ThreatBites 08: Dark Web Stories & Forums

Today we have our two DarkInvader team members, 4NG3L & E4GLE, talking about dark web stories and forums currently popular on the Dark Web and how you can report this if you are impacted.

ThreatBites 08: Dark Web Stories & Forums

Today we have our two DarkInvader team members 4NG3L & E4GLE, talking about dark web stories and forums currently popular on the Dark Web.

What Are The Forums on The Dark Web?

The dark web is host to a wide variety of forums, websites and online marketplaces where users can buy and sell goods. There are forums dedicated to illegal activities such as drug selling, hacking services, counterfeit currency and stolen credit card numbers. Some forums also include leaking data of companies or their employees on the dark web, which can be detrimental to a businesses security.

What Are Some Examples of Data Leaks on The Dark Web?

Data leaks on the dark web can be devastating to any company. For example, huge companies such as LinkedIn, Adobe and Dropbox have all had their user data leaked on the dark web. This means that any personal information stored regarding employees and customers was accessible to those with knowledge of how to navigate the dark web. Other examples include leaked financial data from banks, political emails, and personal records.

What Should You do if Your Data has Been Leaked?

If you find out that your data has been leaked on the dark web, it is important to take steps to protect yourself. First, change all of your online passwords and make sure they are secure. Secondly, be aware of any suspicious activity or emails from unknown sources.  Finally, contact your financial institution and any other companies that may have been affected by the data leak and ask what measures they are taking to protect you.


Our DarkInvader team discuss popular forums and talk through the workings of the dark web and how you as a business can identify early warnings of cyber risks and threats. Have a listen.


Transcript

Welcome to another DarkInvader threat bites on these threat bites we discussed the latest Dark Web stories.

A report has detailed how the majority of the world's top cybersecurity companies have had their data exposed on the dark web. The survey from the application security farm immunity web took a sample of nearly 400 of the largest cybersecurity companies from the 26 countries across the globe. With the majority based in Europe and the US further data identify that 29% of leaked passwords belonging to the security companies were weak and that employees from 40% of the organisation had refused credentials across different online services.


On today's threat back we welcome Angel for our news and Eagle it's good to be here. Both of the identities have been hidden for privacy. Thanks for joining me guys on today's threat bite. So let's get this started. So how can we know if our emails and personal details are on the Dark Web? Angel? Do you have anything to say about that?


Well, yeah, lots of them, obviously notorious for being on the dark web and things but as he said the clearnet has also has a large variety of leaks and information and credentials and things. And one of the main ones would be a website called the house, if you can go on there and things you can search up companies and see if yours are leaking things and credentials are on the internet. And then you can remove them and you can like remove them from the website, which is a great feature if you are a company owner or are part of an organisation. But your placements are a great one as well.


They can be found through lots of things. I mean, the dark web is definitely the best one or like with all of the websites and things such aren't allowed and things on the clear now that's the best way to for threat actor to access lists and game gains by obtaining these credentials.


A lot of these threat actors will download these credentials off the data points and make their own password lists or own financial lists. So it's important to note that, you know, all the notorious ones from our games will most likely have their own sort of database of ugly credentials that they're capable today, when, when and where the breaches happen.


Yeah, I think that was a great mentioned by Eagle about the ransomware gangs taken in the own databases and things of these credentials. And that's something we adopted, he already taught in VEDA, bringing into having a look at databases and credentials and bringing our own credentials and who they are based on things. Can you give our listeners some examples of data leaks on the dark web?


I'd say that the three main breaches that we find a lot of employee emails are in is Adobe, LinkedIn, and Dropbox. Purely because these are just the types of services that people sign up for work. I mean, a lot, a lot of organisations use drop out, a lot of times they use LinkedIn, and Adobe etc. So it just introduces a big single point of failure for these organisations because they're signing up with their, their emails, and if they ever did get hacked, and you know, it was in 2013, you don't really happen. And it's still a prevalent list on the dark web that people download. And it makes up, it makes up a decent amount of that the leaked credentials out there. So it's there's just an important note that you put a lot of trust in these companies.

