January 28, 2025

Data Privacy Day, observed annually on January 28, is a global effort to raise awareness about the importance of data privacy and safeguarding personal information. As our lives become increasingly digital, the relevance of protecting personal data has never been more crucial. Whether you’re an individual managing your online presence or a business handling sensitive customer information, understanding data privacy is vital, as well as understanding the risks that are posed to you or your organization when your data privacy is breached.  

The History Behind Data Privacy Day 

Data Privacy Day traces its roots to the signing of Convention 108 in 1981, the first legally binding international treaty dedicated to privacy and data protection. It began in Europe and later gained global recognition, evolving into a day for reflecting on data practices and empowering individuals and organizations to protect their information. Laws have also been created in both Europe, with GDPR, (General Data Protection Regulation) and in the US such as CCPA (California Consumer Privacy Act)., which means that organizations need to comply and ensure that they are not only protecting their own data, but any data they come into contact with which may belong to others such as customers or employees.  

Why Data Privacy Matters 

Preventing Identity Theft 

Personal data breaches can lead to identity theft, financial fraud, and other cybercrimes. In 2023 alone, millions of people suffered from scams due to compromised personal data. These types of attacks can be devastating and cause untold financial hardships.  

Personal Risk – Social engineering attacks 

Exposed data can be used to build a picture of an individual which can then be used to inform social engineering attacks which can lead to further data loss and reputational damage. Furthermore, providing too much data about yourself can leave you open to physical risk, such as doxing attacks or stalking. 

Building Trust in Digital Spaces 

For businesses, trust is currency. Transparent data practices help companies build customer loyalty and comply with regulations like GDPR and CCPA. 

Enabling Informed Choices 

When individuals understand how their data is collected, stored, and used, they can make informed decisions about the digital platforms they engage with. Arguably social media companies and advertising agencies hold more data on us than governments. It is important to know how our data is collected, stored and used by these organizations.   

Protecting Personal Freedom 

Data privacy is not just about securing information; it’s about preserving freedom. Unauthorized data collection and surveillance can infringe on fundamental human rights, such as freedom of expression and association. 

How to Observe Data Privacy Day 

Educate Yourself 

Take time to learn about your rights concerning data privacy. Resources from organizations like the Electronic Frontier Foundation (EFF) or the International Association of Privacy Professionals (IAPP) can be helpful. Also understand the best way to protect your data and your organizations data.  

Review Privacy Settings 

Audit your social media and device settings to ensure you’re only sharing information you’re comfortable with. You should always have strong privacy settings so only those you want to see your data can. Also think before you post, do not post personal information online or share locations. 

Enable Multi-Factor Authentication 

Strengthen your online accounts by adding extra layers of security. Using an app is better than using text messages which can leave you open to OTP attacks. Also ensure you use a password manager so that you use a different password for each account. This way if data for one account is compromised it will not affect your other accounts.  

Advocate for Privacy in Your Workplace 

Encourage your organization to adopt robust data protection policies and provide training for employees. And make sure you practice what you preach! 

Know what data has been exposed 

Ensure that you are aware if any of your data has been exposed and what actions you can take to prevent the data loss having an impact on you. DarkOwl will provide monitoring to alert you when your information appears in a breach. 

Emerging Trends in Data Privacy 

AI and Privacy  

As artificial intelligence becomes more integrated into daily life, concerns about how AI systems process and store data are on the rise. These systems are built on data models and therefore data is at the heart of how they work. It is not just an issue of how they store data but what data they use to train their models. There are copyright and plagiarism concerns. But in a world where our images and our voices can be used we must expand what we view as “our” data. 

Data Sovereignty  

Countries are increasingly advocating for localized data storage and processing to enhance national security and privacy. Concerns are raised when data is held in countries which do not have strong privacy laws and how that data might be used  

Biometric Data Protection 

With technologies like facial recognition and fingerprint scanning becoming common, safeguarding biometric data is becoming a top priority. 

