Author: DarkOwl Content Team

February 10, 2025

Today, the tech community once again observes “Clean Out Your Computer Day” — a day dedicated to digital decluttering and system optimization. As we continue to rely heavily on our devices for work, personal life, and everything in between, maintaining a clean and efficient computer is more important than ever.

In 2025, DarkOwl would like to take you on a deeper dive into the practices and technical steps you can take to celebrate this day, ensuring your computer runs at peak performance. While the idea of “cleaning” often conjures up thoughts of brooms and maybe physical rooms, a digital cleanup requires a different approach, one that targets both visible and equally important, hidden clutter, within your system.

Why is Digital Cleanup Crucial?

Just like anything else you use in your day-to-day life, your computer requires regular attention and maintenance. Files pile up, software accumulates over time, and old data can slow down system performance. Even the simple habit of leaving multiple browser tabs open can add to the clutter, slowing things down and overwhelming your workspace. If left unchecked, these minor inconveniences can develop into significant issues, such as sluggish processing speeds, storage shortages, and even security vulnerabilities.

The key to a smoother computing experience lies in routine maintenance. To celebrate Clean Out Your Computer Day, we’re providing a roadmap to help you get started with the necessary steps for a comprehensive digital clean-up.

Step 1. Delete Unnecessary Files: The Hidden Culprits of Clutter

One of the most straightforward yet often overlooked tasks is deleting unnecessary files. Over time, documents, images, videos, and other data accumulate on your computer. While most of us are guilty of holding onto files “just in case,” these unused files take up valuable storage space and may even hinder system performance.

To address this, focus on:

• Temporary files: These are left behind by programs and browsers. They serve a brief purpose but rarely get deleted on their own.
• Old documents and downloads: If they haven’t been touched in months, they might not be worth keeping. Or they could be moved to an external hard drive.
• Duplicated files: Use a duplicate finder tool to locate and remove duplicates, especially in image libraries or document folders.

By identifying and deleting these unnecessary files, you’ll reclaim storage space and speed up your machine’s performance.

 Step 2. Organize Your Files: Achieve Digital Clarity

After you’ve cleared out the clutter, it’s time to organize. Just like physical paperwork, a disorganized digital workspace can cause confusion and delays. An unstructured file system can make it difficult to find what you need, when you need it.

Consider the following strategies:

• Create clear folder structures: Organize your documents into clearly labeled folders (e.g., “Work,” “Personal,” “Finances”).
• Use consistent naming conventions: This makes it easier to find files and also keeps your system organized over time.
• Archive old projects: If you’re not actively working on something, archive it into a separate folder to keep things neat.

Taking the time to organize your files not only makes them easier to locate, but it can also boost your productivity and reduce the stress of a chaotic digital environment.

Step 3. Backup Your Important Data: Protect What Matters

While it’s important to clean up your computer, it’s equally vital to back up important data before you proceed with any major changes. Whether it’s critical work documents, personal photos, or financial records, having a backup ensures you’re protected against potential data loss.

Here are some backup options to consider:

• Cloud Storage: Services like Google Drive, Dropbox, or iCloud make it easy to store and access your data from anywhere.
• External Hard Drives: If you prefer physical backups, an external drive offers the security of having a local copy.
• Automated Backup Solutions: Set up automatic backups to regularly back up your most important files, ensuring they’re always secure.

Step 4. Uninstall Unused Programs: Free Up Resources

We’ve all downloaded software that seemed useful at the time, only to never use it again. Left unchecked, these applications can sit dormant on your computer, consuming valuable resources such as RAM and storage space.

To optimize your system, perform the following:

• Uninstall unused applications: Go through your installed programs and remove anything you no longer need.
• Remove browser extensions: These can slow down your browser and collect unnecessary data.
• Reevaluate startup programs: Disable unnecessary startup programs that slow down boot times and consume system resources.

By cleaning out these unneeded applications, you can free up both storage space and system resources, leading to a smoother experience when using your computer.

Step 5. Run System Diagnostics & Updates: Optimize Performance

Routine diagnostics and software updates are vital to maintaining a healthy system. This ensures that your operating system is up-to-date and protected against security vulnerabilities.

Steps to follow:

• Run a disk cleanup: This built-in utility clears out cache files, system files, and other temporary data.
• Check for software updates: Update your operating system and any installed software to their latest versions. This ensures you benefit from performance improvements and security patches.
• Run a system scan: Use built-in or third-party antivirus tools to check for malware or other threats.

Regular maintenance like this keeps your system running efficiently, reduces the risk of security threats, and ensures everything is up-to-date.

Step 6. Manage Your Browser Tabs: Avoid the Digital Clutter Trap

In today’s fast-paced digital world, it’s easy to get into the habit of opening multiple tabs in your web browser, sometimes without even thinking about it. However, keeping dozens of tabs open can lead to unnecessary distractions, slower performance, and a cluttered, chaotic browsing experience.

To streamline your browsing habits, try the following:

• Use browser bookmarks:  Instead of leaving tabs open for future reference, save the webpages you need using bookmarks or a bookmark manager. You can organize them into folders (e.g., “Work,” “Research,” “Shopping”) for easy access. These can later be deleted when no longer needed.
• Utilize session managers: For ongoing projects or tasks that require multiple tabs, use browser extensions or tools that let you save and restore entire sessions, so you can close them without losing your progress.
• Limit open tabs: Be mindful of how many tabs you have open at once, especially when it comes to shared documents. If you find yourself opening too many, try to consolidate or close tabs you no longer need.

By adopting these habits, you’ll reduce distractions, improve browser speed, and create a cleaner, more organized online workspace.

In Conclusion: A Routine for a Cleaner, Faster Computer

On Clean Out Your Computer Day, take the opportunity to declutter your digital life. A clean and well-maintained system doesn’t just run faster; it also helps you stay organized, protects your important data, and reduces the risk of unnecessary security vulnerabilities.

Routine maintenance can seem tedious, but the long-term benefits far outweigh the effort. And remember, a clean computer not only leads to a smoother digital experience but also sets the foundation for a more productive and stress-free workflow.