And if they do ever get breached is that's where it becomes important not to reuse same passwords and to make sure you have to have their two factor authentication enabled to try and minimise the risks that you can put these compose some great points. You've mentioned that Eagle. Angel, is there any comments you would like to add?


Yeah, so I mean, ego touched on some really good points. And you only mentioned three of the data breaches. But I mean, that doesn't even scratch the surface. And in terms of how many are actually out there, and to public knowledge as well. I mean, there's many databases out there that most guys don't even know where they're coming from, and where they've been leaked from and things. So, I mean, it can be a scary thing for companies and people in general.


So what should you do if your data has been leaked?


I mean, there's lots of incident response companies and teams that can really help you bring together a good plan of action and how to mitigate the damage to the best of your ability. But if this data is really sensitive, and it means a lot to you and your organisation, and it's illegal in the first place, I mean, I feel like the police should definitely get involved. And that should be one of the first calls being made.


Another important step in preventing the damage that you can know is not necessarily how they get leaked, because there's, as just the company's not a lot you can do but in preventing sort of mitigating the risks that can happen, it's definitely important to just never reuse these passwords. Because the reason criminals want these data lists is so they can try and log into our servers with them because they know how many people reuse a password. So just ensuring that your password policy shows that employees aren't allowed to reuse passwords of their strong passwords. And additionally, that any two factor authentication is a really powerful tool nowadays that most services will employ whether it be an authenticator app or a text to your to your phone or something like that. These are important so you know, shall these credentials ever get leaked, they'll never be able to do the one time password.


So these are controls can help mitigate what damage that these leaks can do.


Dark Web and deep web are sometimes confused by people thinking they are the same. What is the difference between them two, I think it's best if you take into account a normal browser, for example, Google, Google limit what gets shown on on their browsers a lot. In terms of the clear slash, deep web, that's more of a all URLs in all websites and things get uploaded onto that. And then in terms of the the dark web, that's things like onion links, and an illegal things that shouldn't be up and you can really, in terms of the dark web, it's hard to really, the, the idea of what's been given from it in the past, and the present still, is, is really not what it's like. And you don't just go on the dark web and see all the things you hear and things. And even to get down that rabbit hole in a sense, you need to really know what you're looking for. And if you don't know exactly what you're looking for, you're really going to struggle a stumble across this, Angel mentioned Onion Routing ego, can you explain to our listeners what onion routing is.


So this is generally what we mean by the dark web out what's called Tor Hidden Services Tor being that it's actually a nonprofit charity, technically, they work off donations. And it's an implementation. Tor literally stands for the onion router, and the onion routing, basically, it takes all your traffic and encrypts it with layers of encryption, hence the name of onion routing, so that and then bounces your connection across the world before it gets to the server. And this just ensures that if anyone was intercepting these messages, at any point, they have no idea what it is you're doing and know who you are, which is the main point of time. And this is why it's called the dark web. Because this anonymization means that law enforcement agencies have a very hard time finding out who you are and what you're doing. Because there's no distinction between there's plenty of perfectly legal sites on the dark web, and then equally, plenty of very legal stuff, there is no distinction all all you can see is just that this user is using tar. And that's it, you don't know who they are, you don't know where they are. And that's that's the aim of onion routing. And that's what tar and that's how tight implemented.


I think that's great eagle, I think you should mention about how it was founded and how it how it came to fruition, because I feel like that's a great little backstory of how Tor and the dark web even occurred. Yeah, so the protocol that was only in routing was defined by US Navy research, it was to protect the identities of spies working abroad, essentially. And it was just the onion routing protocol. It's, you know, at its core, it's just a lot of maps and a protocol like any other in computing.


