Home Blog The Dark Web and Underground Markets - July 2020 Update The Dark Web and Underground Markets – July 2020 Update BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. The graph above represents financially related topics. It is from a sample of 10,000 records from various forums and dark web markets throughout the month of June. It highlights the portion of those conversations that are related to a specific product or entity. BlueVoyant’s research of the dark web and underground markets for the month of June shows PayPal is growing as the top topic of discussion. More than half of the postings relate to PayPal in some way. PayPal has also been added to popular tools and phishing kits. Reasons are many, including the amount of money transferred via PayPal, and the fact that PayPal accounts are almost always linked directly to financial organizations. In the month of June, the bulk of collaboration and illegal sale and trade of stolen financial-related data once again took place on dark web markets. It expanded its popularity slightly over May. This trend started in February 2020, expanding by 15% in March and yet another 11% in April. This trend is likely due to large quantities of breached data available on dark web markets, and threat actors taking advantage of this data in an effort to extend their campaigns during the COVID-19 pandemic. Although June data shows only a slight increase for dark web markets and special access forums, overall, the trend is mostly unchanged from April. Below are the top sites in the categories from the graph above. Dark web special access forums typically require some sort of clout in the criminal sector, or a sponsor to access. These forums typically require special permissions to interact. Continuing it’s reign, the Carding Mafia Forum is the top special access forum for financially related discussions for the month of June. The Carding Mafia forum currently boasts over half a million members and has over 300K posts. The site includes card dumps, proxy servers, bank account dumps, PayPal accounts, tutorials, and more. Underground forums do not necessarily require special permission and can typically be accessed by anyone. Some forum sections may be unavailable to general users; however, in general, anyone can post, reply, purchase, and sell on these forums. The top underground forum for the month of June was BlackHatWorld. The forum currently has over a million members with over 11M messages. The site offers a variety of services, tutorials, and other tools. Dark web marketplaces exist for cyber criminals to sell compromised credentials and access. These sites often sell various payment account details and credit card information along with any other data deemed valuable. Some are automated while others are heavily moderated. The top spot for June was once again Slilpp Market. Slilpp has always been a popular forum and has shared the top spot with Joker’s Stash as recently as November 2019; however, since March, the two sites have almost completely flip-flopped from previous months with Slilpp taking the lion’s share. Slilpp Market is a Russian- and English-speaking forum. The market is full of compromised credentials for various financial organizations and credit cards from a multitude of vendors. The market operates two sites, one on the surface web and one on the dark web. Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. The graph above represents financially related topics. It is from a sample of 10,000 records from various forums and dark web markets throughout the month of June. It highlights the portion of those conversations that are related to a specific product or entity. BlueVoyant’s research of the dark web and underground markets for the month of June shows PayPal is growing as the top topic of discussion. More than half of the postings relate to PayPal in some way. PayPal has also been added to popular tools and phishing kits. Reasons are many, including the amount of money transferred via PayPal, and the fact that PayPal accounts are almost always linked directly to financial organizations. In the month of June, the bulk of collaboration and illegal sale and trade of stolen financial-related data once again took place on dark web markets. It expanded its popularity slightly over May. This trend started in February 2020, expanding by 15% in March and yet another 11% in April. This trend is likely due to large quantities of breached data available on dark web markets, and threat actors taking advantage of this data in an effort to extend their campaigns during the COVID-19 pandemic. Although June data shows only a slight increase for dark web markets and special access forums, overall, the trend is mostly unchanged from April. Below are the top sites in the categories from the graph above. Dark web special access forums typically require some sort of clout in the criminal sector, or a sponsor to access. These forums typically require special permissions to interact. Continuing it’s reign, the Carding Mafia Forum is the top special access forum for financially related discussions for the month of June. The Carding Mafia forum currently boasts over half a million members and has over 300K posts. The site includes card dumps, proxy servers, bank account dumps, PayPal accounts, tutorials, and more. Underground forums do not necessarily require special permission and can typically be accessed by anyone. Some forum sections may be unavailable to general users; however, in general, anyone can post, reply, purchase, and sell on these forums. The top underground forum for the month of June was BlackHatWorld. The forum currently has over a million members with over 11M messages. The site offers a variety of services, tutorials, and other tools. Dark web marketplaces exist for cyber criminals to sell compromised credentials and access. These sites often sell various payment account details and credit card information along with any other data deemed valuable. Some are automated while others are heavily moderated. The top spot for June was once again Slilpp Market. Slilpp has always been a popular forum and has shared the top spot with Joker’s Stash as recently as November 2019; however, since March, the two sites have almost completely flip-flopped from previous months with Slilpp taking the lion’s share. Slilpp Market is a Russian- and English-speaking forum. The market is full of compromised credentials for various financial organizations and credit cards from a multitude of vendors. The market operates two sites, one on the surface web and one on the dark web. Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more
Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more
Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