---

Never miss any tips from DarkOwl. Follow us on LinkedIn.

February 04, 2025

While the Onion Router (TOR) is the most well-known dark web network, there are a number of other networks that have been developed which are used for various different reasons, while these sites do have some legitimate users and use cases, the anonymous nature of these networks also makes them attractive to criminal and other illicit actors. In this blog, we will explore some of the different networks that are available and how they are used by criminals.  

The History of the Dark Web 

The birth of the dark web can be traced back to the early 1990s when researchers at the United States Naval Research Laboratory (NRL) began exploring ways to create anonymous and secure communication channels. Driven by the need for a secure, untraceable network for intelligence communications, the NRL researchers, laid the groundwork for what would become known as onion routing.  

This project became the foundation of the darkweb, a network within the broader internet that required specialized software to access. Its origins were rooted not in cybercrime or illicit activities, but in the need for strong anonymity and privacy for sensitive governmental communications.

Although superseded by Freenet, which was launched in 2000 by Ian Clarke, a computer science student at the University of Edinburgh, to offer anonymous and censorship-resistant content sharing and communications, the Onion Routing Project was released publicly, in 2002, as Tor (The Onion Router). By making the software freely available, the NRL aimed to create a more robust and diversified network, one where traffic would be harder to trace due to the increased number of users. This move allowed civilians, journalists, and other non-government users to benefit from the anonymity that Tor provided, thereby expanding the user base and enhancing network security through sheer volume. Tor’s release as an open-source software encouraged further development by a global community of privacy advocates and researchers, transforming Tor into a more versatile tool over time. 

The public release of these tools as well as the advent of blockchain technology allowed for more of these networks to be developed over time, each being accessed in a slightly different way and used in different ways by different types of individuals.  

Different Dark Web Networks 

We will explore nine different dark web networks that are currently available, reviewing how they work, how they are accessed and how they are used by criminals. Although there are many networks it is worth noting that they do not all serve the same function and they are not all equally popular.  

Tor (The Onion Router) 

Tor is the most well-known anonymizing network that helps users maintain privacy and anonymity online. It routes your internet traffic through a series of volunteer-operated servers (called nodes), making it difficult to trace your online activity. Websites accessed via Tor use the “.onion” domain, providing anonymity for both users and hosts. The network is run by a not for profit who prioritize privacy. However TOR is also widely used by criminals to buy and sell illicit goods and activities. It is also used to share CSAM and adult materials. It has also famously been used to advertise hitmen.  

• Creation Date: 2002 
• Created By: Tor was initially developed by the U.S. Naval Research Laboratory to protect government communications. The project was later released to the public in 2002 to promote privacy and anonymity online. 
• Access Method: To use Tor, you must download and install the Tor Browser, which routes your web traffic through the Tor network. 
• Key Features: High privacy, decentralized, resistant to censorship, ideal for users who need anonymity. 

I2P (Invisible Internet Project) 

I2P is an anonymizing network, known as eepsites, designed to offer privacy and censorship resistance, particularly for hosting and accessing “hidden” services. Unlike Tor, which is more focused on browsing the surface web anonymously, I2P is optimized for internal, peer-to-peer communication. For this reason it can be popular with individuals wishing to communicate directly. It is known to be sued for sharing CSAM material, but the network also hosts marketplaces and forums similar to TOR.  

• Creation Date: 2003 
• Created By: I2P was created as an anonymizing network by a group of developers led by a person known as “Zer0.” It was designed as a secure alternative to the Tor network, focusing more on peer-to-peer communication and internal services. 
• Access Method: To access I2P, users need to download and install the I2P software, which establishes a network of encrypted tunnels for communication. 
• Key Features: Decentralized, highly anonymized peer-to-peer services, primarily used for file-sharing and private communications. 

ZeroNet 

ZeroNet is a decentralized, peer-to-peer network that uses blockchain technology to host websites. Sites on ZeroNet are resistant to censorship and operate through distributed nodes, meaning that users don’t rely on central servers. It uses Bitcoin’s blockchain for verifying content and uses the BitTorrent protocol for content distribution. This can make it very difficult to identify new content.  

• Creation Date: 2015 
• Created By: ZeroNet was created by an anonymous developer, “Zero,” and leverages the BitTorrent protocol and blockchain technology to provide decentralized websites that are resistant to censorship. 
• Access Method: Users need to install ZeroNet software and can then access ZeroNet websites, which often use the “.bit” domain. 
• Key Features: Blockchain-based, decentralized, resistant to censorship, peer-to-peer file sharing. 

Freenet 

Freenet is a decentralized, peer-to-peer platform designed for anonymous browsing and file sharing. It allows users to publish and access content in a way that is both private and resistant to censorship. Freenet operates on a distributed network where data is stored in a way that’s anonymous and cannot easily be removed. Criminals use Freenet to share illegal files, including pirated content, child exploitation material, or stolen intellectual property, with a high degree of anonymity. It can also be used to communicate anonymously.  

• Creation Date: 2000 
• Created By:  Freenet was launched in 2000 by Ian Clarke, a computer science student at the University of Edinburgh. It was developed to offer anonymous and censorship-resistant content sharing and communications. 
• Access Method: Users download and install the Freenet software, which enables them to access “freesites.” 
• Key Features: Censorship-resistant, decentralized, peer-to-peer, focused on anonymity and privacy. 

Loki (Oxen) 

Loki, now known as Oxen, is a privacy-focused cryptocurrency and decentralized platform. It uses the Oxen blockchain and features the Loki network, which facilitates private messaging, anonymous transactions, and secure browsing. Oxen enables users to create decentralized applications (dApps) that offer privacy and anonymity. Oxen can be used to conduct cryptocurrency transactions for illicit reasons and to communicate anonymously. The apps can also be used to create darkweb marketplaces and forums.  