Conclusion 

Data Privacy Day is a reminder that protecting our personal information is a shared responsibility. As individuals, we need to stay vigilant about our online presence, and as a society, we must demand accountability and transparency from governments and corporations. Together, we can create a safer digital world where privacy is respected, and trust is earned. 

This Data Privacy Day, take a moment to reflect on your digital habits and make a commitment to safeguarding your privacy—and that of others. After all, in an era where data is the new oil, protecting it is protecting ourselves. 

---

Don’t miss anything from DarkOwl. Follow us on LinkedIn.

January 23, 2025

In an era dominated by subscription-based streaming platforms, the dark web has emerged as a hidden refuge for those seeking free access to premium content. Movies, TV shows, music, and even live sports are pirated and streamed illegally, with stolen accounts for streaming services often being sold. Thus creating a shadow market that poses significant challenges to content creators, distributors, and law enforcement alike. 

How Piracy Operates on the Dark Web

There are several activities which take place on the dark web which allow users to illegally obtain access to TV Shows, music and movies. This can range from directly accessing the content from the dark web, or using it to buy and sell access.  

File Sharing: Users upload and download copyrighted materials, bypassing paywalls and subscription fees. 

Figure 1: Examples of file sharing sites; Source: DarkOwl Vision

Live Streaming: Dark web platforms stream live sports events, concerts, and shows for free, often embedding malicious ads to profit from viewers. 

Figure 2: Streaming examples; Source: DarkOwl Vision

Subscription Bypassing: Some dark web sites distribute cracked versions of popular streaming services, granting unauthorized access to premium content. 

Figure 3: Available streaming services; Source: DarkOwl Vision

These activities thrive on anonymity and low costs. Many pirated content hubs are funded through cryptocurrency donations or ad revenue, allowing them to remain operational even as authorities try to shut them down. 

Accounts Hijacking: Accounts for streaming accounts can also be obtained through stealer log data, allowing hackers to use a legitimate account without having to pay.  

Figure 4: Stealer log data including streaming services; Source: DarkOwl Vision

Forums and tools: The dark web is also a place where users can discuss their illicit activities. With forums being used to discuss piracy and “free” streaming and tips for how to do this or access channels.  

Figure 5: Streaming Forum; Source: DarkOwl Vision

Tools are also shared to assist users.  

Figure 6: Piracy Tools; Source: DarkOwl Vision

Why Do People Turn to the Dark Web for Streaming? 

There are many reasons why individuals may seek to use the Dark web to stream content or view pirated materials. The most common reason is cost. Illicit users can access this information for free instead of having to pay for the service. With an increasing number of streaming platforms, the cost of subscribing to all of them becomes prohibitive. The dark web offers free access, albeit illegally. 

Some people may also use the dark web to bypass locational controls that they may come across. Certain shows or movies may not be available in specific regions due to licensing restrictions, driving users to pirated sources.  

As with all activities on the dark web, using the dark web for streaming allows users to engage in illegal activities without exposing their identities, reducing the perceived risk. They may therefore feel more comfortable accessing illicit accounts on the dark web rather than surface web sites that also offer access to pirated materials.  

Risks of Piracy on the Dark Web 

While the allure of free content is strong, accessing pirated material on the dark web comes with significant risks. It is illegal and is not condoned in anyway by DarkOwl. Downloading or streaming copyrighted material is illegal and can lead to hefty fines or legal action.  

However there are other reasons why it is not advisable to access streaming services or pirated materials from the darkweb. Many dark web streaming sites are laden with malware, phishing links, and ransomware. Which leaves the user open to attacks and their own data being stolen. If done using corporate networks this could have much. More dire consequences. 

Furthermore, users often inadvertently support criminal enterprises, including human trafficking and drug trade, by engaging with dark web piracy networks. 

The Impact on the Entertainment Industry 

The financial impact of piracy is staggering. According to a 2021 study by the U.S. Chamber of Commerce, global online piracy costs the U.S. economy over $29 billion annually. This loss not only affects studios and streaming services but also impacts jobs and revenue for creatives across the industry. 

Furthermore, piracy undermines the incentive for creators to produce new content. If creators can’t monetize their work effectively, the diversity and quality of entertainment options could diminish. 

