The Week in Dark Web – 14 November 2022 – Access Sales and Data Leaks
Powered by DarkMirror™
November is the time of year when shopping sites are most targeted by threat actors. Just two weeks have passed, but there are many shopping sites’ databases and access sales on the dark web. On the other hand, there is one week left until the start of the FIFA World Cup 2022, which may be the focus of attackers.
Here are the highlights of the past week.
Find out if your data has been exposed on the deep web.
Unauthorized Access Sale for Qatari Facilities Related to the 2022 FIFA World Cup
On 9 November, the SOCRadar Dark Web Team reached a new unauthorized access sale on a Telegram channel. On the post, threat actors stated that they sell access related to the facilities and venues, and 60.000 users’ data can be accessible. Moreover, the vendor says the venue accesses are viable for ransomware operations. The cost of single access for 6-9 different organizations is 4BTC (~$67,500).
Considering the last couple of FIFA World Cups, one can figure out these events are hotspots for many threat actors with different backgrounds & motivations. So, it is highly expected to be encountered with more cyber-attacks focusing on the upcoming FIFA event.
Unauthorized Access Sale for a Swiss IT Company
On 9 November, threat actors posted an unauthorized access sale in a hacker forum that SOCRadar regularly monitors. The sale offers unauthorized access to a Swiss IT company that allegedly has a total revenue of $6 Billion. The vendor continues with auction values and states a specific user as escrow of the sale.
Database of an Indonesian Shopping Forum is Leaked
On 8 November, a new post about a database leak was detected by SOCRadar Dark Web Analysts. In the post, the vendor claims they are motivated to share this leak since one of their friends had a negative experience with the respective forum’s service. Interestingly the vendor also states they can share samples of the leak for free, but not all the data does not mention any sales price or contact method.
Unauthorized Access Sale for a British Shop
SOCRadar Dark Web team has found a post on a forum that auctions unauthorized admin-level access. The vendor explains the daily usage of the website for recent periods to prove the website’s activeness. Then, it shares the auction standards along with highlighting the escrow demand.
Unauthorized Access Sale for a European Shop
SOCRadar detected an unauthorized admin access sale for an e-shopping website in Europe. According to the vendor, the shop has dense traffic of 70,000 people daily from seven countries across Europe. The vendor also mentions the admin privileges on the site and states the auction values for the access: the $5000 start value, $1000 step, and $30,000 blitz value.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.