• Creation Date: 2017 
• Created By: Created as a privacy-focused cryptocurrency and platform to offer secure, anonymous communication. The Oxen (formerly Loki) project was launched in 2017 to provide privacy-enhanced features, including secure messaging and decentralized apps. 
• Access Method: Users can interact with the network using the Oxen wallet or by utilizing the Loki Messenger app, which is designed for private, encrypted communication. 
• Key Features: Privacy-centric, anonymous messaging, decentralized, uses blockchain for secure operations. 

Yggdrasil 

Yggdrasil is a decentralized, encrypted mesh network aimed at offering secure, encrypted, and anonymous communication. It is an experimental, overlay network that seeks to integrate the concepts of privacy, anonymity, and security into a global decentralized infrastructure. 

• Creation Date: 2016 
• Created By: Yggdrasil Computing, Incorporated, a company founded by Adam J. Richter in Berkeley, California, developed the Yggdrasil Linux/GNU/X (LGX).  
• Access Method: Yggdrasil operates as a virtual network overlay and requires the installation of specific software to connect to it. 
• Key Features: Peer-to-peer, encryption, decentralized communication, secure and private. 

 IPFS (InterPlanetary File System) 

IPFS is a peer-to-peer protocol and network designed to make the web faster, safer, and more open by creating a decentralized file system. It allows for the storage and sharing of data in a distributed way, meaning that files are not stored on central servers but instead across the network. This can make it attractive to criminals who are wishing to share stolen data.  

• Creation Date: 2015 
• Created By: IPFS was proposed by Juan Benet and launched in 2015. Its goal is to create a distributed, peer-to-peer file system that makes the web faster, safer, and more open by using a decentralized model.  
• Access Method: To use IPFS, you need to install an IPFS client and access data stored across the distributed network. 
• Key Features: Decentralized file storage, censorship-resistant, peer-to-peer, versioning of files, faster content delivery. 

Unigrid 

Unigrid is a decentralized, secure, and censorship-resistant platform that focuses on providing internet access and data storage through peer-to-peer networks. It aims to offer a unified and decentralized infrastructure to facilitate hosting and accessing content across the web. 

• Creation Date: Unigrid does not have a widely recognized specific creation date or public history, as it is a relatively obscure and niche decentralized project. However, decentralized grid computing projects like Unigrid began emerging around the mid-2010s in response to growing interest in distributed infrastructures. 
• Access Method: Users can interact with Unigrid through decentralized applications that are built on top of its infrastructure. 
• Key Features: Decentralized, peer-to-peer, secure, censorship-resistant.  

Mysterium 

Mysterium is a decentralized VPN and proxy service that allows users to securely access the internet while maintaining privacy. The Mysterium network is built using blockchain technology and is powered by a global network of nodes. Users can choose to either be consumers of VPN services or providers. 

• Creation Date: 2017  
• Created By: The Mysterium Network was founded in 2017 by a group of developers and entrepreneurs who wanted to create a future where users could access information freely 
• Access Method: Users can download the Mysterium VPN app and select from a range of available nodes in the network to securely browse the web. 
• Key Features: Decentralized VPN, privacy, blockchain-based, secure internet access. 

Conclusion 

Many different dark webs exist, although they were primarily created in order to allow users to anonymously access the internet, to protect privacy and defeat censorship as well as ensuring there are decentralized network that are not controlled by one organization.  

However these features mean that these networks are also attractive to criminal users. Although each are used to a different degree, each of them are used in a similar way to conduct similar activities. However as law enforcement becomes more successful at taking down sites hosted on TOR, it is likely that criminals will move to other networks and other means of communications to conduct their criminal activity.  

---

Curious about DarkOwl’s coverage? Contact us.

February 03, 2025

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics – The Hacker News

The Lazarus Group, a North Korean state-backed cyber threat actor, was found to have targeted at least two employees at an unnamed “nuclear-related” organization. The attacks occurred in January 2024 and, according to BleepingComputer, involved the deployment of a new backdoor dubbed “CookiePlus.” The attacks were part of the ongoing cyber espionage campaign “Operation Dream Job.” Read full article.

2. DOJ Indicts Three Russian Nationals for Involvement in Cryptocurrency Mixing Services – The Hacker News

In a January 10, 2025, press release, the U.S. Department of Justice announced the indictment of three Russian nationals for their role in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Two of the three—Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik—were arrested in December, 2024, during an international operation involving the Netherlands’ Financial Intelligence and Investigative Service, Finland’s National Bureau of Investigation, and the Federal Bureau of Investigation (FBI). The third defendant—Anton Vyachlavovich Tarasov—is still at large. Article here.

3. Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware – The Hacker News

The Lazarus Group, a North Korean state-backed cyber threat actor, was found to have targeted at least two employees at an unnamed “nuclear-related” organization. The attacks occurred in January 2024 and, according to BleepingComputer, involved the deployment of a new backdoor dubbed “CookiePlus.” The attacks were part of the ongoing cyber espionage campaign “Operation Dream Job.” Read more here.

6. Chinese hackers targeted sanctions office in Treasury attack – Bleeping Computer

The Chinese state-backed threat actor Silk Typhoon has been linked to a string of attacks against several U.S. Department of the Treasury offices. In December, Chinese hackers gained access to the Treasury’s Office of Foreign Assets Control (OFAC), Committee on Foreign Investment in the US (CFIUS), and Office of Financial Research. The breaches were part of Silk Typhoon’s incursion into the Treasury Department’s unclassified system. Hackers gained access by breaching a BeyondTrust remote management service. The full impact of the Office of Financial Research hack is still being assessed. Read full article.

7. US charges Russian-Israeli as suspected LockBit ransomware coder – Bleeping Computer

In a December 20, 2024, press release, the U.S. Department of Justice (DOJ) announced it had charged 51-year-old Rostislav Panev—a dual Russian and Israeli national—for his suspected role as a developer for the LockBit ransomware group. Panev was arrested in Israel in August where he is currently awaiting extradition. LockBit, the notorious ransomware-as-a-service (RaaS) operation, first emerged in or around 2019 and was disrupted in February 2024 by an international law enforcement operation dubbed “Operation Cronos.” Read full article.

8. Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware – The Hacker News

Iranian threat actor Charming Kitten (also known as APT35, CharmingCypress, CALANQUE, Mint Sandstorm, Newscaster, ITG18, TA453, and Yellow Garuda) has been observed utilizing a new variant of BellaCiao malware in its attacks. The cybersecurity firm Kaspersky has dubbed the new C++ variant “BellaCPP.“ BellaCiao malware was first observed in 2023 and has since been used in cyber attacks against organizations in the U.S., India, and the Middle East. Learn more.

---

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

January 30, 2025

One of the biggest threats facing organizations from a cyber security perspective is ransomware. In 2024, the ransomware landscape experienced significant shifts, marked by the emergence of new threat actors, high-profile attacks, and evolving tactics. But what remained consistent was the upward trend of those organizations that fell victim to this kind of attack.  

In this blog we review the ransomware groups who were most active and the most significant ransomware attacks of 2024. 

Most Active Ransomware Groups of 2024 

RansomHub 

The group RansomHub first appeared in February 2024, with an announcement on the Russian forum RAMP. A user named “koley” made the announcement and invited others to join their affiliate program.  

Figure 1: Source: DarkOwl Vision

RansomHub quickly became one of the most active ransomware groups, claiming 593 victims by the end of the year. The group operates a ransomware-as-a-service (RaaS) model, targeting multiple platforms, including Windows, Linux, and ESXi.  

RansomHub’s affiliate program has been prolific over taking established groups, such as LockBit, in the number of victims they have. Notably, RansomHub was responsible for a significant breach of the U.S. healthcare payment system in 2024. 

LockBit 

Despite facing significant disruptions due to Operation Cronos in February 2024, LockBit affiliates managed to execute a substantial number of attacks, maintaining their presence in the ransomware ecosystem. Although access to their site has been spotty, the group have indicated they will launch Lockbit4.0 and asked people to join their affiliate program.  

Figure 2: Lockbit Leak site 

Play 

Active since June 2022, Play intensified its operations in 2024, with 362 claimed victims during the year. The group is known for exploiting vulnerabilities in widely used software, such as Fortinet, Citrix, and VMware’s ESXi, to gain initial access to target systems. This group continued its aggressive operations, doubling its victim count year-over-year and securing its position as one of the top three most active ransomware groups. However, unlike many other groups they do not offer ransomware as a service.  

Figure 3: Play Leak site 

Akira 

Debuting in March 2023, Akira is considered a successor to the Conti ransomware group. In 2024, Akira claimed 291 victims, continuing its aggressive targeting of various organizations. They follow the Ransomware-as-a-Service business model and practice the double-extortion technique. The adversary seems to target almost exclusively companies originating from and operating in the United States. They have also issued a directive to hit US healthcare organizations. 

Figure 4: Akira Leak site 

Significant Victims of 2024 

Change Healthcare Ransomware Attack (February 2024)  

Change Healthcare, a subsidiary of UnitedHealth Group and a major processor of U.S. medical claims, suffered a ransomware attack by the BlackCat (ALPHV) group. The breach affected the personal information of over 190 million individuals, including health insurance details, medical records, and personal identifiers. The company paid a $22 million ransom to recover the data. This attack, although not related, preceded the assassination of the company’s CEO. After the initial attack, and an exit scam by BlackCat, the company suffered a second extortion from the RansomHub group.  

CDK Global Ransomware Attack (June 2024) 

CDK Global, a key software provider for automotive dealerships, experienced a ransomware attack that disrupted operations across thousands of car dealerships in the U.S. and Canada. The company paid a $25 million ransom to the Eastern European and Russian hacker group BlackSuit to restore services.  

Blue Yonder (October 2024) 

A ransomware attack on Blue Yonder, a major software provider, disrupted operations for several companies, including Starbucks and UK grocery store Sainsbury’s. The attack affected Starbucks’ ability to manage barista schedules and track hours, necessitating manual workarounds. At the end of the year the re-emerging group CL0P also claimed to have hacked the company.

Albyn Housing Society Data Breach (August 2024) 

Albyn Housing Society, one of Scotland’s largest housing charities, was hacked by the ransomware gang RansomHub. Personal data of staff and tenants, including payroll and expenses claims, were leaked on the dark web. The attack highlighted the vulnerability of charitable organizations to cyber threats. 

Medisecure (May 2024) 

An Australian electronic prescription service provider suffered a ransomware attack leading to the theft of personal and health information of approximately 12.9 million individuals. This is the largest breach of data in Australia’s history.

Ransomware Trends in 2024 

December 2024 witnessed 574 ransomware attacks, the highest monthly total since monitoring began in 2021, indicating an alarming surge in activity. The year end high of victims forebodes what trends we expect to see in 2025, with the number of victims unlikely to decrease, despite efforts from law enforcement to shut down and arrest members of these groups.  

This in part is due to the fact that groups often reemerge after law enforcement action but also because new groups are emerging all the time. The number of active ransomware groups increased by 30% year-over-year, with 31 new groups entering the ecosystem.

In 2024 ransomware actors adopted more sophisticated methods, including the use of artificial intelligence to enhance the precision of attacks, and the emergence of hybrid ransomware combining traditional encryption with data manipulation or destructive malware.

These developments underscore the escalating complexity and frequency of ransomware threats, necessitating robust cybersecurity measures, dark web monitoring and vigilance as we move into 2025. 

---

Stay up to date with DarkOwl reporting. Follow us on LinkedIn.

January 28, 2025

Data Privacy Day, observed annually on January 28, is a global effort to raise awareness about the importance of data privacy and safeguarding personal information. As our lives become increasingly digital, the relevance of protecting personal data has never been more crucial. Whether you’re an individual managing your online presence or a business handling sensitive customer information, understanding data privacy is vital, as well as understanding the risks that are posed to you or your organization when your data privacy is breached.  

