Reading:
The Week in Dark Web – 20 September 2021 – Cybercrime Business Evolves

The Week in Dark Web – 20 September 2021 – Cybercrime Business Evolves

September 20, 2021
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. admin access sale, company database theft, and stealing personal data are on the rise and took their place on the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Unauthorized Access Sale Detected For a Brazilian Company On The Dark Web

On September 14, 2021, on a dark web forum monitored by SOCRadar, a vendor attempted to sell unauthorized access allegedly for a Brazilian manufacturing firm. The dark web vendor claimed that the victim firm is engaged in manufacturing plastic products and has about $1 million. The vendor also stated that the buyer would have RDP access to the over 30 computers in the victim platform.

SQL Injection Caused a Database Dump

On September 14, 2021, on a dark web forum monitored by SOCRadar, a vendor attempted to sell databases belonging to a handyman services website from Belgium. The victim company is engaged in finding handyman service in their home and has over 3,000 registered professionals. In the dark web post, it is said that the administrators of the platform had very weak passwords and outdated software, thus the vendor could use SQL injection to take control of the platform and access tokens of mailboxes and databases. The vendor also claimed that they tried to contact the website administrators various times, starting in March, but they never received any response.

Lebanon Governmental Documents On Sale On The Dark Web

On September 14, 2021, a vendor offered to sell a document database allegedly belonging to the Lebanon government on a dark web forum monitored by SOCRadar. The dark web post stated that the vendor accessed one of the specific platforms belonging to the government. Allegedly, there were 1.4 GB of ID cards, personal documents and passports. The vendor put the database for $500.

The New Ransomware Victim of Lockbit 2.0

On September 18, 2021, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a hardware service organization from the USA on the LockBit 2.0 ransomware group website. Established in 2011, the victim corporation controls the distribution of IoT hardware and services with revenue of over $145 million. The group behind the attack known as LockBit 2.0 is also responsible for last month’s ransomware attack on Accenture, and the victim firm tied up in $50 million. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, licenses, certificates, agreements, contracts and similar sensitive information belonging to the victim organization.


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.