Therefore it is imperative that media providers monitor the dark web in order to identify what practices are being used, which actors are active in this area, so disruptive action can be taken and understand what people are accessing.  

Conclusion 

The dark web’s role in piracy and illegal streaming highlights the complex interplay between technology, consumer behavior, and the law. While it might be tempting to seek free content through illicit means, the risks and repercussions far outweigh the benefits. By prioritizing ethical consumption and supporting fair compensation for creators, we can ensure a thriving and sustainable entertainment industry for years to come. 

---

Curious how DarkOwl can help your organization? Contact us!

January 20, 2025

Every 4 years on 20 January, a new president is sworn in during the Inauguration. On 20 January 2025, Donald Trump will be sworn in as the 47^th president (as well as the 45^th) of the United States of America. After an often controversial election cycle, this event is more polarizing than usual.  

During the election campaign Trump was a victim of an assassination attempt, which led to the death of one of his supporters. More recently the CEO of United Healthcare was gunned down on a Manhattan street, reportedly by an individual with grievances against the US health insurance system.  

These two events highlight the importance of security for publicly visible individuals. This includes monitoring the dark web and dark web adjacent sites to identify if any threats are being made to individuals or groups and to identify if any events are being planned. This is particularly important around an event as high profile as the inauguration. We therefore explore the discussions that are being held on the dark web relating to the inauguration.  

Discussions of the Inauguration

The majority of chatter relating to the inauguration that DarkOwl analysts have observed has taken place on Telegram. Although no direct threats were identified by DarkOwl analysts, a lot of discussion was identified relating to the event. With theories about why certain actions are being taken and if anything would happen on the day. A number of the posts seem to be related to conspiracy theories.  

One post identified suggested that individuals who have a fear of being arrested will not come to the inauguration. It is not clear why the poster believes this, if they think that an event will occur at the event that would lead to arrests or that arrests would happen for another reason.  

Another post ponders if arrests will be seen and suggests that the event may be some kind of “trap”:

While other posts suggest that local law enforcement agencies are unwilling to help protect the security of the inauguration. Although no evidence is provided for why they believe this.  

Other posts mention President Biden’s “farewell” speech claiming that it is fake as well as sharing the reporting that the inauguration will be moved inside.  

While it has been widely reported that the inauguration event is being moved indoors to cold weather, many commentators on Telegram have suggested that there are other more serious security reasons for this move. 

In the below post, the poster suggests that the event is being moved inside due to the previous assassination attempt against President Trump. 

While other posts suggest that there are other threats against the event which led to the change in venue. Suggesting that an individual believes there will be a bomb attack. This is based on a “vision” the individual had and does not appear to be based on any credible evidence.  

Others suggest that the move is not linked to the weather but don’t suggest what the alternate reason for the move might be.  

Others are taking advantage of the inauguration event to publicize new cryptocurrency coins “Trump Bitcoin.” Many in the cryptocurrency community have been very supportive of Trump and his financial policies in relation to regulation and taxation of cryptocurrency. Many are using his return to the presidency to promote their activities.  

DarkOwl also monitor a number of messaging app channels which are used by individuals associated with Islamic terrorism. While we did not identify any specific threats against the inauguration, the below images includes Trump and describes the reaction to his re-election.  

Conclusion 

The majority of chatter DarkOwl analysts observed on the dark web relating to the inauguration appeared to be related to conspiracy theories, especially related to the recent change of venue. While no specific threats were identified there was discussion about the possibility of arrests or some violence occurring and discussions that it may not be well secured.  

As this marks the beginning of Trump’s second presidency, it is likely that this kind of rhetoric will continue.  

---

Stay up to date with the latest from DarkOwl. Follow us on LinkedIn.

January 14, 2025

As we move into 2025, the ever-shifting landscape of cybercrime continues to evolve, with the darknet remaining a significant hub for illicit activities. From emerging technologies to shifting criminal tactics, understanding these trends is critical for cybersecurity professionals, law enforcement agencies, and the general public alike. Drawing on industry expertise, this post identifies seven major threats and trends expected to shape the darknet in the coming year. 