And now it's, it's evolved into what is Tor and you can, they rely on donations, they are literally a nonprofit organisation. So they're taken what US intelligence made, and they've evolved into a nonprofit organisation, they work off donations, and they work on their own users have to host the network. So you can volunteer if you've got enough bandwidth to host a toll network. So it's interesting how it was developed by the US military research for them. And it's evolved now into what we'd refer to as the dark web.

Yeah, I think it's worth to mention as well, even though the dark web comes across as a bad and scary place and things which which it can be, there's also a lot of good in it with journalists and people, people in dangerous situations, situations, being able to be able to anonymously report and help help the good of the world at the same time. So I think that's also a great thing. It's not the analytical, the dark web and things like that. But I feel there's definitely two sides to what or is.


Yeah, exactly. And something that often surprises people is that the BBC and the Guardian both have that website. And this is so people in countries where internet access is either restricted or blocked or censored by the government. Tor completely bypasses this and lets them view uncensored news. And and also, the Guardian has a portal where you can upload new stories for dissidents in other countries, whether it be for war crimes, or anything that they've witnessed. They're gonna upload this completely anonymously without the threat of being arrested. And there's also sites that host the Bible and the Koran and other texts for, again, in countries where this information isn't even available on the clear web.


So yeah, it's like Angel said, there's a lot of good uses for the dark web. But obviously, it comes to a lot of people mind, especially having a name like the dark web is all the illegal activity that take place on it. But there is plenty of good stuff. And there is plenty of good stuff that goes on on the dark web, which is definitely worth noting with the stolen credentials. What do cybercriminals do with them? Do they just put them on the dark web or is there a lot more to it?

There's tends to be two camps with the cyber criminals.


There is cyber criminals who get these data and then they'll sell them on forums and that's they make money that way. They'll last for so much Bitcoin theory and whatever cryptocurrency they accept, and they'll just make money that way. And they can make an extensive amount of money because these credentials are in, in supply by the second group, they want to use them to do credential stuffing attacks, maybe make a phishing email, you can imagine if someone was to email you, and it had your password in it, you'd be you'd be that much more likely to believe them. So, you know, there's two sort of camps of people who want to sell them on the dark web and make money that way. And the criminals he wants to use it for malicious intent against the company itself.


Yeah, I think that's a great mention, in terms of the leaks and things that often come with companies and organisations and things. And if a threat actor wants to get the hands on this, there's a lot more money in businesses and organisations, if they were to send phishing emails, and good about go about it in that sense. So it would prove to the threat actor to be much more profitable for them to go about getting their hands on a database, especially a fresh one. And then going out that way, instead of just doing random people, which you don't know what the what the turnover rate on them emails would be two or three doctor. So I feel that you can get a lot more a lot more peace of mind if they were to go about it in that manner.


Eagle, I noticed you mentioned credential stuffing. If you are listening to this podcast and want to know more about credential stuffing, we actually do have a whole podcast on credential stuffing, be sure to check it out. So how can people prevent that whereby even that web data exposures as we've mentioned it throughout the podcast that there's not a lot you can do to prevent these initially becoming breach because these happen when third party services that your company is using get breached? So in terms of that, there's not a lot you can do. But I think Angel could talk a lot about the controls that you can implement to prevent the risk of this.


Yeah, well, I mean, in terms of organisations and companies that are especially security based, the need to be getting run through a security protocols and security training and what to do in certain situations as just the likes of one email could destroy your company. And they could lose profits, like quicker than they could blink. So I mean, long passwords to just understanding that these things can occur and occur more than some people would think. So that's definitely a great way to go about things.


Yeah, it's a great point, I'd imagine. I'd imagine most companies have leaked credentials or somewhere it's not. It's not, it's pretty much unavoidable. So I imagine if your companies are being a bit too naive about this, it's definitely worth checking. Because there are probably credentials out there. So don't think you're immune, because there are probably definitely your passwords on someone's dark website. So it's definitely worth checking in. And that's something that dark invader offers.


