Example blog

Australia and Singapore See Highest Number of Darknet Listings in APAC – Kaspersky – Back End News


According to Kaspersky’s Digital Footprint Intelligence (DFI) report for APAC, database leaks in the region account for 95% of the total number of advertisements. The Singapore and Australia data leak markets are by far the largest when considering GDP-weighted order amounts.

The report highlights findings collected over the past year for organizations and even countries to keep tabs on possible external threats and stay informed of potential cybercriminal activities, including those being discussed on the Darknet. Monitoring of external data sources in Kaspersky’s Digital Footprint Intelligence service, including Darknet resources, provides insight into cybercriminal activity through the various stages of the attack lifecycle.

There are two main types of data when analyzing an organization’s digital footprint: fraudulent activity and cyberattack fingerprints. While Kaspersky found many signs of fraud, the report remains focused on attack detection.

Kaspersky opens registration for the Secur’IT Cup ’22
Kaspersky blocks 47 million brute force attacks targeting remote workers

Darknet activity related to the impact of attacks (ads on the sale of data leaks and compromised data) dominates the statistics because they are spread over time, where criminals sell, resell and repackage many data leaks the past.

Organizations from Australia, India, mainland China and Pakistan are the main adversaries with an interest in launching an attack. These countries featured in 84% of ads in the attack preparation category. Pakistan and Australia are attracting huge interest as evidenced by the number of orders weighted by their GDP.

Data leaks

Regarding the size of infrastructure, enterprises and industrialization, mainland China is of relatively low interest to opponents. This may indicate the presence of a language-barrier cybercrime scene in the APAC region or complications with network-level access to organizations in the country.

The most promising findings relate to the execution phase of the attack: artifacts indicate that adversaries have capabilities or already have access to organizations’ networks or services, but there is no business impact yet. In terms of advertisements on the Darknet, indicating an executed attack, Australia, India, mainland China and the Philippines cover 75% of those detected by Kaspersky.

Once a data leak occurs, the sale or free access to the stolen information will follow. An indicator of compromise can be data leaks as well as insider activity orders, sale or free access to internal data including but not limited to databases, confidential documents , PII, credit cards, VIP information, financial data and many more.

Organizations in Australia, mainland China, India and Singapore take 84% of all data leaks and sell orders placed on the Darknet. Singapore and Australia’s data leak market is by far the largest when looking at GDP-weighted order quantities.

It should be noted that the Filipino, Pakistani and Thai organizations were among the adversaries interested in launching an attack or already appeared to be compromised, but the amount of data leaks is comparable to other countries in the middle of the group.

How to protect your business from these threats

-The demand for corporate and personal data on the black market is high and does not always involve targeted attacks. Attackers can gain access to a random company’s infrastructure to later sell it to blackmailers or other advanced cybercriminals.

An attack like this can affect a business of any size, large or small, as access to the corporate system is often priced at a moderate price on underground forums, especially when compared to the potential damage to a business.

Vendors on the dark web most often offer remote access via RDP. To protect the company’s infrastructure from attacks via remote access and control services, ensure that the connection via this protocol is secure by:

– provide access to services (e.g. RDP) only through a VPN,
– using strong passwords and Network Level Authentication (NLA),
– using two-factor authentication for all services,
– monitoring of access data leaks. Dark web monitoring is available on the Kaspersky Threat Intelligence portal.

Source link