Rise of AI-Powered Cybercrime 

Artificial intelligence (AI) is set to play an increasingly prominent role in cybercrime. Criminals are leveraging AI technologies to automate attacks, analyze vast amounts of data, and create more sophisticated phishing schemes. According to a 2023 report from the cybersecurity firm Cybersecurity Ventures, cybercrime costs are projected to reach $10.5 trillion annually by 2025, with AI-driven attacks contributing significantly to this figure. 

AI algorithms can craft convincing phishing emails and even generate deepfake content that can be used to impersonate individuals, making it harder for victims to detect fraud. As AI tools become more accessible, even amateur criminals can execute complex attacks, making the darknet a breeding ground for AI-driven illicit activities. 

Increased Use of Cryptocurrency 

Cryptocurrency has long been the payment method of choice on the darknet, and this trend is expected to continue. However, as more legitimate businesses adopt cryptocurrencies, criminal enterprises will likely turn to new forms of digital currency that offer enhanced anonymity, such as Monero and Zcash. A report by Chainalysis indicated that more than 40% of cryptocurrency transactions on the darknet involve privacy coins, highlighting their growing popularity among criminals. 

In 2025, we may also see the emergence of decentralized finance (DeFi) platforms specifically tailored for darknet markets, providing criminals with new avenues for laundering money and conducting transactions anonymously. As regulatory scrutiny increases on mainstream cryptocurrencies, criminals will adapt and find ways to utilize less traceable options. 

Emergence of Advanced Social Engineering Techniques 

Social engineering remains a significant threat in the cyber landscape, and we expect to see more sophisticated tactics in 2025. Criminals will increasingly exploit psychological manipulation to deceive victims, using advanced techniques that involve personalized and context-aware phishing schemes. 

For example, threat actors may employ AI tools to gather information about individuals from social media and other online sources, crafting highly targeted attacks that are harder to detect. According to the FBI’s Internet Crime Complaint Center (IC3), losses from social engineering scams reached over $2.4 billion in 2022, and this figure is expected to rise as attackers refine their methods. 

Expansion of Ransomware as a Service (RaaS) 

Ransomware attacks have surged in recent years, and the RaaS model is becoming increasingly popular on the darknet. This model allows even low-skilled cybercriminals to launch ransomware attacks by purchasing or renting malware from experienced developers. A report from the Cybersecurity and Infrastructure Security Agency (CISA) indicates that ransomware attacks have increased by 150% since 2020. 

In 2025, we can anticipate a further proliferation of RaaS offerings, complete with customer support and user-friendly interfaces, making it accessible to a broader range of criminals. This trend could lead to more frequent and severe ransomware attacks, impacting businesses, governments, and individuals alike. 

Greater Focus on IoT Vulnerabilities 

As the Internet of Things (IoT) continues to expand, so do the opportunities for cybercriminals. The increasing number of connected devices creates a larger attack surface, and many IoT devices are inadequately secured. According to a report by the International Telecommunication Union (ITU), IoT vulnerabilities are expected to triple by 2025. 

Darknet markets will likely see a rise in the sale of exploits targeting IoT devices, including smart home systems and industrial IoT applications. Cybercriminals may leverage these vulnerabilities to launch attacks, steal personal data, or create botnets for distributed denial-of-service (DDoS) attacks. 

Shift Toward Decentralized Darknet Markets 

The future of darknet markets may involve a shift towards decentralized platforms that utilize blockchain technology. These markets could offer enhanced privacy and security features, making them more resistant to law enforcement actions. According to a study by the University of Southern California, decentralized marketplaces could become a preferred choice for criminals seeking anonymity. 

In 2025, we may witness the rise of decentralized dark web marketplaces that operate on peer-to-peer networks, allowing users to trade goods and services without relying on centralized servers. This shift could complicate law enforcement efforts and make it more challenging to track illicit activities. 

