A globe-spanning group of law enforcement agencies took down DarkMarket, an underground dark web marketplace. The European Union Agency for Law Enforcement Cooperation (Europol) announced the successful operation on Jan.12. DarkMarket was a hub for threat actors to buy and sell counterfeit products. Stolen credit card details and malware were up for grabs, as well as other illicit goods and services.

At the time of the takedown, DarkMarket was the world’s largest illegal dark web marketplace with about 500,000 users and 2,400 sellers. Its more than 320,000 sales involved over 4,650 bitcoin (worth about $157 million) and 12,800 Monero (about $1.8 million).

Dark Market Operator Arrested

The takedown became possible after an arrest by the Central Criminal Investigation Department in Oldenburg, Germany. They seized an Australian citizen who was the alleged operator of DarkMarket near the German-Danish border, Europol says. 

The cyber crime unit of the Koblenz Public Prosecutor’s Office then launched an investigation into this person and their dark web marketplace. This effort enabled officers to shut down the marketplace. They seized over 20 of its servers located in Moldova and Ukraine.

Europol organized information exchange and provided specialist support. The agency says the international partners planned on using the data stored on those servers to go after the site’s moderators, sellers and buyers.

Other Dark Web Marketplace Stings 

Law enforcement agencies across the world seized several dark web markets over the past few years.

For instance, the FBI worked with digital crime investigators, as well as European law enforcement to obtain a warrant for the seizure of dark web index Deep Dot Web in May 2019. Law enforcement agencies based in Israel, France, Germany, the Netherlands and Brazil made arrests as part of the takedown.

A few months later, the U.S. Justice Department announced the indictment of a South Korean national for running Welcome to Video, then the largest dark web child abuse website. IRS Criminal Investigation first seized Welcome to Video’s servers in 2018. Following this, law enforcement in the U.S. and 11 other countries arrested and filed charges against 337 of the site’s users.

In addition, law enforcement arrested 179 people, seized 500 kilograms of illegal drugs and confiscated $6.5 million in funds in September 2020 in a dark web marketplace takedown.

How to Prevent Your Data from Ending up on the Dark Web

Law enforcement agencies across the world continue to prosecute criminals who hide in the dark web. These threat actors also continue to use the dark web to prey upon everyday users.

Keeping this in mind, it’s important that businesses and other online entities work to keep their sensitive data off a dark web marketplace. The first thing they should consider doing is applying encryption to their data. Doing so will not only help them comply with a number of data protection rules. It will also help them render their data useless if it ends up on a dark web marketplace like DarkMarket.

From there, undo the silo in which data security resides. Data defense needs to function as part of a broader landscape. This itself will help keep that data safe. With that in mind, organizations can work to automate and manage their data security workflows across all departments.

The post ‘DarkMarket’ Dark Web Marketplace Taken Down in International Operation appeared first on Security Intelligence.

Last week in security news, a researcher found that malicious actors had abused the details of a test credit card just two hours after he posted the information online. The security community also learned of a survey in which three-quarters of respondents said that they had required a password reset after forgetting one of their personal passwords in the previous three months. Finally, researchers tracked several new malware samples along with a now-fixed WhatsApp vulnerability.

Top Story of the Week: The Spread of Exposed Credit Card Data

David Greenwood, a security researcher on the ThreatPipes team, wanted to find out how information posted online spreads throughout the internet and dark web. So he purchased an anonymous, prepaid Visa credit card and posted its full credentials on several paste sites. He then sat back and waited.

It took all of two hours until digital attackers sprang into action. They did so by using bots and scripts to make small purchases using the credit card information from a well-known retailer located in the U.K.

Source: iStock

Also in Security News

• Poison Frog Backdoor Samples Discovered in Aftermath of OilRig Dump: After a group of actors dumped OilRig’s attack tools online, Kaspersky Labs decided to scan its archives for new and old malware samples. In the process, it discovered Poison Frog, a sloppily designed backdoor that masqueraded as the legitimate Cisco AnyConnect application at the time of discovery.
• Most Users Required a Personal Password Reset in the Last Three Months: In a recent study, HYPR found that 78 percent of full-time workers in the U.S. required a password reset sometime in the last three months after forgetting a personal password. The rate was slightly lower for work-related reset requests at just over half (57 percent) of respondents.
• Lazarus-Linked Dacls RAT Makes Waves by Targeting Linux Machines: Back in October, Netlab 360 came across a suspicious ELF file that shared certain characters employed by the Lazarus group. This discovery of the file, nicknamed Dacls, marked the first time that researchers have detected a Lazarus-created threat that’s capable of targeting Linux machines.
• U.S., EU Users Caught in the Crosshairs of Zeppelin Ransomware: Blackberry Cylance spotted threat actors using the newly discovered Zeppelin ransomware to selectively target technology and healthcare organizations in the U.S. and the European Union. Further analysis helped determine Zeppelin to be a member of the VegaLocker ransomware family.
• Dudell Malware Leveraged by Rancor Digital Espionage Group: Palo Alto Networks’ Unit 42 threat research team analyzed the recent attacks of Rancor, a digital espionage group that targeted at least one Cambodian government organization between December 2018 and January 2019. In the process, it discovered a new custom malware family it dubbed Dudell.
• Vulnerability Allowed Threat Actor to Crash WhatsApp on Phones in Shared Group: In August 2019, Check Point Software discovered a bug that enabled a malicious actor to implement a WhatsApp crash-loop on the devices of users in a shared group. The security firm subsequently disclosed this vulnerability to WhatsApp, whose developers issued a fix in update 2.19.246.
• Lateral Movement Used by BuleHero Botnet to Spread Malware Payloads: Researchers at Zscaler observed in their analysis of BuleHero that the botnet used port scanning, Mimikatz, PsExec and WMIC to spread laterally on an affected network. These techniques enabled the threat to distribute both the XMRig miner and Gh0st RAT to a larger number of machines.
• Various Attack Techniques Used by MyKings Botnet to Deliver Forshare: SophosLabs took a deep dive into the workings of the MyKings botnet and found that the threat used various attack techniques against vulnerable Windows servers to deliver Forshare malware. Those tactics included using steganography to conceal a malware payload within an image.

Security Tip of the Week: Focus on Data Protection

Security professionals can help organizations protect their valuable data by using artificial intelligence (AI)-driven tools and automated monitoring solutions to gain intelligent visibility into the network. They can then use that visibility to monitor for suspicious activity that could be indicative of a threat moving laterally across the network.

In support of this monitoring activity, security teams should also consider embracing a zero-trust model for the purpose of setting up micro-perimeters on the cloud and elsewhere.

The post Weekly Security News Roundup: Exposed Credit Card Details Abused Within 2 Hours appeared first on Security Intelligence.