Digital Shadows released research on the most popular items for sale on the dark web this holiday season – this one is shaping up to be different than any before with many consumers turning to online shopping instead of brick and mortar.

Many shoppers forwent Black Friday sales in favor of Cyber Monday – chasing deals while avoiding the crowds. For cybercriminals, it’s been no different, and from stolen account credentials to drugs, malicious actors are enjoying fire-sales on almost everything one could desire in their toolkit. These include:

  • Compromised account credentials for services like Hulu, Netflix, and Disney+, plus corporate and government databases and exploits to vulnerabilities. Researchers also found multiple account accesses advertised across carding sites and forums, including Club2Card, XSS and Raidforums, all for discounted prices.
  • Illicit drugs: Many vendors across cybercriminal marketplaces (such as Dread) are offering discounts on ampheamines, cannabis, Xanax, and Adderall.
  • Hacking tools services, and resources, including DDoS services and HTTPS/SOCKS proxies as well as discount offers for Linken Sphere browser and KleenScan: Many cybercriminal operations, says Digital Shadows, rely on proxies to maintain anonymity or improve the likelihood of accessing an account, which result in long-lasting potential and offer cybercriminals more tools in their arsenal.
  • Subscription services for databases, checkers, mailers, exploits, combolists, and automated payload injections

Many of these items can be leveraged to conduct financial cybercrime, extortion, or other technology-based skullduggery-for-profit. The risks are higher than ever as many have turned to online shopping, allowing cybercriminals to have a broader attack surface to commit fraud and other malicious acts. Digital Shadows is recommending users to be mindful of where online shopping is conducted, to not always trust the padlock, and to avoid buying counterfeit goods.

Dark Web ID from Trinity Worldwide Technologies detects your compromised credentials in real-time on the Dark Web. Using a proprietary technology, we vigilantly search the most secretive corners of the Internet to find compromised credentials associated with your company, contractors and other personnel, and notifies you immediately when these critical assets are compromised, before they are used for identity theft, data breaches or other crimes.

We would like to offer you a complimentary Dark Web scan for your company. It will tell you if any of your employees’ login/password combinations are on any of more than 600,000 sites on the Dark Web. 

Give us a call at 732.780.8615 or email us at [email protected] if you have any questions on the security of your IT Environment or how to make technology work for your business.