The History Behind Data Privacy Day 

Data Privacy Day traces its roots to the signing of Convention 108 in 1981, the first legally binding international treaty dedicated to privacy and data protection. It began in Europe and later gained global recognition, evolving into a day for reflecting on data practices and empowering individuals and organizations to protect their information. Laws have also been created in both Europe, with GDPR, (General Data Protection Regulation) and in the US such as CCPA (California Consumer Privacy Act)., which means that organizations need to comply and ensure that they are not only protecting their own data, but any data they come into contact with which may belong to others such as customers or employees.  

Why Data Privacy Matters 

Preventing Identity Theft 

Personal data breaches can lead to identity theft, financial fraud, and other cybercrimes. In 2023 alone, millions of people suffered from scams due to compromised personal data. These types of attacks can be devastating and cause untold financial hardships.  

Personal Risk – Social engineering attacks 

Exposed data can be used to build a picture of an individual which can then be used to inform social engineering attacks which can lead to further data loss and reputational damage. Furthermore, providing too much data about yourself can leave you open to physical risk, such as doxing attacks or stalking. 

Building Trust in Digital Spaces 

For businesses, trust is currency. Transparent data practices help companies build customer loyalty and comply with regulations like GDPR and CCPA. 

Enabling Informed Choices 

When individuals understand how their data is collected, stored, and used, they can make informed decisions about the digital platforms they engage with. Arguably social media companies and advertising agencies hold more data on us than governments. It is important to know how our data is collected, stored and used by these organizations.   

Protecting Personal Freedom 

Data privacy is not just about securing information; it’s about preserving freedom. Unauthorized data collection and surveillance can infringe on fundamental human rights, such as freedom of expression and association. 

How to Observe Data Privacy Day 

Educate Yourself 

Take time to learn about your rights concerning data privacy. Resources from organizations like the Electronic Frontier Foundation (EFF) or the International Association of Privacy Professionals (IAPP) can be helpful. Also understand the best way to protect your data and your organizations data.  

Review Privacy Settings 

Audit your social media and device settings to ensure you’re only sharing information you’re comfortable with. You should always have strong privacy settings so only those you want to see your data can. Also think before you post, do not post personal information online or share locations. 

Enable Multi-Factor Authentication 

Strengthen your online accounts by adding extra layers of security. Using an app is better than using text messages which can leave you open to OTP attacks. Also ensure you use a password manager so that you use a different password for each account. This way if data for one account is compromised it will not affect your other accounts.  

Advocate for Privacy in Your Workplace 

Encourage your organization to adopt robust data protection policies and provide training for employees. And make sure you practice what you preach! 

Know what data has been exposed 

Ensure that you are aware if any of your data has been exposed and what actions you can take to prevent the data loss having an impact on you. DarkOwl will provide monitoring to alert you when your information appears in a breach. 

Emerging Trends in Data Privacy 

AI and Privacy  

As artificial intelligence becomes more integrated into daily life, concerns about how AI systems process and store data are on the rise. These systems are built on data models and therefore data is at the heart of how they work. It is not just an issue of how they store data but what data they use to train their models. There are copyright and plagiarism concerns. But in a world where our images and our voices can be used we must expand what we view as “our” data. 

Data Sovereignty  

Countries are increasingly advocating for localized data storage and processing to enhance national security and privacy. Concerns are raised when data is held in countries which do not have strong privacy laws and how that data might be used  

Biometric Data Protection 

With technologies like facial recognition and fingerprint scanning becoming common, safeguarding biometric data is becoming a top priority. 

Conclusion 

Data Privacy Day is a reminder that protecting our personal information is a shared responsibility. As individuals, we need to stay vigilant about our online presence, and as a society, we must demand accountability and transparency from governments and corporations. Together, we can create a safer digital world where privacy is respected, and trust is earned. 

This Data Privacy Day, take a moment to reflect on your digital habits and make a commitment to safeguarding your privacy—and that of others. After all, in an era where data is the new oil, protecting it is protecting ourselves. 

---

Don’t miss anything from DarkOwl. Follow us on LinkedIn.

January 23, 2025

In an era dominated by subscription-based streaming platforms, the dark web has emerged as a hidden refuge for those seeking free access to premium content. Movies, TV shows, music, and even live sports are pirated and streamed illegally, with stolen accounts for streaming services often being sold. Thus creating a shadow market that poses significant challenges to content creators, distributors, and law enforcement alike. 

How Piracy Operates on the Dark Web

There are several activities which take place on the dark web which allow users to illegally obtain access to TV Shows, music and movies. This can range from directly accessing the content from the dark web, or using it to buy and sell access.  

File Sharing: Users upload and download copyrighted materials, bypassing paywalls and subscription fees. 

Figure 1: Examples of file sharing sites; Source: DarkOwl Vision

Live Streaming: Dark web platforms stream live sports events, concerts, and shows for free, often embedding malicious ads to profit from viewers. 

Figure 2: Streaming examples; Source: DarkOwl Vision

Subscription Bypassing: Some dark web sites distribute cracked versions of popular streaming services, granting unauthorized access to premium content. 

Figure 3: Available streaming services; Source: DarkOwl Vision

These activities thrive on anonymity and low costs. Many pirated content hubs are funded through cryptocurrency donations or ad revenue, allowing them to remain operational even as authorities try to shut them down. 

Accounts Hijacking: Accounts for streaming accounts can also be obtained through stealer log data, allowing hackers to use a legitimate account without having to pay.  

Figure 4: Stealer log data including streaming services; Source: DarkOwl Vision

Forums and tools: The dark web is also a place where users can discuss their illicit activities. With forums being used to discuss piracy and “free” streaming and tips for how to do this or access channels.  

Figure 5: Streaming Forum; Source: DarkOwl Vision

Tools are also shared to assist users.  

Figure 6: Piracy Tools; Source: DarkOwl Vision

Why Do People Turn to the Dark Web for Streaming? 

There are many reasons why individuals may seek to use the Dark web to stream content or view pirated materials. The most common reason is cost. Illicit users can access this information for free instead of having to pay for the service. With an increasing number of streaming platforms, the cost of subscribing to all of them becomes prohibitive. The dark web offers free access, albeit illegally. 

