Setting foot in November 2024, the journey along the dark web is still ongoing, full of dangerous activities, and unknown threats. In this month, we see the climbing of some cybercriminal activities, which are now based on technical strategies and the distribution of dark web marketplaces. With an estimated 2.7 million attendees, the dark web continues to be the spot for illegal goods and services ranging from drugs and stolen data forums despite both being prosecuted. Recent reports show that Germany has overtaken the United States in the number of Tor users, clearly indicating the shift of users’ characteristics and behaviors on the dark web.
In this article, we will be taking a deeper look at the dark web by exploring the latest statistics, trends, and notable events both from national and international levels in November 2024. We’ll consider the most renowned marketplaces, analyze recent cyber incidents and talk about how the movement affects cybersecurity worldwide. Come along with us as we escape this shadowy world where anonymity dominates, and illegal transactions experience a high rate of growth.
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
The Dutch police have announced the takedown of Bohemia and Cannabia, the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The move is part of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022. Bohemia served 82,000 ads worldwide daily, with about 67,000 transactions taking place each month. In September 2023, the estimated turnover was €12 million.
The Politie reported that at least 14,000 transactions took place from the Netherlands with a value of at least 1.7 million euros. The police were able to identify several administrators and arrest two suspects, one in the Netherlands and the other in Ireland. Additionally, two vehicles and cryptocurrency worth €8 million were seized.
The dark web is not as anonymous as users may think, and due to international cooperation, the credibility and reliability of these markets have been severely damaged. Ukrainian authorities have arrested a 28-year-old man for allegedly operating a virtual private network (VPN) that allowed people within the country to access the Russian internet (Runet) in violation of sanctions. The service had more than 48 million IP addresses and was launched by an unnamed self-taught hacker from Khmelnytskyi in the aftermath of the Russo-Ukrainian war.
The recent developments follow the sentencing of two individuals affiliated with a Russian threat group called Armageddon to 15 years in prison in absentia for carrying out cyber attacks against government entities in the country.
Some 10 Million stolen user accounts from Mideast on the dark web
Kaspersky’s Digital Footprint Intelligence (DFI) team discovered and analyzed almost 10 million records of stolen user accounts in the first half of 2024, most prevalent in Egypt, Saudi Arabia, and the UAE. The report revealed a complex web of cyber threats targeting organizations in the Middle East, with the main dangers being organized ransomware groups, ideologically motivated hacktivist activities, entry points into corporate networks, and info stealers.
Ransomware groups have become more structured, targeting the UAE and Saudi Arabia. The public sector, construction, and business services industries were among the top targeted industries. Hacktivists are becoming more destructive, shifting attacks to more critical outcomes such as data leaks and organizational compromise. Kaspersky DFI researchers observed over 11 hacktivist movements and various regional actors.
A key target for cybercriminals is entry points into corporate networks, exploiting initial access to more significant criminals who can further develop the attack. They discovered over 40 dark web adverts offering corporate access to government, education, manufacturing, transportation, financial, healthcare, IT, and other regional corporate organizations.
Stolen data and documents are being shared or traded on multiple publications, which can be used to commit fraud, from spam to blackmail, and targeted attacks using victim profiling. In H1 2024, cybercriminals leaked 125 corporate-related databases in different industries, with Saudi Arabia, Iraq, and Egypt experiencing the highest number of data breaches.
Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence, stated that cybercriminals are perfecting existing methods and developing innovative tactics and tools to infiltrate their victims. Vigilance is essential to safeguarding organizations’ network infrastructures from various threats lurking in the dark web.
Hoax threats to airlines: Police suspect use of VPN or dark web
Investigators are investigating bomb threats on various airlines, suspecting that a VPN or dark web browser was used to set up accounts on X. Police are trying to retrieve their IP addresses by contacting social media platforms. The initial probe points to the role of a teenager in creating one of the accounts that posted the threats. Police have also approached social media platforms to suspend the handles that posted threatening messages and asked them to remove the posts. FIRs have been registered regarding the bomb threats.
