The OSINT landscape is in perpetual flux. In a climate where cyber threats mutate from day to day, tools for processing open and big data are becoming ever more relevant. In October's digest we discuss a selection of developments in the world of cybercrime as well as the countermeasures being employed by governments and other authorities as they strive to protect the security of both individuals and the public at large.
Despite Dip in Crypto Market, Hacked Accounts Are Selling Fast
These are turbulent times for the cryptocurrency market, yet hacked crypto accounts still seem to be hot property. The non-profit internet security research team Privacy Affairs has just published a report on hijacked crypto accounts, listing the average prices that different options are currently fetching on the Dark Web.
For a general picture, Binance accounts are going for $125, with Kraken and Crypto.com equivalents just underselling at $120. Meanwhile, Kucoin and Cex.io accounts are the cheapest at $75 and $65 respectively, and CryptoPay is the most expensive, with buyers needing to fork out $225 for a single verified account.
Sales – it seems – are flourishing. But this begs a question. With the crypto market on a significant downturn and prices crashing, why are people so keen to get their hands on hacked crypto accounts? After all, it’s not like these things are often sold on with money on the balance. The answer? They are used to transact dodgy deals.
While it is still possible to transfer so-called ‘cold’ crypto via physical flash sticks, in the majority of cases, cybercriminals use direct transactions and cryptocurrency exchanges. Operating a verified crypto account not only facilitates the trade of contraband it also enables crooks to hide their true identities behind those of innocent account holders.
There is certainly a lesson here for any crypto account holder – users should always keep an eye out for suspect activity such as unauthorized operations, and be on their guard against good old social engineering. If a hacker has an email address, it’s a relatively small step to gaining access to a user’s entire base of service subscriptions.
For law enforcement officers, crypto account hijacking presents a huge challenge, since criminal activities under investigation frequently have nothing to do with the legal owners of the accounts involved. With the help of professional OSINT tools, investigators can deanonymize buyers and sellers on darknet marketplaces, lead in the fight against crypto account occupation, and by extension, combat the escalating problem of cybercrime.
Data Processing Power Now a Major Factor of Military Dominance
According to a recent article by C4ISRNET, the U.S. military now accumulates more data on the tactical level – that is, information derived directly from action on the ground – than on any other level. The widespread deployment of data-rich apparatus such as sensors, IoT and real-time command software, means that mission control is inundated with unprecedented amounts of information from the field of action.
However, data cannot be considered actionable intelligence until it has been properly collected, verified, sorted, and analyzed to derive actionable insights. And to make matters more complicated, data is being received from all five military dimensions: land, sea, air, space, and cyberspace. As a result, not only intelligence departments, but also defense command centers are in urgent need of systems which are up to the task of processing such mammoth amounts of data.
In reaction to this, the Pentagon has launched the Joint All-Domain Command and Control – an initiative aimed at effectively harnessing these avalanches of information. In an official statement, an initiative representative stated that weaponry is no longer the central factor of combat dominance. Rather, this status is increasingly determined and maintained by the effective usage of data.
In its article, C4ISRNET asserts that the initiative will need to deal with the “five Vs” of big data analysis: volume, velocity, variety, veracity, and value. Experts argue that this can be achieved with the adoption of an all-source intelligence methodology and the use of APIs with data pools on the technical front.
Crank Callers Terrorizing U.S. Schools While Remaining Anonymous
In recent months, police units and media outlets have received a flurry of hoax calls, each of which have claimed that a certain highschool is under imminent threat of a shooting. Despite authorities realizing that such warnings could be crank calls, they have no option but to treat each incident as genuine and respond in full. As a result, these occurrences are seriously disrupting the police service and wasting resources, not to mention terrorizing schools, which are sent into panicked lockdowns every time one of these calls comes in.
Considering there were over ninety crank calls of this nature in the second half of September alone, it is clear that the situation is problematic for the emergency services. But to make matters worse, the police are finding it immensely difficult to identify the culprits. The FBI have succeeded in tracing some of the calls to TextNow, a telecommunications service allowing users to sign up with just an email address.
According to an FBI memo, it is thought that many of the calls could have come from Ethiopia. However, even a lead this vague is prone to further fallibility, because if the user signed up via a VPN or TOR browser – which is quite likely – these IP addresses could merely be rerouted location points, which bear no relation to the actual origin. In short, authorities are struggling to counteract these threats.
With their ability to cut through darknet anonymizers, advanced OSINT tools could be pivotal in identifying the crank callers, bringing the investigation to a successful conclusion, and informing effective countermeasures to ensure against future incidents of this kind.
Fact of the Month
A recent report by Proofpoint reflects growing concern among company board members of the corporate threats posed by cyberattacks. 77% of the 600 respondents agree that cybersecurity should be a top priority, 65% recognize the possibility of cyberattacks, and 47% believe their company is ill-equipped to deal with a targeted attack.
Set up specifically to help businesses and educational institutions combat ransomware campaigns, the new task force combines representatives from the Ministry of Communications and Information, the Ministry of Defense, the Ministry of Internal Affairs, the Monetary Authority of Singapore, as well as the country's Military and police force. Such measures speak to the severity of cybersecurity issues across the nation.
New Reports on the Global Cyberthreat Landscape
A recent study published by CSO magazine sheds light on the most common cyberattacks carried out in 2021. It was found that password attacks occurred most frequently at 34,740 per minute, followed by IoT and DDoS attacks at 1,902 and 1,905 per minute respectively. Furthermore, social engineering and phishing attacks happen every minute, while new threat infrastructures were detected every half hour, the most disturbing of which – ransomware attacks – cropped up every 3 hours.
Meanwhile, new research from Microsoft has revealed the growing popularity of cyberattack services. Sold on darknet marketplaces, these come in various forms from ransomware kits to hackers-for-hire, and appeal to aspiring cybercriminals, who don’t actually possess much technical knowledge themselves.
If passed, the new law would require all IoT devices with the CE marking – from toys to security cameras – to meet a minimum cybersecurity criteria set before going to market. Failure to comply could incur fines of up to €15M or 2.5% of the company’s worldwide turnover. IoT devices are now notoriously easy to hack and turn into spyware proxies, so the new regulations should be received as a welcome countermeasure to a known security gap.
It turns out that frauds have been making use of deepfake technology to decoy would-be investors, who end up putting money into crypto scams. This ploy centers around creating promotional videos featuring endorsements from celebrities or market professionals, who are actually just computer generated counterfeits. The Federal Trade Commission has reported investor losses of over $1B on crypto scams since 2021.
One of the craziest darknet promotion campaigns has recently been conducted by the marketplace BidenCash, who have allowed users to download 1,221,551 stolen credit cards for free. The marketplace first opened in June 2022 with a similar promo campaign, featuring several thousand stolen credit cards. Such details are mainly used by cybercriminals to carry out financial fraud.
And that winds up the October digest! Stay tuned to our blog for all the latest news and insights into the ever-expanding world of OSINT.