began to grow again, follows from a study by Kaspersky Lab. In December, there were already about 40,000 such ads, i.e. the level of activity of intruders recovered from the decline, approaching the figures at the beginning of the year.

On the shadow Internet, personal data of citizens, information about various companies (databases of employees or customers, corporate information, etc.) are put up for sale. They also sell malware and access to the infrastructure of organizations, services for collecting confidential information, withdrawing stolen money, conducting DDoS attacks, etc.

In the darknet, the bulk of illegal transactions go through the guarantor, as this ensures the security of the transaction for participants, say cybersecurity experts interviewed by Vedomosti. For its services, the guarantor takes a certain amount or a percentage of the transaction, explains Nikolay Chursin, an analyst at the Positive Technologies information security threat analysis group. In many shady forums, transactions through a guarantor or even a special service that works without human intervention are mandatory, he noted.

The data that in the middle of 2022 there was a decline in activity in the darknet refer specifically to the European market, including Russia and Ukraine, Igor Sobetsky, head of the Information Security Incident Investigation department at FBK CyberSecurity, noted. In the American shadow market, according to him, the European events were reflected very weakly.

Over the past year, several leaders of the darknet sites have been arrested, which has led to a certain lull, added Evgeny Kachurov, an information security expert at Axenix. But there are “successors” who can use the “reputation” of the previous site and offer the same services, he knows.

By the end of the year, the criminal market partially recovered, criminal groups found new members, and special crypto exchangers appeared to withdraw stolen funds abroad, Oganesyan continued. Financial schemes have been adapted to new realities, and hacktivism, while maintaining a high level of hacker activity, has increasingly begun to give way to the traditional desire to make money, added Vourasko. As a result, according to him, the total number of transactions on the dark web and, consequently, the number of transactions through guarantors has increased.

Black market numbers are steadily returning to late 2021 volumes, Vourasko added. “Despite the fact that the black market, like any market, has its saturation limit, we can expect further growth in the number of transactions,” he said.

Vedomosti sent inquiries to Roskomnadzor and the FSB.

#Attackers #dark #web #active


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News

Editor's Pick