Dark Web Digest – July 2024 Edition

This month’s digest brings some exciting and shocking news. There are very serious incidents happened in dark web last month. From MPS leaked data to Department of justice leak data warned everyone that they should take safety measure at all cost. As we already know some way how to stay safe against malware and dark web attacks. However, this becomes more and more dangerous! 

Below are some shocking news we have seen last month in world of dark web. These insights and vulnerability in these incident are really supportive to stay alert from dark web attacks. 

Majority of UK MPs have had their data leaked to the dark web

British politicians have had their data leaked to the dark web, with over two-thirds of them exposed. Out of 650 MPs, 443 have had personal data exposed on the dark web, mostly from third-party services they have signed up to via their parliamentary email addresses. 

This is compared to just 44% of EU MEPs. French deputies and senators had the best security, with only 18% of searched emails appearing in hacker exchanges. 

UK Parliament Cover

The data shows that politicians used their official email addresses to set up accounts on third-party websites, putting themselves and their information at risk. 216 plain text passwords associated with MPs’ accounts were exposed on the dark web, with parliamentary emails being the biggest piece of data involved. Cybercriminals often use the tactic of ‘credential stuffing’ to enter stolen passwords and emails into different platforms to gain access to different accounts. Some social media profiles were also affected, with 16 breaches of Instagram, 117 of LinkedIn, 21 of X, and 21 of Facebook.

Los Angeles schools investigating claims of data for sale on dark web

LAUSD is investigating a claim that certain district records are for sale online, stemming from a threat actor’s post on BreachForums offering to sell about 24 million records belonging to LAUSD for $1,000. 

The LAUSD spokesperson stated that they prioritize the privacy of students, families, and employees. The latest claims on compromised district data have yet to be verified by LAUSD. Kaustubh Medhe, vice president of research and threat intelligence at threat-intel firm, Cyble, said that the records appear to have personal identifiable information, including student IDs, names, dates of birth, English proficiency status, special education status, home addresses, phone numbers, and parents’ names. 

The information can lead to privacy concerns, but the fact that it’s only being sold for $1,000 indicates it lacks sensitive account-level information, making it less valuable for fraud but still significant for secondary attacks like phishing. A new ransomware group called Rhysida has emerged and strongly resembles Vice Society, suggesting that Satanic may be trying to monetize old data posted by the Vice Society group in 2022.

Google is making its dark web monitoring tool 

Google is integrating its dark web report feature into the ‘results about you’ section of the Google app this summer. 

Previously only available to Google One subscribers, the feature will now be available to all Google account holders. The dark web monitoring tool, which was previously exclusive to paying Google One customers, will provide detailed analysis of leaked personal data. 

Google Dark Web Monitoring Tool

The new integration aims to enhance security by making dark web monitoring available to a broader audience. The dark web monitoring will become part of a combined solution with ‘Results about you,’ a feature that helps users find and request the removal of personal contact information from search results. 

This expansion comes after Google ended support for its Google One-destined VPN tool due to lack of use by customers. Google aims to focus on more frequently used tools.

Police to probe reported fingerprint data sales on dark web

The Indonesian National Police are investigating reports that data from its Automatic Fingerprint Identification System (Inafis) was being sold on the dark web after a massive national database breach that temporarily crippled public services. 

The National Cyber and Crypto Agency (BSSN) revealed that a new variant of ransomware was used in the cyberattack on two temporary National Data Center (PDN) facilities, which affected databases managed by over 200 central and regional institutions. 

The cyberattack occurred around the same time that the BSSN discovered that data allegedly stolen from the police’s Inafis was being offered for sale on the dark web. The government is still trying to restore public services affected by the ransomware attack, although some services have been restored and are running normally, such as the Immigration Office under the Law and Human Rights Ministry.