Airport police have addressed eight bomb threat incidents this month, confirming all as hoaxes after rigorous verification and inspection. On Wednesday alone, three Delhi-based flights received bomb threats, causing panic among authorities and passengers. A bomb threat was received concerning a Bengaluru-bound Akasa Air flight carrying 184 passengers, which forced it to return to Delhi. A bomb threat assessment committee was convened, and a bomb threat assessment committee was convened. Police are holding perpetrators accountable, safeguarding passenger well-being, and maintaining seamless airport operations.
Fortra Report Reveals Surge in Domain Impersonation, Social Media Attacks, and Dark Web Activity
Fortra’s Q2 2024 report reveals a rise in digital threats, including domain impersonation attacks, phishing sites hosted on Legacy Generic Top-Level Domains (gTLDs), and the rise of new gTLDs like.dev.vip, and Russia’s.ru. The report also highlights a 60% increase in brand attacks per month, with an average of 138 attacks per month in Q2. The rise in social media platforms, particularly among younger demographics, has amplified the threat surface, making detection and monitoring critical for organizations.
Counterfeit websites targeting enterprises surged by over 50% from the previous quarter, with brands experiencing an average of 11 attacks in May alone, an 18% increase compared to April. These counterfeit sites often mimic reputable brands to deceive customers and expose them to security risks like malware or phishing attempts.
On the dark web, 93.8% of threats revolved around credit card data and fraud tools, with fraud tools emerging as the fastest-growing dark web threat. Most stolen data is sold through carding marketplaces and chat-based services, making the dark web a critical avenue for threat actors looking to monetize stolen information.
In conclusion, the report highlights the growing threat landscape and the need for security leaders to implement proactive measures to mitigate risk.
A teacher lost life savings after a hacker bought his identity on the dark web for $10
A 27-year-old science teacher, Matthew Shaw, lost £3,500 in savings after selling his identity on the dark web for $10. Shaw, who was on holiday with his wife Davina, received a notification stating he had just paid £3,500 for a hotel room. He immediately called First Direct, who informed him that someone from Romania had opened an account in his name with a digital financial services company called Monese. The scammer linked Matthew’s details to his First Direct account to pay for a hotel.
The £3,500 transaction left Matthew with only £20 in his bank account, and the couple had to end their holiday a week early. Matthew praised First Direct as “brilliant” and fortunately, the money was refunded a week later. Despite tightening his personal security details, Matthew still receives at least six or seven email notifications daily asking him to approve unauthorised sign-in attempts.
Matthew described himself as tech-savvy and had different passwords for all his accounts. He regularly changed his email address and did not think he was vulnerable to identity theft. After a week, the £3,500 payment was refunded to his First Direct account, and he was impressed with how the bank handled the case. He was placed on a 12-month fraud prevention program, which required him to go through rigorous processes when making large transactions, obtaining loans, or setting up new accounts or credit cards.
College student who took job on dark web arrested for attempted robbery
A 23-year-old college student, Masaki Saen, was arrested in Mitaka, western Tokyo, on suspicion of trespassing and attempted robbery. Saen admitted to the allegations, claiming financial difficulties led him to his situation.
He was instructed via encrypted messaging app Signal to travel to Tokyo and meet with other men, who were instructed to break into a home to steal valuables. Saen and several other men broke a window to enter a home in Mitaka, attempting to overpower a 70-year-old male resident. The resident, his wife, and their daughter escaped injuries.
The suspects escaped on foot in different directions. Saen turned himself in at a police box near the east exit of Tokyo’s Ikebukuro Station and is currently searching for the other suspects. Since the end of August, over 20 reported incidents of robbery and home invasion linked to dark part-time jobs have been reported in Tokyo and neighboring prefectures. A joint task force from Tokyo’s Metropolitan Police Department and prefectural police from Chiba, Kanagawa, and Saitama is investigating the involvement of anonymous and mobile crime groups known as tokuryu to determine their command structure.