Some people may also use the dark web to bypass locational controls that they may come across. Certain shows or movies may not be available in specific regions due to licensing restrictions, driving users to pirated sources.  

As with all activities on the dark web, using the dark web for streaming allows users to engage in illegal activities without exposing their identities, reducing the perceived risk. They may therefore feel more comfortable accessing illicit accounts on the dark web rather than surface web sites that also offer access to pirated materials.  

Risks of Piracy on the Dark Web 

While the allure of free content is strong, accessing pirated material on the dark web comes with significant risks. It is illegal and is not condoned in anyway by DarkOwl. Downloading or streaming copyrighted material is illegal and can lead to hefty fines or legal action.  

However there are other reasons why it is not advisable to access streaming services or pirated materials from the darkweb. Many dark web streaming sites are laden with malware, phishing links, and ransomware. Which leaves the user open to attacks and their own data being stolen. If done using corporate networks this could have much. More dire consequences. 

Furthermore, users often inadvertently support criminal enterprises, including human trafficking and drug trade, by engaging with dark web piracy networks. 

The Impact on the Entertainment Industry 

The financial impact of piracy is staggering. According to a 2021 study by the U.S. Chamber of Commerce, global online piracy costs the U.S. economy over $29 billion annually. This loss not only affects studios and streaming services but also impacts jobs and revenue for creatives across the industry. 

Furthermore, piracy undermines the incentive for creators to produce new content. If creators can’t monetize their work effectively, the diversity and quality of entertainment options could diminish. 

Therefore it is imperative that media providers monitor the dark web in order to identify what practices are being used, which actors are active in this area, so disruptive action can be taken and understand what people are accessing.  

Conclusion 

The dark web’s role in piracy and illegal streaming highlights the complex interplay between technology, consumer behavior, and the law. While it might be tempting to seek free content through illicit means, the risks and repercussions far outweigh the benefits. By prioritizing ethical consumption and supporting fair compensation for creators, we can ensure a thriving and sustainable entertainment industry for years to come. 

---

Curious how DarkOwl can help your organization? Contact us!

January 20, 2025

Every 4 years on 20 January, a new president is sworn in during the Inauguration. On 20 January 2025, Donald Trump will be sworn in as the 47^th president (as well as the 45^th) of the United States of America. After an often controversial election cycle, this event is more polarizing than usual.  

During the election campaign Trump was a victim of an assassination attempt, which led to the death of one of his supporters. More recently the CEO of United Healthcare was gunned down on a Manhattan street, reportedly by an individual with grievances against the US health insurance system.  

These two events highlight the importance of security for publicly visible individuals. This includes monitoring the dark web and dark web adjacent sites to identify if any threats are being made to individuals or groups and to identify if any events are being planned. This is particularly important around an event as high profile as the inauguration. We therefore explore the discussions that are being held on the dark web relating to the inauguration.  

Discussions of the Inauguration

The majority of chatter relating to the inauguration that DarkOwl analysts have observed has taken place on Telegram. Although no direct threats were identified by DarkOwl analysts, a lot of discussion was identified relating to the event. With theories about why certain actions are being taken and if anything would happen on the day. A number of the posts seem to be related to conspiracy theories.  

One post identified suggested that individuals who have a fear of being arrested will not come to the inauguration. It is not clear why the poster believes this, if they think that an event will occur at the event that would lead to arrests or that arrests would happen for another reason.  

Another post ponders if arrests will be seen and suggests that the event may be some kind of “trap”:

While other posts suggest that local law enforcement agencies are unwilling to help protect the security of the inauguration. Although no evidence is provided for why they believe this.  

Other posts mention President Biden’s “farewell” speech claiming that it is fake as well as sharing the reporting that the inauguration will be moved inside.  

While it has been widely reported that the inauguration event is being moved indoors to cold weather, many commentators on Telegram have suggested that there are other more serious security reasons for this move. 

In the below post, the poster suggests that the event is being moved inside due to the previous assassination attempt against President Trump. 

While other posts suggest that there are other threats against the event which led to the change in venue. Suggesting that an individual believes there will be a bomb attack. This is based on a “vision” the individual had and does not appear to be based on any credible evidence.  

Others suggest that the move is not linked to the weather but don’t suggest what the alternate reason for the move might be.  

Others are taking advantage of the inauguration event to publicize new cryptocurrency coins “Trump Bitcoin.” Many in the cryptocurrency community have been very supportive of Trump and his financial policies in relation to regulation and taxation of cryptocurrency. Many are using his return to the presidency to promote their activities.  

DarkOwl also monitor a number of messaging app channels which are used by individuals associated with Islamic terrorism. While we did not identify any specific threats against the inauguration, the below images includes Trump and describes the reaction to his re-election.  

Conclusion 

The majority of chatter DarkOwl analysts observed on the dark web relating to the inauguration appeared to be related to conspiracy theories, especially related to the recent change of venue. While no specific threats were identified there was discussion about the possibility of arrests or some violence occurring and discussions that it may not be well secured.  

As this marks the beginning of Trump’s second presidency, it is likely that this kind of rhetoric will continue.  

---

Stay up to date with the latest from DarkOwl. Follow us on LinkedIn.

January 14, 2025

As we move into 2025, the ever-shifting landscape of cybercrime continues to evolve, with the darknet remaining a significant hub for illicit activities. From emerging technologies to shifting criminal tactics, understanding these trends is critical for cybersecurity professionals, law enforcement agencies, and the general public alike. Drawing on industry expertise, this post identifies seven major threats and trends expected to shape the darknet in the coming year. 

Rise of AI-Powered Cybercrime 

Artificial intelligence (AI) is set to play an increasingly prominent role in cybercrime. Criminals are leveraging AI technologies to automate attacks, analyze vast amounts of data, and create more sophisticated phishing schemes. According to a 2023 report from the cybersecurity firm Cybersecurity Ventures, cybercrime costs are projected to reach $10.5 trillion annually by 2025, with AI-driven attacks contributing significantly to this figure. 

