What about the Deep Web during the covid-19 pandemic? Trustwave cybersecurity analysts have verified user behavior in the network's “dark” universe over the past few months and have had some surprises.
According to Trustwave's team of analysts, SpiderLab, investigations on the Deep Web are like documenting an "adventure from which you return with many notes about various entities and how they view a particular topic and react to real-world events."
With the world's spotlight on the Covid-19 pandemic, “we can definitely see the diversity in the approaches of cybercriminals, remembering once again that behind these pseudonyms there are real people, with their own perspectives, values, fears and interests” says the post about the company's survey.
1. Leap in covid-19 related domains
According to the report, since the beginning of February 2020 researchers have noticed more than 80,000 newly registered domains that contain words like "corona", "Covid", "Wuhan" and "quarantine", while some of them are certainly legitimate sites focused on passing on official information about the disease, many have undoubtedly been created for malicious purposes.
"The number of people who spend more time at home opens up possibilities for credit card fraud, spreading malware and attacking online communication channels generally used by companies as a substitute for communication in the office," warn the researchers.
2. Sale of masks and insecurity
Representatives from different nations spend time on the same boards and forums, analysts recall when speaking of the diversity they find in communities on the Dark Web. Many of these forums, they say, try to keep up with coverage from real news sources around the world. "In these forums, you will see members as human as we are, expressing and sharing their thoughts and fears."
The Deep Web community reacted to global demand for medical supplies. According to SpiderLab, medical products like the N95, other "corona protection masks" and disinfection solutions have suddenly appeared on the same virtual shelves, where drugs and other illegal goods are often for sale.
The behavior of these suppliers is similar with the sale of any other illegal product, after all, "it is not a place where you can trust someone's word". Still, they tell customers that these items are not stolen or fake. A mask costs around $ 10.
3. Vaccines and conspiracy theories
Salespeople use conspiracy theories to persuade them to purchase alleged vaccines against the disease. “Some underground vendors propose unlikely stories about a 'Covid-19 vaccine', of which they have a very limited supply. Others invest more in their stories, pretending to be 'knowing' that the public is being deceived about making the vaccine available soon ”.
As an example, they tell of a seller who asked for "only" US $ 5,000 for the vaccine, claiming that those who bought it could resell and profit even more on top, but that they preferred to keep the price "fair". The same seller also offered a cure for $ 25,000, because "life is not cheap".
4. Deep Web businesses are also impacted
Like businesses on the Web, entrepreneurs in the Internet underworld were also affected by the Covid-19 pandemic. The crisis affected all supply and delivery systems in the world, this does not exclude logistics on Deep Web. In fact, the companies there have also appropriated Covid's call for product promotions, as well as regular companies, many also alerted their customers to possible service interruptions or slowdowns in order to protect their own employees.
“Some underground stores have been forced to temporarily suspend their services, and their members seem to express care and concern for customers, some of whom belong to vulnerable groups due to dependence on various substances.
5. Money laundering and stolen cards
The Trustwave team says that the money laundering service platforms have undergone changes in trading and reduced circulation of goods around the world. Others claim they have not suffered damage from the crisis.
“In addition to the price increase, we also see changes in the conditions of return / withdrawal of money, as some of the standard conditions have become risky. This often means that the risk falls on those who seek money laundering and, although this implies positive change and a reduction in money laundering in general, those in need are likely to accept the aggravated conditions and continue to use these services. ”
"The stolen credit card stores seem to be hungry for new data, with sellers crossing the same cards in several stores." At the same time, they assess, "due to a reduction in buyer activity, the actors who bought new dumps started to use them exclusively, instead of finding themselves competing with other buyers".
6. Malicious campaigns
Some members are inventing schemes closely related to the continued spread of the coronavirus. One user, proud of his act, used a Coronavirus map, which tracks the spread of the virus, to mask its malicious payload, analysts say. Malicious actors use the disease in phishing, scamming and malware campaigns.
Another attack uses phishing campaigns with mass cancellation of vacations, flights and rentals as bait. They take advantage of customers who are trying to get their money back after blocking in various regions to get them to enter their personal details due to the "need for system updates".
7. 'Don't profit from the pandemic', ask members on Deep Weeb
In order to balance some schemes, analysts say it is important to note that many members of the underground community explicitly avoid and beg others not to try to profit from the situation. And just as on this side of the network, many are helping members of the Deep Web to be entertained with humor, culture and education, sharing various sources to release exhibitions, courses and libraries.
“Members of the underworld, like most other people, understand quarantine conditions around the world. Some use it for good and take a break from daily operations, while others adapt and create new schemes, rules and prices to continue working under these new conditions ”.
The analysts conclude by recommending not only WHO guidelines, but also “online hygiene”. “In addition to the usual advice to pay attention to suspicious emails, attachments and URLs, it is important to remember to look at the information posted online with a critical eye: look for updates provided by official sources, visit websites directly to find out what their services are doing in relation to Covid-19 and, as we usually repeat: if something looks too good to be true, it probably is ”.