Cyber-demic’s Dark Side

November 2021

A monthly digest on dark web activity which is heavily influenced by the impact of COVID-19, remote working, nation state activity, seasonal scams, major data breaches, as well as general ID theft protection, data trends, tips and recommendations.

__________________________________________________________________________

Holiday Shoppers Beware

I’d be remiss if I didn’t address the holiday shopping season and how to protect yourself…A forecast by Mastercard SpendingPulse reported holiday retail sales should rise 7.5 percent from a year earlier and climb 11.1 percent on a two-year basis, fueled by a rebound to in-store shopping and persistent consumer demand…So the alarms are ringing…The BBB is warning consumers to be aware of how scammers deceive consumers, whether they are actively shopping or passively browsing…And according to the BBB, online purchase scams have consistently ranked among the top three riskiest since 2017 while the median dollar loss for this scam type has risen up from $76 in 2019 to $102 so far in 2021…So let me put on my dark web hoodie and tell you what I would do if I was trying to steal your personal information and scam you:

1.??????Send you an email/text with an offer stoking fears about not being able to get gifts for the holidays due to the current supply chain issues and offer you a way to expediate shipping and avoid the supply chain crisis to steal your personal information

2.??????Send you an email/text with “Holiday Jobs” to make big money fast and send you to a job application site to harvest your personal data

3.??????If I am feeling particularly ambitious, I’d set up a niche online marketplace selling, let’s say, deep discounts on the latest iPhone or hot holiday gifts, get your credit card info and buy something nice for myself - hey I deserve it!

4.??????If am feeling lazy maybe just hop in the car and cruise the neighborhood for the glut of packages delivered this time of year that I can grab from your porch and resell or keep for myself

Here are some remedies to keep in mind this Holiday Season:

·????????Watch out for unsolicited offers that seem too good to be true

·????????Avoid purchasing goods from unknown sellers

·????????Ensure all e-commerce transactions are over a secure connection

·????????Use credit cards and not debit cards

·????????Watch your credit cards statements

·????????Make sure your packages are delivered when someone is home or in a secure location (i.e. Amazon Locker), if available

·????????Make sure all your devices have the latest software updates

·????????Do not use the same username/password combo on e-commerce sites as you do for your financial accounts

·????????Beware of surveys

·????????Limit the number of “cool” holiday apps you add to your phone - remember smaller your digital footprint the better

My Crystal Ball

The end of the year is a good time for reflecting and, ofcourse, planning ahead…If I had a crystal ball and could make some predictions for 2022, here are five for what I foresee will occur around cybersecurity and the dark web:

1.??????Birth of Zero-Click Attacks: I believe Pegasus Malware emerged in 2021 as one of the most dangerous pieces of malware ever created…It originated from Israeli intelligence, but was turned into an attack tool…This was due in large part since it was built to enable a zero-click attack, meaning that the victim does not need to click on a link or make a mistake for the malware to be deployed…That said, I expect zero-click attacks to have a devastating impact on consumers in 2022.

2.??????Increase use of DeepFakes in Cyber Attacks: The number of deepfake videos found online doubled from 2018 to 2019 and rose again in 2020, according to Sensity…In fact, last year the FBI released a report declaring that malicious actors almost certainly will leverage “synthetic content” for cyber and foreign influence operations in the next 12-18 months, which has proven true…The rise of deepfake technology will undoubtedly occur as the counterattack to biometric identity verification.

3.??????More Stable Dark Web Markets: Despite the major seizure of the Dark Market in the initial months of 2021, overall major seizures and exits scams were down in 2021…I believe this trend to continue, and the White House Market will likely hold its #1 Dark Web Market position in 2022 and not be seized…This is, in part, due to a paradigm shift of better security and switching from Bitcoin (which is traceable) to Monero as the payment method, which is currently nearly impossible to trace.

4.??????Individuals Becoming Targets of Ransomware: Government and public-sector entities, particularly in the U.S., have taken the full brunt of ransomware attacks over the past year…Including the well-known attack on the Colonial Pipeline and JBS…I expect that to continue but I also expect attackers to shift to targeting large groups of people – think millions of people – asking for a small ransom of a few bucks...Hey, multiply a few dollars by the millions…Yes, hackers can do math. ?

5.??????Cryptocurrency Mainstream adoption will continue: Between Covid tyranny and global inflation fears and even the growth of NFTs, crypto should have a strong showing in 2022…Last year, the total value of NFT transactions quadrupled to $250 million, which relays on cryptocurrency and blockchain tech…Interestingly, Bitcoin was made the official currency in El Salvador and investors in the U.S. are adding bitcoin to their IRAs…But some countries are banning it…So we’ll see a push pull between adoption and banning in 2022.?

Make sure to read my colleague Mike Bruemmer’s post for more about data breaches and 2022 predictions.

?