Dark Web Sees 230% Rise in Singapore Identity Theft

Singaporean security researchers have found a 230% increase in dark web activity involving stolen identity information from citizens. Cybercriminals are selling these stolen documents, which can be used for fraud, identity theft, impersonation scams, and bypass Know Your Customer (KYC) protocols. In April 2024, there was a significant increase in data dumps on the dark web, with thousands of records available for sale. 

Singapore Identity Theft

These records often include biometric data, which are reused for illegal activities, including deepfakes. Nation-state actors and foreign operatives are also interested in this data for intelligence gathering. 

A significant portion of the stolen data was found on XSS, a prominent underground forum. Cybercriminals are also selling templates for forged documents with advanced security features. Singpass accounts, which provide access to government and private sector services in Singapore, have also been found for sale on the dark web.

Preteen Girl’s 92% Instagram Followers Grown Up Men, Pics Found On Dark Web: Report

Instagram, a platform owned by Meta, has been a topic of discussion about online safety due to incidents of girls being targeted by predatory adults. 

A recent report in the Wall Street Journal (WSJ) revealed that 92% of a preteen girl’s US followers are grown men. The girl started her Instagram channel after being encouraged by her mother to become an influencer. The algorithm steered men with deviant sexual attraction to her page, resulting in unwanted comments and sponsored offers. 

The girl’s page’s follower count grew to over 100,000 within a year, and she started receiving sponsorship offers. However, the comments from grown-up male followers became worse when she launched a paid subscription for “super-fans.” Meta has maintained that it does not allow anyone under 13 to open accounts on their own, but it has not done enough to stop incidents like these. 

The site’s algorithms take users to their favorite content without any filter about its appropriateness. The girl’s mother moderates comments and does not allow certain types of photos, like swimsuit pictures. 

Last year, WSJ linked Instagram’s recommendation algorithms to a “vast network of paedophiles” seeking illegal underage sexual content and activity.

BlackBerry Cylance Data Offered for Sale on Dark Web

BlackBerry is investigating a potential data breach involving Cylance data being sold on the dark web. The cybercriminals are claiming to have 34 million million customer and employee emails, personal information, sales prospects, and user and partner lists. 

The data was accessed from a third-party platform and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio. BlackBerry is aware of the potential data breach and is currently conducting an investigation.

Blackberry
BlackBerry Limited – software company specializing in cybersecurity

Emsisoft threat analyst Brett Callow noted that the Cylance data may have been obtained as a result of a recent campaign targeting customers of cloud data platform Snowflake. The campaign has impacted many organizations, including high-profile companies like Ticketmaster, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, Santander Bank, and State Farm. 

There is no evidence that the attacks involved a vulnerability in Snowflake systems or products, or that the vendor’s production or corporate systems have been compromised. BlackBerry does not confirm or deny that the data comes from Snowflake, but it is currently not a Snowflake customer.

Department of Justice on dark web marketplace arrest

The last news we got is marketplace arrest. Rui-Siang Lin, the creator of Incognito, has been arrested in the US for allegedly operating a $100 million dark web scheme to traffic deadly drugs. The FBI and Homeland Security Investigations New York have accused Lin of operating Incognito Market, one of the largest online platforms for narcotics sales, and of conducting $100 million in illicit transactions.

The site allowed anonymous transactions through a unique banking system that authorized cryptocurrency deposits and transfers, ensuring the anonymity of buyers and sellers. 

The FBI has also emphasized the ongoing work to disrupt illegal drug sales online, which often have tragic consequences. The Food and Drug Administration’s Office of Criminal Investigations has also weighed in, stressing their ongoing work to disrupt illegal drug sales online. 

If convicted, Lin faces several charges, including a mandatory life sentence for engaging in a continuing criminal enterprise, narcotics conspiracy, money laundering, and conspiracy to sell adulterated and misbranded medication. The US Attorney General, Merrick B. Garland, has criticized drug traffickers who believe they can operate outside the law on the dark web.

 

I'm Chester Li, a cybersecurity and cryptography specialist based in Beijing, China with over a decade of experience. I focus on securing digital infrastructures and protecting sensitive information worldwide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top