Darknet sites Tor links Onion links 2020 2021
Darknet links to the best black market deals:
Counterfeit money shop => https://Bankhummer.co
Hitman for hire service => https://Mercenaries.pw
Darknet sites Onion links TOR. Launched a free service to monitor the availability of company data on the darknet
In mid-May 2020, web security company ImmuniWeb introduced the free ImmuniWeb Domain Security Test service, which will allow businesses and organizations to assess their vulnerability on the dark web. An online test detects whether a company’s data and documents are on the dark web. More details here.
Positive Technologies: the popularity of trade in access to corporate networks is growing on the black market
On April 27, 2020 it became known that Positive Technologies experts conducted a study of trading platforms in the shadow market of cyber services and discovered a surge in interest in access to the corporate network: in the first quarter of 2020, the number of offers for the sale of access is 69% higher than in the previous quarter. The identified trend significantly affects the security of corporate infrastructure during the period of mass transfer of employees to remote work.
As reported, in the fourth quarter of 2019, more than 50 accesses to the networks of large companies from all over the world were put up for sale on hacker forums (the same number was counted for the entire 2018), and already in the first quarter of 2020 there were more than 80 accesses on sale. Most often, access is sold to industrial organizations, companies from the service sector, finance, science and education, information technology (all this is 58% of the proposals in total).
Number of new threads on shadow forums dedicated to corporate network access
If a year or two ago, attackers were mainly interested in access to single servers, which cost around $ 20, then since the second half of 2019, there has been an increase in interest in buying access to local networks of companies. The amount of transactions also increased. For example, in April 2020, companies with an annual income of $ 500 million or more offer a share of up to 30% of the potential profit after the end of the attack for access to the infrastructure. The average cost of privileged access to a local network is now about $ 5,000.
Distribution of hacked organizations by industry
The April 2020 casualties include organizations with annual revenues ranging from hundreds of millions to several billion dollars. Most often, accesses are sold to companies from the United States (more than a third of all offers), Italy and the UK (5.2% each), Brazil (4.4%), Germany (3.1%) are also in the top five. At the same time, in the case of the United States, access is most often sold to organizations in the service sector (20%), industrial companies (18%) and government agencies (14%). With regard to Italy, the leaders in demand are industry (25%) and services (17%), and in the UK — science and education (25%) and the financial industry (17%). 29% of all sold accesses to German companies are in the IT and service sectors.
Geography of hacked companies
Usually, the buyers of such a product are other attackers. They acquire access in order to develop the attack on their own or hire an experienced team of hackers to escalate privileges on the network and place malicious files on critical nodes of the victim’s infrastructure. Operators of ransomware were among the first to adopt such a scheme.
Proposals for the sale of access to networks in the shadow market
We expect that in the near future large organizations may be targeted by low-skilled violators who have found a way to make easy money. During the global quarantine period, when companies massively transfer employees to remote work, hackers will look for any open breach in systems at the network perimeter. The larger the company, the network of which can be accessed, and the higher the privileges obtained, the more the criminal can earn.
told Vadim Soloviev, senior analyst at Positive Technologies
In order to avoid problems, Positive Technologies experts recommend that companies pay attention to comprehensive infrastructure protection — both at the network perimeter and in the local network. First of all, you should make sure that all services on the network perimeter are protected, and that a sufficient level of monitoring of security events is provided on the local network to identify an intruder. Regular retrospective analysis of security events can detect previously missed cyberattacks and eliminate threats before attackers steal information or stop business processes.
The darknet began to sell the blood of those who recovered from coronavirus
In early April 2020, cyberthreat researchers at McAfee discovered a post on a web forum on the darknet, the author of which offered for sale the blood of a person who had recovered from Covid-19 infection.