Yeah, I also think it's worth mentioning as well are companies and organisations that do have weak, weak security and things if you do manage to get breached, or your security slips up somewhere, then the government can hand out pretty big fines. And that is, the fines that can occur and things it would be a lot more, you'd save a lot more money just by going through the training and the reputation alongside that as well as if you own a company or business. You know, that means a lot to customers and to other companies in terms of partnerships, and etc.

Have you both got any closing comments before we wrap up this podcast?


Yeah, so I'd like to say thank you for having me on the podcast, of course. But in terms of what we've talked about in everything that goes on, I mean, he are riddled with it. We call out a majority of this, and we do it in a very professional and to a high standard at the same time. So yeah, I feel like you should definitely browse over to the Dalton VEDA website, DarkInvader.io and just book a demo. So how we'll go about things, see if it's to your standards, because most companies could definitely benefit off their cybersecurity, especially going into the future of what we're going into IT admin very technological and advanced. I mean, a lot of people are ahead of the curve already and if your company is needing this, and you can also be ahead of the curve as well.


It's been great having you both on today's threat bite.

Thank you for having us.

Thank you very much.


Both Angel and Eagle have discussed crucial information today on data breaches and the best practices to stay safe from the dark web. If you are listening to this podcast. Avoid browsing on the dark web as even if you have good intentions, and it's easy to stray off the beaten path and encounter illegal material sites or malware.


Follow our Dark Invader Spotify page for more.


blog

Related articles

BREAKING NEWS: LockBit Ransomware Takedown

February 22, 2024

Read

Is My Email on the Dark Web? How To Tell & What To Do

February 9, 2024

Read

An Introduction to AI-based Audio Deep Fakes

February 8, 2024

Read

Apprenticeship Journey's at DarkInvader

February 5, 2024

Read

Deep Vs. Dark Web: What's the Difference?

January 24, 2024

Read

Open Source Intelligence for External Attack Surface Management

January 23, 2024

Read

What is Typo Squatting?

January 15, 2024

Read

How IT Teams Can Identify Unknown Public Attack Vectors Through OSINT Gathering

January 11, 2024

Read

Why Should Businesses Scan The Dark Web?

January 9, 2024

Read

What is a Dark Web Scan?

January 8, 2024

Read

The Role of Domain Security in Phishing Prevention

January 4, 2024

Read

Unveiling The Positive Potential of The Dark Web

January 3, 2024

Read

How Threat Actors Choose Their Victims

December 21, 2023

Read

The Problem with Social Media and the Risk in 2024

December 20, 2023

Read

Unmasking Threat Actors: Safeguarding Your Business in the Digital Battlefield

December 19, 2023

Read

Risk Mitigation Strategies for Modern IT Teams

December 4, 2023

Read

The Crucial Role of Vulnerability Management in External Attack Surface Management

November 29, 2023

Read

How to Detect and Respond to Dark Web Threats?

November 23, 2023

Read

A Guide for Executives Faced with Cyber Extortion

November 22, 2023

Read

Why External Attack Surface Management is Important in Today's Digital Landscape

November 13, 2023

Read

How Deploying an EASM Solution Strengthens Your Security Posture

November 8, 2023

Read

Enhancing Cyber Defence: The Role of External Attack Surface Management

October 26, 2023

Read

The Imperative of Monitoring the Dark Web: Protecting Our Digital World

October 26, 2023

Read

10 Ways to Protect Your Online Identity

October 18, 2023

Read

Navigating Cybersecurity Breaches: Lessons from Sony’s Recent Incident

October 16, 2023

Read

What is Human Attack Surface?

September 25, 2023

Read

OSINT Tools & Techniques

September 12, 2023

Read

What is Quantum Computing?

September 12, 2023

Read

Dark Web Forums Vs Illicit Telegram Groups

August 18, 2023

Read

What is Attack Surface Mapping?

August 10, 2023

Read

LockBit Ransomware Gang

July 31, 2023

Read

What is The Dark Web?