Increased Law Enforcement Activity 

As the threats associated with the darknet continue to evolve, so too will the efforts of law enforcement agencies. In 2025, we can expect increased collaboration among international law enforcement agencies to combat cybercrime. Initiatives like the Europol’s European Cybercrime Centre (EC3) and Interpol’s Cybercrime Directorate are likely to expand their reach, focusing on dismantling organized crime groups operating on the darknet. 

Moreover, advancements in forensic technologies will enhance law enforcement’s ability to trace illicit activities, even within decentralized environments. This ongoing battle between criminals and law enforcement will shape the future of darknet activities. 

Conclusion 

The darknet will remain a hotbed for illicit activities as we approach 2025, driven by technological advancements and evolving criminal tactics. Understanding these emerging threats is essential for anyone navigating the digital landscape, from cybersecurity professionals to everyday users. Staying informed and proactive is crucial in combating the ongoing challenges posed by the darknet and ensuring a safer online environment. 

---

DarkOwl can help with threats going into 2025. Contact us.

January 09, 2025

As we look back at  2024, the cybersecurity landscape has become ever more complicated and perilous. Last year brought a continual onslaught of cyberattacks from increasingly sophisticated adversaries and a keep-up-if-you-can rush to deal with newly emerging vulnerabilities. It’s clear that no sector is immune from cyber threats. 

From AI-driven scams to the breaches of critical infrastructure, the past year has once more shown that we are all part of the same cyber history. In some of these big incidents, there are dark lessons to learn for 2025. 

Ransomware: Still the Dominant Threat 

Ransomware was still one of the most widespread and harmful cyber threats in 2024, with cybercriminals going after organizations in all sectors regardless of size. They used ransomware to extort money, take selected operations hostage, and sometimes demand ridiculously high payments. However, the most significant incident of the year was not one of these smaller hits but rather a direct assault on Change Healthcare, a major provider of healthcare IT solutions. When they finished with the ransomware part of the job (which is what criminals often do), the cyber attackers stole lots of sensitive medical data. 

Just recently in December, Krispy Kreme experienced a major ransomware attack. It brought online ordering to an abrupt stop in several U.S. regions. Just as a new segment of society was embracing cozy conditions for in-store holiday shopping and ordering sweet treats from the drive-thru, the company hit the brakes on certain critical online ordering operations until it could bring them back up safely. 

Ransomware has been the predominant cybercrime story for the past few years. But it is increasingly overshadowed by another tale: AI-driven cyberattacks  

AI-Driven Cyber Attacks: A Double-Edged Sword 

AI-driven cyberattacks are quickly emerging as the next big frontier in “what hackers are up to.” For instance, deepfake technology advanced to such a level that it began to cause unease. Videos and audio with the voices of top executives created by AI convincingly tricked organizations into making unauthorized transactions, and the resultant data breaches were some of the biggest in recent history. Meanwhile, malware powered by similarly advanced AI posed a new challenge, as threat actors now had a polymorphic, or constantly changing, set of programs to use against us. These incidents have brought organizations to the point where implementing AI-based defensive tools and training among employees is inevitable in identifying these advanced scams and phishing attempts. This year has shown that to counter AI-enabled threats, the defenders will also have to tap into the power of AI themselves. 

Critical Infrastructure Breaches: A Stark Warning 

New trends in targeting key infrastructure were front and center to demonstrate what many consider worrisome developments for 2024: the exploitation of security holes by nation-state actors and cybercriminals—half a world away and right here in the U.S.—with potentially disastrous consequences for national security and public safety. In September, the Chinese-linked “Salt Typhoon” went after top U.S. telecom companies, like AT&T and Verizon, to compromise systems used in judicial wiretapping; a thoroughly alarming breach of national security. The health sector has suffered greatly, with ransomware assaults on hospitals disrupting patient care and cybercriminals targeting what has been described as “fragile medical systems.” These breaches have raised the alarm about the urgent need for a public-private partnership in “hardening” critical infrastructure. These breaches underlined the need for a public-private partnership in securing critical infrastructure. Regular penetration testing, detailed incident response planning, and coordination between governments and private organizations are needed to meet any other future risks. 