AI algorithms can craft convincing phishing emails and even generate deepfake content that can be used to impersonate individuals, making it harder for victims to detect fraud. As AI tools become more accessible, even amateur criminals can execute complex attacks, making the darknet a breeding ground for AI-driven illicit activities. 

Increased Use of Cryptocurrency 

Cryptocurrency has long been the payment method of choice on the darknet, and this trend is expected to continue. However, as more legitimate businesses adopt cryptocurrencies, criminal enterprises will likely turn to new forms of digital currency that offer enhanced anonymity, such as Monero and Zcash. A report by Chainalysis indicated that more than 40% of cryptocurrency transactions on the darknet involve privacy coins, highlighting their growing popularity among criminals. 

In 2025, we may also see the emergence of decentralized finance (DeFi) platforms specifically tailored for darknet markets, providing criminals with new avenues for laundering money and conducting transactions anonymously. As regulatory scrutiny increases on mainstream cryptocurrencies, criminals will adapt and find ways to utilize less traceable options. 

Emergence of Advanced Social Engineering Techniques 

Social engineering remains a significant threat in the cyber landscape, and we expect to see more sophisticated tactics in 2025. Criminals will increasingly exploit psychological manipulation to deceive victims, using advanced techniques that involve personalized and context-aware phishing schemes. 

For example, threat actors may employ AI tools to gather information about individuals from social media and other online sources, crafting highly targeted attacks that are harder to detect. According to the FBI’s Internet Crime Complaint Center (IC3), losses from social engineering scams reached over $2.4 billion in 2022, and this figure is expected to rise as attackers refine their methods. 

Expansion of Ransomware as a Service (RaaS) 

Ransomware attacks have surged in recent years, and the RaaS model is becoming increasingly popular on the darknet. This model allows even low-skilled cybercriminals to launch ransomware attacks by purchasing or renting malware from experienced developers. A report from the Cybersecurity and Infrastructure Security Agency (CISA) indicates that ransomware attacks have increased by 150% since 2020. 

In 2025, we can anticipate a further proliferation of RaaS offerings, complete with customer support and user-friendly interfaces, making it accessible to a broader range of criminals. This trend could lead to more frequent and severe ransomware attacks, impacting businesses, governments, and individuals alike. 

Greater Focus on IoT Vulnerabilities 

As the Internet of Things (IoT) continues to expand, so do the opportunities for cybercriminals. The increasing number of connected devices creates a larger attack surface, and many IoT devices are inadequately secured. According to a report by the International Telecommunication Union (ITU), IoT vulnerabilities are expected to triple by 2025. 

Darknet markets will likely see a rise in the sale of exploits targeting IoT devices, including smart home systems and industrial IoT applications. Cybercriminals may leverage these vulnerabilities to launch attacks, steal personal data, or create botnets for distributed denial-of-service (DDoS) attacks. 

Shift Toward Decentralized Darknet Markets 

The future of darknet markets may involve a shift towards decentralized platforms that utilize blockchain technology. These markets could offer enhanced privacy and security features, making them more resistant to law enforcement actions. According to a study by the University of Southern California, decentralized marketplaces could become a preferred choice for criminals seeking anonymity. 

In 2025, we may witness the rise of decentralized dark web marketplaces that operate on peer-to-peer networks, allowing users to trade goods and services without relying on centralized servers. This shift could complicate law enforcement efforts and make it more challenging to track illicit activities. 

Increased Law Enforcement Activity 

As the threats associated with the darknet continue to evolve, so too will the efforts of law enforcement agencies. In 2025, we can expect increased collaboration among international law enforcement agencies to combat cybercrime. Initiatives like the Europol’s European Cybercrime Centre (EC3) and Interpol’s Cybercrime Directorate are likely to expand their reach, focusing on dismantling organized crime groups operating on the darknet. 

Moreover, advancements in forensic technologies will enhance law enforcement’s ability to trace illicit activities, even within decentralized environments. This ongoing battle between criminals and law enforcement will shape the future of darknet activities. 

Conclusion 

The darknet will remain a hotbed for illicit activities as we approach 2025, driven by technological advancements and evolving criminal tactics. Understanding these emerging threats is essential for anyone navigating the digital landscape, from cybersecurity professionals to everyday users. Staying informed and proactive is crucial in combating the ongoing challenges posed by the darknet and ensuring a safer online environment. 

---

DarkOwl can help with threats going into 2025. Contact us.

January 09, 2025

As we look back at  2024, the cybersecurity landscape has become ever more complicated and perilous. Last year brought a continual onslaught of cyberattacks from increasingly sophisticated adversaries and a keep-up-if-you-can rush to deal with newly emerging vulnerabilities. It’s clear that no sector is immune from cyber threats. 

From AI-driven scams to the breaches of critical infrastructure, the past year has once more shown that we are all part of the same cyber history. In some of these big incidents, there are dark lessons to learn for 2025. 

Ransomware: Still the Dominant Threat 

Ransomware was still one of the most widespread and harmful cyber threats in 2024, with cybercriminals going after organizations in all sectors regardless of size. They used ransomware to extort money, take selected operations hostage, and sometimes demand ridiculously high payments. However, the most significant incident of the year was not one of these smaller hits but rather a direct assault on Change Healthcare, a major provider of healthcare IT solutions. When they finished with the ransomware part of the job (which is what criminals often do), the cyber attackers stole lots of sensitive medical data. 

Just recently in December, Krispy Kreme experienced a major ransomware attack. It brought online ordering to an abrupt stop in several U.S. regions. Just as a new segment of society was embracing cozy conditions for in-store holiday shopping and ordering sweet treats from the drive-thru, the company hit the brakes on certain critical online ordering operations until it could bring them back up safely. 