Colorado patient, employee information posted on dark web in health systems hack
Axis Health System, a healthcare provider in Western and Southwestern Colorado, has reported that its patients’ sensitive information may have been compromised following a security system breach. The company claims that a cybercriminal gained access to their systems, including files for patients and employees. The cybercriminal posted files from the network on the dark web, and they are currently investigating the full nature and scope of the information posted. Axis Health System has 13 facilities in 11 Colorado towns. According to cybersecurity groups, the hacking firm Rhysida was breached by Axis Health, who demanded a ransom of 25 Bitcoin for the data, which amounts to about $1.7 million in actual money. The Cybersecurity and Infrastructure Security Agency (CISA) states that Rhysida typically targets education, health care, manufacturing, IT, and government sectors.
Kurtis Minder, a cybersecurity expert at GroupSense, said that advancements in artificial intelligence have made hacking easier, and many of the best defenses for companies being targeted are procedural. He suggested that concerned Coloradans should consider things like a credit freeze, as well as evaluating their own cyber hygiene by using a password manager, employing two-factor authentication wherever possible, and using identity protection services. The nonprofit health care provider said the “irregular” activity was first identified in August, and further investigation showed that the hackers gained access to the system between July 9 and September 4.
Constella Intelligence Launches HunterTM Copilot AI Assistant for Dark Web Investigations
Constella Intelligence has launched Hunter Copilot, an AI assistant feature within its deep OSINT investigations platform, Hunter. This tool automates the discovery of link relationships through intuitive entity-relationship diagrams, enabling analysts and investigators to quickly visualize complex data and uncover critical insights up to 30x faster than traditional methods.
Hunter Copilot streamlines the investigation process, automatically analyzes thousands of relationships, and frees teams to reallocate resources to higher-priority tasks and enhance overall productivity. Its user-friendly interface and automated features make advanced investigations accessible even to smaller or less experienced teams, enabling users to harness powerful tools with just a few clicks.
Powered by Constella’s proprietary ID Fusion, Hunter Copilot connects different criminal personas of an investigated target to an actual public persona, simplifying the identification of relationships between data attributes.
It provides clear entity-relationship diagrams, fostering collaboration and understanding. Hunter Copilot supports a combination of attributes, generating ranked lists of related identity attributes and personal and professional relationships. It also allows easy exporting of findings in CSV, JSON, or graphical formats, streamlining reporting and sharing processes.
Constella Intelligence CEO Kevin Senator is excited to introduce Hunter Copilot, a tool that elevates the capabilities of investigative teams. It transforms lengthy investigations into quick, actionable insights. With its ease of use, even smaller or less experienced teams can conduct advanced investigations in minutes, enabling them to respond effectively to digital threats.
Canberra woman recruited hit man on dark web to kill parents due to child sexual abuse, court hears
A 30-year-old woman in Canberra, Australia, has been convicted of inciting another to murder due to her sexual abuse as a young child. The woman, who pleaded guilty to the crime earlier this year, had offered $20,000 for her parents’ murder and paid $6,000 towards it through a bitcoin account. However, when interviewed by police, the woman denied having anything to do with bitcoin and said she did not know about the dark web, despite clear proof that was a lie.
Psychologist Tabatha Frew told the court that the woman was autistic and that the overlap of PTSD from the alleged sexual abuse and her autism likely drove the offending. She believed that if she was not sexually abused by a family member, she would not have committed the offenses. The alleged abuse occurred around the age of eight, a critical time for a child’s understanding of good and bad in the world.
The court heard that the woman paid $6,000 towards recruiting the hit man through a bitcoin account. Prosecutor Marcus Dyason challenged Frew’s account, asking if her assessment would change if some of the things she had claimed were shown to be untrue. Ms Frew said she would still be of the same opinion.
When asked whether she had stopped with the plan because she lost interest or didn’t have the money, Ms Frew said it wasn’t simple. Dyason maintained that financial gain was a motive for the offense. The woman has already spent two years in jail waiting for her trial, although she eventually got bail. Her lawyer, Jon White, has urged the court not to impose more prison time given her strong efforts at rehabilitation.
The woman will be sentenced next month.