Cloud Security Challenges: Missteps and Vulnerabilities 

Meanwhile, as organizations continue to move more into the Cloud, two trouble spots have emerged: misconfiguration and defective APIs. The significant breaches brought attention to the dangers of adopting the Cloud, especially in places with little oversight.  

Snowflake was among the most popular cloud providers in one of the year’s largest incidents. The hackers accessed customer accounts using the stolen credentials, compromising companies like Advance Auto Parts and LendingTree. This breach exposed weaknesses in credential management and underlined the need for stricter security controls. The increased adoption of multi-cloud strategies further complicated the security landscape. Organizations needed help maintaining visibility across platforms, creating gaps that attackers exploited to access sensitive data. These challenges highlighted the need for robust monitoring tools, encrypted storage, and access controls to safeguard cloud environments. 

Supply Chain Attacks: Finding the Weakest Link 

Supply chain vulnerabilities continued to be one of the major problems for organizations in 2024 because attackers had been leveraging relationships with third-party suppliers and vendors to gain access. The consequences of such an attack trickled across industries, underlining how modern cybersecurity risks are interconnected. 

Early in the year, a ransomware attack knocked services offline and spilled sensitive medical data on millions of patients at Change Healthcare. Attackers also targeted open-source software, embedding malicious code in popular libraries and spreading their reach to innumerable organizations. These incidents have brought out the dire need for stringent vendor assessment, constant monitoring of third-party systems, and an incident response mechanism implemented quickly. Supply chains have become high priorities to protect as attackers increasingly make them a key entry point. 

The Talent Crisis: An Overlooked Threat 

The number and complexity of cyberattacks are rising, but the cybersecurity workforce is not growing fast enough to keep pace. With a talent shortage further stretched by high-stress levels and even burnout among cybersecurity professionals, organizations of all sizes are more exposed than ever to the myriad threats that come at them daily. And the most defenseless ones are often the same smaller and medium-sized businesses that have the fewest resources to help compete for the top people in the cybersecurity field. 

Numerous firms have embraced automation and shifted to managed security services to counter the shortage of cybersecurity professionals. Although the software issues created by Crowdstrike highlight the risks that having such a dependence can have. However, alleviating the talent crisis will require more than those stopgap measures. What would certainly work against that talent crisis has to do with a variety of things: multiple investments in education, training programs, and workforce development; equally, it requires attention and action regarding mental health and the promotion of better quality of work-life balance in cybersecurity professions. 

Taking Lessons from Cybersecurity in 2024 

The past year has been a harsh reminder of how far we still must go in the fight against cyber threats. Ransomware once again proved to be a relentless force, hitting businesses across every industry. High-profile incidents at Change Healthcare and Krispy Kreme exposed the weaknesses of outdated systems and the devastating impact of operational disruptions. 

Artificial intelligence brought a new dimension to cybersecurity as a weapon and a shield. Attackers used AI to create deepfake scams and more advanced malware, while defenders scrambled to adapt, integrating AI tools and training employees to recognize new types of attacks. The race to stay ahead of AI-driven threats will define the battles of 2025. 

Critical infrastructure breaches were among the year’s most alarming developments. Nation-state actors targeted telecommunications and healthcare systems, exposing vulnerabilities and jeopardizing public safety and national security. These events reinforced the need for stronger partnerships between governments and private companies to protect essential systems. 

Cloud security remained a persistent weak point. Misconfigurations and credential mishandling led to breaches like the Snowflake incident, affecting companies like LendingTree. As organizations expand into multi-cloud environments, they must focus on better oversight, stronger controls, and improved employee training. 

Supply chain attacks highlighted another growing danger. Attackers exploited third-party relationships to breach countless organizations. These incidents served as a warning: companies need stricter vendor assessments and constant monitoring of external systems to protect their own. 

Amid these challenges, the cybersecurity workforce faced a worsening talent crisis. Many teams were overburdened, understaffed, and unable to keep pace with the volume and complexity of threats. Addressing this gap will require investments in education, workforce training, and improving the quality of life for cybersecurity professionals. 

