Australia's Medibank said all 4m of its customers data exposed in recent hack

Australia’s Medibank said all 4m of its customers data exposed in recent hack.Source – Shutterstock

Australia and Singapore record the largest number of adverts on the darknet market in APAC

  • 95% of all adverts in the APAC region have been exposed through database leaks
  • cybercriminal operations are active below the surface of the web

When it comes to what is available online, the world wide web (WWW) is merely the top of the iceberg. Much like how we don’t know 95% of what’s beneath the ocean – that is essentially what the darknet market is like.

The darknet is hidden within the deep web, which is located beyond all of the websites that Google and other popular search engines have indexed.

What’s in the darknet market?

The darknet is made up of networks within the deep web that let users browse and interact anonymously. With something called onion routing, they maintain their anonymity. Onion routing technologies like Tor encrypt data packets using multiple concentric levels of encryption and route them through a network of relay nodes rather than connecting a computer directly to a server.

Data is kept in numerous layers of encryption, similar to the layers of an onion. Up to the final layer, which transfers the data to its destination, each layer discloses the next relay.

Some darknet activity is criminal, including the sale of illegal narcotics, firearms, and even assassins for hire, and they primarily utilize bitcoin as payment. Thanks to bitcoin, a cryptocurrency that lets two parties to carry out a trusted transaction without being aware of each other’s identities, the darknet has exploded.

Even though almost all dark web marketplaces accept bitcoin or another cryptocurrency, that doesn’t necessarily mean transacting there is safe. The environment’s inherent secrecy attracts scammers and crooks.

You might believe that browsing the darknet is simple with all the activity and the impression of a busy market – well it’s not. When everyone is anonymous and a sizable portion of them are out to defraud others, the environment is as disorganized and chaotic as anticipated.

What Kaspersky found

Let’s put it into perspective. Kaspersky’s Digital Footprint Intelligence (DFI) report for APAC states that 95% of all adverts in the region are the result of database leaks. When examining the weighted GDP quantities of orders, Singapore and Australia have by far the largest data leaks markets.

The report emphasizes data gathered the previous year to help businesses, organizations, and even countries keep an eye on potential external threats and remain abreast of potential cybercrime, particularly that which is discussed on the darknet.

As statistics are spread out over time, darknet activity related to attack impact (advertisements on selling data leaks and compromised data) predominates, as criminals sell, resell, and repack a lot of historical data breaches.

Stage 1: Interest to buy access

Initial access offers are sought after by cybercriminals, who are aware of the largest market for such adverts. The main enemies who are interested in starting an attack are from Pakistan, Australia, India, and mainland China. In 84% of the ads from the assault preparation category, these nations were mentioned.

Stage 2: Orders for access – ready to execute

The findings from attack execution stage are the most encouraging; artefacts show that adversaries have the ability or have already gained access to networks or services of businesses, but there hasn’t yet been any impact on business. Australia, India, China’s mainland, and the Philippines account for 75% of the adverts on the darknet that Kaspersky has identified as signs of an assault.

Stage 3: Data leaks and data for sale

The sale or unrestricted use of the stolen data will happen after a data leak. Data leaks and insider activity orders, which include but are not limited to databases, confidential papers, PII, credit cards, VIP information, financial data, and many more, can be signs of compromise.

According to Chris Connell, Managing Director for Asia Pacific at Kaspersky, cybercriminal operations are definitely active below the surface of the web. “From attack preparation and execution, to the impact of a data leak and then selling and reselling of stolen information, this functioning malicious system is a serious threat for businesses and organizations here in APAC,” he said.

Connell noted that access to the companies and the sale of data frequently go hand in hand. As a result, a two-pronged attack on an organization is possible.

“Your confidential information can be stolen and be sold, and these cybercriminals can open and offer your infected system to more malicious groups. A double whammy that requires a proactive defense that includes strong incident response and Darknet monitoring capabilities through real-time and in-depth threat intelligence reports,” he concluded.