July 24, 2023

Read

The Cyber War - Russia & Ukraine

July 17, 2023

Read

Attack Surface Reduction Rules (ASRR)

June 30, 2023

Read

Protecting Your Digital Identity: Essential Cybersecurity Practices

June 23, 2023

Read

Whistle Blowing & The Art of Online Privacy

June 21, 2023

Read

How Does Attack Surface Management Work?

June 16, 2023

Read

Why is Attack Surface Management Important?

June 13, 2023

Read

Cyber Criminals: Being Anonymous Online

June 12, 2023

Read

Exploring The Deep Web and Debunking Myths

June 7, 2023

Read

New Ransomware Group: Akira Ransomware

May 23, 2023

Read

New Form of AI: Deep Fakes

May 23, 2023

Read

Capita Hack

May 19, 2023

Read

The Monopoly Market Attack

May 17, 2023

Read

The DarkInvader Insider Video

May 15, 2023

Read

New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks

May 12, 2023

Read

Chat GPT - What Happened?

May 11, 2023

Read

Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities

May 10, 2023

Read

Black Basta Cyber Attack Hits Capita

April 25, 2023

Read

Genesis Market and Breached Website Shut Down

April 17, 2023

Read

3CX Attack - What Happened?

April 14, 2023

Read

How Geopolitical Tensions Impact Cyber Security

April 12, 2023

Read

How to Detect and Respond to Dark Web Threats?

April 3, 2023

Read

What is Threat Intelligence?

March 29, 2023

Read

'TikTok Due to be Blocked From Parliamentary Devices and Network Over Cyber Security Fears'

March 27, 2023

Read

How Can Hackers Destroy Your Business?

March 23, 2023

Read

Top Emerging Cyber Threats for Businesses in 2023

March 20, 2023

Read

How Can Wide Digital Intelligence Overcome Challenges to Solve Crypto Crimes?

March 6, 2023

Read

DarkNet Drug Markets - Breakdown

March 2, 2023

Read

Dark Web Market Revenues Sink 50% in 2022

February 20, 2023

Read

Are Cyber Criminals Offering Jobs on The Dark Web?

February 10, 2023

Read

ThreatBites 08: Dark Web Stories & Forums

January 31, 2023

Read

Why Has There Been a Recent Spike in Ransomware Attacks

January 24, 2023

Read

A Glimpse Into the Dark Web: What You Can Find In the Marketplaces and Forums

January 9, 2023

Read

Why Should Businesses Actively Search for Threats?

December 20, 2022

Read

ThreatBites 06 - Christmas Cyber Scams

December 2, 2022

Read

ThreatBites 05 - Improving Phishing Campaigns with OSINT

November 23, 2022

Read

ThreatBites 04 - The Effects of GDPR on OSINT

November 11, 2022

Read

ThreatBites 03 - Credential Stuffing

November 7, 2022

Read

ThreatBites 02 - Technical Threats

November 4, 2022

Read

ThreatBites 01 - OSINT Overview

November 4, 2022

Read

The Ultimate Guide to OSINT and Google Dorking

October 17, 2022

Read

It’s Time to Update Your Privacy Settings

October 14, 2022

Read

OSINT and Technical Threats: The Shift in Peoples Threat Landscapes and the Increase in Ransomware Attacks

October 5, 2022

Read

Discover What Threat Intelligence Is and Why its Crucial

October 5, 2022

Read

Introduction to Open Source Intelligence Gathering (OSINT)

September 8, 2022

Read

Why Should you Monitor the Dark Web?

September 8, 2022

Read

Is it Illegal to Browse the Dark Web?

September 8, 2022

Read

What Makes DarkInvaders DarkWeb Scanning Superior?

September 7, 2022

Read

How are Hackers Using the Dark Web to Attack Businesses?

September 7, 2022

Read

How do Credentials Leak to The Dark Web & What are The Risks?

September 7, 2022

Read

What is Dark Web Monitoring?

September 3, 2022

Read

Dark Web Monitoring Questions

August 29, 2022

Read