Ransomware has been the predominant cybercrime story for the past few years. But it is increasingly overshadowed by another tale: AI-driven cyberattacks  

AI-Driven Cyber Attacks: A Double-Edged Sword 

AI-driven cyberattacks are quickly emerging as the next big frontier in “what hackers are up to.” For instance, deepfake technology advanced to such a level that it began to cause unease. Videos and audio with the voices of top executives created by AI convincingly tricked organizations into making unauthorized transactions, and the resultant data breaches were some of the biggest in recent history. Meanwhile, malware powered by similarly advanced AI posed a new challenge, as threat actors now had a polymorphic, or constantly changing, set of programs to use against us. These incidents have brought organizations to the point where implementing AI-based defensive tools and training among employees is inevitable in identifying these advanced scams and phishing attempts. This year has shown that to counter AI-enabled threats, the defenders will also have to tap into the power of AI themselves. 

Critical Infrastructure Breaches: A Stark Warning 

New trends in targeting key infrastructure were front and center to demonstrate what many consider worrisome developments for 2024: the exploitation of security holes by nation-state actors and cybercriminals—half a world away and right here in the U.S.—with potentially disastrous consequences for national security and public safety. In September, the Chinese-linked “Salt Typhoon” went after top U.S. telecom companies, like AT&T and Verizon, to compromise systems used in judicial wiretapping; a thoroughly alarming breach of national security. The health sector has suffered greatly, with ransomware assaults on hospitals disrupting patient care and cybercriminals targeting what has been described as “fragile medical systems.” These breaches have raised the alarm about the urgent need for a public-private partnership in “hardening” critical infrastructure. These breaches underlined the need for a public-private partnership in securing critical infrastructure. Regular penetration testing, detailed incident response planning, and coordination between governments and private organizations are needed to meet any other future risks. 

Cloud Security Challenges: Missteps and Vulnerabilities 

Meanwhile, as organizations continue to move more into the Cloud, two trouble spots have emerged: misconfiguration and defective APIs. The significant breaches brought attention to the dangers of adopting the Cloud, especially in places with little oversight.  

Snowflake was among the most popular cloud providers in one of the year’s largest incidents. The hackers accessed customer accounts using the stolen credentials, compromising companies like Advance Auto Parts and LendingTree. This breach exposed weaknesses in credential management and underlined the need for stricter security controls. The increased adoption of multi-cloud strategies further complicated the security landscape. Organizations needed help maintaining visibility across platforms, creating gaps that attackers exploited to access sensitive data. These challenges highlighted the need for robust monitoring tools, encrypted storage, and access controls to safeguard cloud environments. 

Supply Chain Attacks: Finding the Weakest Link 

Supply chain vulnerabilities continued to be one of the major problems for organizations in 2024 because attackers had been leveraging relationships with third-party suppliers and vendors to gain access. The consequences of such an attack trickled across industries, underlining how modern cybersecurity risks are interconnected. 

Early in the year, a ransomware attack knocked services offline and spilled sensitive medical data on millions of patients at Change Healthcare. Attackers also targeted open-source software, embedding malicious code in popular libraries and spreading their reach to innumerable organizations. These incidents have brought out the dire need for stringent vendor assessment, constant monitoring of third-party systems, and an incident response mechanism implemented quickly. Supply chains have become high priorities to protect as attackers increasingly make them a key entry point. 

The Talent Crisis: An Overlooked Threat 

The number and complexity of cyberattacks are rising, but the cybersecurity workforce is not growing fast enough to keep pace. With a talent shortage further stretched by high-stress levels and even burnout among cybersecurity professionals, organizations of all sizes are more exposed than ever to the myriad threats that come at them daily. And the most defenseless ones are often the same smaller and medium-sized businesses that have the fewest resources to help compete for the top people in the cybersecurity field. 

Numerous firms have embraced automation and shifted to managed security services to counter the shortage of cybersecurity professionals. Although the software issues created by Crowdstrike highlight the risks that having such a dependence can have. However, alleviating the talent crisis will require more than those stopgap measures. What would certainly work against that talent crisis has to do with a variety of things: multiple investments in education, training programs, and workforce development; equally, it requires attention and action regarding mental health and the promotion of better quality of work-life balance in cybersecurity professions. 

Taking Lessons from Cybersecurity in 2024 

The past year has been a harsh reminder of how far we still must go in the fight against cyber threats. Ransomware once again proved to be a relentless force, hitting businesses across every industry. High-profile incidents at Change Healthcare and Krispy Kreme exposed the weaknesses of outdated systems and the devastating impact of operational disruptions. 

Artificial intelligence brought a new dimension to cybersecurity as a weapon and a shield. Attackers used AI to create deepfake scams and more advanced malware, while defenders scrambled to adapt, integrating AI tools and training employees to recognize new types of attacks. The race to stay ahead of AI-driven threats will define the battles of 2025. 

Critical infrastructure breaches were among the year’s most alarming developments. Nation-state actors targeted telecommunications and healthcare systems, exposing vulnerabilities and jeopardizing public safety and national security. These events reinforced the need for stronger partnerships between governments and private companies to protect essential systems. 

Cloud security remained a persistent weak point. Misconfigurations and credential mishandling led to breaches like the Snowflake incident, affecting companies like LendingTree. As organizations expand into multi-cloud environments, they must focus on better oversight, stronger controls, and improved employee training. 

Supply chain attacks highlighted another growing danger. Attackers exploited third-party relationships to breach countless organizations. These incidents served as a warning: companies need stricter vendor assessments and constant monitoring of external systems to protect their own. 

Amid these challenges, the cybersecurity workforce faced a worsening talent crisis. Many teams were overburdened, understaffed, and unable to keep pace with the volume and complexity of threats. Addressing this gap will require investments in education, workforce training, and improving the quality of life for cybersecurity professionals. 

2024 made one clear: our cyber threats are evolving faster than ever. Ransomware continues to dominate. AI has become both a powerful ally and a dangerous adversary. Our critical infrastructure, cloud environments, and supply chains remain vulnerable. And the workforce tasked with defending against these threats is stretched thin. 

---

As we move into 2025, the question isn’t whether your organization will face an attack; it’s whether you’ll be ready for it. The time to act is now. Contact us.