The Week in Dark Web – 22 November 2021 – Access Sales and Data Leaks

Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

The New Ransomware Victim of Avos Locker

On November 20, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a school from the US on the Avos Locker ransomware group website. Established in Montana, the victim high school has more than 300 students. According to the ransom post, the ransomware group stated that if the high school officials refuse to negotiate, they will leak all the data they have got.

Unauthorized Network Access Sale Detected For A Mobile Services Firm from Mexico On The Dark Web

On November 15, a dark web vendor attempted to sell unauthorized network access for a Mexican mobile services firm on a dark web forum monitored by SOCRadar. According to the dark web post, the buyer would have VPN and Cisco access to the firm’s web corporate systems and servers. The vendor also stated that the victim firm has a revenue of $6 billion and put the network access on sale for $1 thousand.

Stolen Credit Cards and E-passports Are Being Traded On The Dark Web

On November 18, SOCRadar detected a post allegedly trading stolen credit cards and e-passports. The vendor claimed to have various clone cards with different validities and assured that the cards are highly untraceable. According to the underground market post, Spain and Germany are the most common sources of stolen credit card data. The vendor also stated that the buyers would receive an answer with the details of the card: first and last name, country and address.

Customer Database of An E-commerce Firm From China Leaked On The Dark Web

On November 19, a vendor claimed to have databases allegedly belonging to an e-commerce company from China on a dark web forum monitored by SOCRadar. Beijing based victim organization is engaged in online shopping. According to the dark web post, breached database contains phone numbers, full names and various personally identifiable information (PII) of thousands of customers.

Unauthorized Network Access For Companies from The UK and Jordan Put On Sale

On November 16, on a dark web forum tracked by SOCRadar, a vendor offered to sell unauthorized access allegedly for Jordanian and British companies. While the dark web vendor did not give the names of the victim firms, it is claimed that one of the victims is an agriculture firm with a revenue of $35 million and the another victim is a veterinarian company which has a revenue of $23 million. The buyer would have the ability to manage remote desktop connections of the systems belonging to the victim firms.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.