Cyber-demic’s Dark Side
Brian Stack
Vice President of Engineering & Dark Web Intelligence at Experian Consumer Services
May 2021
A monthly digest on dark web activity which is heavily influenced by the impact of COVID-19, remote working, nation state activity, seasonal scams, major data breaches, as well as general ID theft protection, data trends, tips and recommendations.
---------------------------------------------------------------------------------------------------------------
Get Your Vaccine Cards Here!
No surprise that security researchers have seen a spike in listings on surface and dark web marketplaces for vaccine cards...One account on eBay, with user id “asianjackson,” sold more than 100 blank vaccination cards in the past two weeks, according to The Washington Post’s review of purchases linked to it... Make sure to “shop” around, another listing claimed to have “Authentic CDC Vaccination Record Card” for $10.99 while a Chinese dark web site claimed to have stamped vaccine cards for $150…Please stop the selfies…People are posting pictures of their vaccination cards online, which shares information such as day of the shot, birthdays and other identifying details... Scammers can use this information to steal your identity…So if you’re vaxxed and proud - just smile next to your arm for your pic.
Dark Web Job Alert
This may not be your kind of job though…There are threat actors seeking help for a range of activities, from malware attacks to identity fraud...When they need a new hire, they post ads like any other business...Those with a range of skills will also post their credentials online in hopes of scoring the dark web dream job!...Here are some things you should know if this may interest you (insert sarcasm)…The salary is directly correlated to the jobs risk, more risk = more money, job descriptions are often vague and the details of the job are usually left for a private conversation...Hmm I wonder why…Often a new “employee” must provide the employer with a deposit for the first few jobs until they can be trusted…But like in the legit job market, two principles apply, according to experts: first supply breeds demand so, for example, if someone creates a dangerous piece of malware, another party will buy it and exploit targets; both buyer and seller turn a profit…Second, there is a workforce hierarchy…Workers who manage activity but do less actual work, skilled laborers who perform expert work and are paid more, and menial laborers who do less technical work for lower pay, but do so to build knowledge and eventually move up into higher-paying roles…Pay can range from a $1000/month for menial work to well over $100k/year for those with high-end skills or access to sensitive data...Read my colleague Mike Bruemmer’s post on ransomware.