The announcement is likely related to the latest news that some patients improved after plasma transfusions from recovered patients. The improvement was seen in two patients in two different pilot studies, one in Wuhan and the other in Shenzhen, according to the British publication Guardian. However, a randomized trial
Cyber Threat Researchers at McAfee found a post on a web forum on the darknet suggesting the blood of a man who recovered from Covid-19 infection for sale
McAfee Lead Researcher Christiaan Beek and Principal Investigator Raj Samani note that the explosion of fraud amid global events was not a surprise to cybersecurity professionals, but the coronavirus pandemic has revealed many unexpected threat vectors.
We have seen many examples of scammers abusing people’s trust by using breaking news, and current global events are no exception, ”Byek and Samani wrote on their blog. — Covid-19 as a bait does not lose its relevance. We regularly identify all new campaigns using the coronavirus for selfish interests.
Bik and Samani are exploring the underground markets of Onion and other services using channels in the messaging service Telegram. Among other things, they found an incredible number of salespeople cashing in on face masks. One site sold masks at 10 times retail. The seller was alleged to be a legal wholesaler and supplier of medical masks, but did not disclose his identity. 
How insiders are recruited in banks on the Russian-speaking darknet
At the end of 2019, about 70 services for recruiting insiders in banks operate in the Russian-speaking segment of the darknet, which daily leak confidential information about customer accounts, dataleak reports.
The recruiter receives an average of 15,000 from the puncher for each employee. The task specifies search criteria — for example, position in the organization. Then the customer simply waits for the recruiter to throw off the contacts of a ready-to-work employee. The waiting period lasts 5-7 days on average.
The cost of recruiting varies from 7,000 to 100,000 rubles and depends on the complexity of the task.
US leads darknet firearms trade
Data for 2019
Detecting 200 Bulletproof Hosting Provider Servers
On September 30, 2019, it became known that 200 servers of the so-called «bulletproof» hosting provider were located in a former NATO bunker. More details here.
Russian is one of the five most popular languages on the Darknet
On September 10, 2019, Trend Micro published a study «Uncovering IoT Threats in the Cybercrime Underground», which describes how cybercriminal groups use IoT devices for their own purposes and what threats this creates. Trend Micro analysts have researched the darknet to find out which IoT vulnerabilities are most popular among cybercriminals, as well as which languages are spoken by members of the cyber underground. In the course of the research, it turned out that Russian was among the five most popular languages on the Darknet. In addition to Russian, the top 5 darknet languages include English, Portuguese, Spanish, and Arabic. The report provides an analysis of five cybercriminal communities, classified according to the languages they use to communicate. Language proved to be a more important unifying factor than geographic location. More details here.
Selling a subscriber base of the TrueCaller application
On July 18, 2019, InfoWatch reported the results of the II quarter of 2019 in terms of leaks of confidential information from organizations and identified the most massive incidents. A huge subscriber base of the popular TrueCaller application is put up for sale on the darknet — only about 140 million accounts. For the entire data package, the unknown want to receive 25 thousand euros. More details here.
Attacker earned $ 760 thousand from fake domains in the dark net
On March 21, 2019, specialists from Digital Shadows reported on an unusual fraudulent operation — a massive case of typesquatting on the dark net. Typesquatting refers to the reception with the registration of domain names, similar in spelling to the names of well-known brands. Relatively speaking, the domain name example.com at first glance is rather difficult to distinguish in the address bar from the name exarnple.com. In the case of popular brands, this allows attackers to create fake websites on such domains to steal credentials or funds from visitors.
The use of typesquatting in generic top-level domains has long been known. But its use in the Tor anonymous network is something different. Researchers at Digital Shadows stumbled upon claims by an anonymous attacker who boasted that he was able to create a network of 800 fake names on the «dark web» (on the pseudo-domain .ONION). The domains mimicked the names of various legitimate dark net resources. However, the word “legitimate” is inappropriate in this case, since we are talking mainly about hacker trading platforms, forums and other resources of this kind. For four years, fake pages have brought the fraudster about 760 thousand dollars in bitcoin cryptocurrency. The money was received from payments for goods and services (which, of course, the attacker did not provide), donations to maintain resources (a common practice