Page 58 - Cyber Defense eMagazine July 2024
P. 58
The expanding threat landscape on the dark web
The dark web is a part of the internet that is not indexed by traditional search engines and can only be
accessed through special software like the Tor browser, which anonymizes user activity. It is part of the
larger deep web, which includes all parts of the internet that are not indexed by search engines. However,
unlike the deeper parts of the web, which can consist of anything from academic databases to confidential
corporate web pages, the dark web is known for its anonymity and is often associated with illegal
activities.
The anonymity provided by the dark web supports a variety of illicit activities, including the sale of illegal
drugs, weapons, and stolen data. Transactions on the dark web often use cryptocurrencies, which further
anonymize the buyer and seller, making it difficult for authorities to trace the parties involved. This has
led to the dark web becoming a favored venue for cybercriminals looking to buy, sell, or trade illegal
goods and services.
Recent data from Nuspire's Q1 2024 Cyber Threat Report reveals a substantial 58.16% increase in dark
web marketplace listings, with a total of 3,938,507 listings identified in the first quarter of 2024 alone.
Among these, there are 437,657 listings for credit cards, 122,839 for email account access and 92,718
for social security numbers. Additionally, listings for shell and Remote Desktop Protocol (RDP) access
are notably high, with 40,144 and 37,169 listings, respectively. This significant uptick in dark web listings
highlights not only the vast amount of stolen data available, but also the ease with which cybercriminals
can access and exploit personal and corporate information.
The rise of infostealer malware
Infostealers, as the name suggests, are a type of malware specifically designed to steal sensitive
information from an infected computer. This category of malware is particularly insidious because it
targets personal and financial information that can be used for identity theft, financial fraud and other
cybercrimes. The information targeted by infostealers can include, but is not limited to, credentials used
in online banking services, social media sites, emails or FTP accounts.
A key player in the realm of infostealers is the Lumma Stealer malware, which has seen more than a
doubling in activity since Q4 2023, according to Nuspire’s data. Lumma Stealer first emerged in 2023
and has quickly become a leading tool for cybercriminals, thanks to its developers' aggressive marketing
on dark web forums and private access chats. This malware is typically spread through phishing emails,
cracked software and social engineering tactics on platforms like Discord and Telegram. Once installed,
Lumma Stealer employs anti-sandbox techniques to evade detection and begins exfiltrating sensitive
data, including cryptocurrency wallet information, browser profiles and persistent cookies.
The imperative for dark web monitoring
The escalating activities on the dark web and the proliferation of infostealers underscore the critical need
for robust dark web monitoring. Dark web monitoring employs specialized tools and techniques to
Cyber Defense eMagazine – July 2024 Edition 58
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