2024 made one clear: our cyber threats are evolving faster than ever. Ransomware continues to dominate. AI has become both a powerful ally and a dangerous adversary. Our critical infrastructure, cloud environments, and supply chains remain vulnerable. And the workforce tasked with defending against these threats is stretched thin. 

---

As we move into 2025, the question isn’t whether your organization will face an attack; it’s whether you’ll be ready for it. The time to act is now. Contact us.

January 07, 2025

Thanks to our analyst and content teams, DarkOwl published over 115 pieces of content last year, another new record for the team. DarkOwl strives to provide value in every piece written, highlighting new darknet marketplaces and actors, trends observed across the darknet and adjacent platforms, exploring the role the darknet has in current events, and highlighting how DarkOwl’s product suite can benefit any security posture. Below you can find 10 of the top pieces published in 2024.

Don’t forget to subscribe to our blog at the bottom of this page to be notified as new blogs are published.

1. The Rise and Fall of Breach Forum… For Now?​

In May, the popular data sharing dark web forum, BreachForums was seized by Law Enforcement. At the time of writing one of the clearnet mirrors was still up and pointing to a new Telegram channel promising to be back soon. 

By 23 May, BreachForums was back with a new onion address, the administrators ShinyHunters announced the new site on Telegram. Initially only those who had previously had an account were able to enter. Whereas its predecessor had many open areas the new site required users to login before any information could be shared. However, a few days later registration was opened. 

Many in the community have speculated that this new site is a honeypot from Law Enforcement and are avoiding it. However, ShinyHunters have been posting large leaks from well know organizations such as Ticketmaster which some have speculated is to increase interest in the site again. Read blog here.

2. 😈 The Dark Side of Emojis: ☠️ Exploring Emoji Use in Illicit and Underground Activities 😈 

Did you know that there are 3,664 emojis available in the United States alone? Emojis, the small digital icons used to express emotions, ideas, or objects, continue to be an integral part of modern digital communication. And while their innocuous appearance is often benign, there continues to be a growing body of evidence that bellies a darker side. A darker side that supports illicit and underground activities. Criminals continue to exploit emojis to communicate covertly, conducting illegal transactions and targeting innocent victims all while evading law enforcement and text-based detection systems.  

To celebrate World Emoji Day, this blog highlights some of the emojis used in illicit and underground activities. We will dive into how emojis are evading law enforcement and text-based detection systems. This is by no means an exhaustive list of contributing factors but merely an analysis of common overlapping gaps. Full blog here.

3. StarFraud Chat – Telegram Channel Analysis using AI

In the digital age, understanding user behavior and engagement within online communities is crucial for any OSINT or dark web investigator. Increasingly, Telegram channels have been used by threat actors to communicate, sell illicit goods, share disinformation, and generally communicate among other activities. Monitoring of these channels is important to track the activities of these groups and mitigate any threats they may pose to individuals and/or organizations.  

However, the amount of data that can be included in these channels can be very large in volume. DarkOwl, therefore, wanted to establish if AI (artificial intelligence) could be used to analyze the data included in a specific channel and what could be discerned from that data. Read blog here.

4. Site Spotlight: Doxbin

The site Doxbin is a paste site which allows users to post information in text format about other individuals, usually containing personal identifiable information (PII). Information is posted for a range of alleged reasons, which are usually provided in the title of the dox and can contain extensive information about individuals. Although this site is currently hosted on the clearnet and maintains an official Telegram channel, the site originally operated as an .onion site and is still used by dark web affiliated individuals. 

In this blog, we explore the history of the site, who is behind it and the impact that it can have on the victims of a dox, as well as alleged recent activity related to the reported owner. Read more.

5. Darknet Marketplace Snapshot Series: Dark Empire Market 

Darknet marketplaces (DNMs) are synonymous with where on the dark web users can buy and sell illicit goods.  

Traditional DNMs are defined as dark or deep web sites where numerous (often hundreds) vendors can sell various types of products ranging from drugs, digital goods, leaked databases, counterfeit documents, credit cards, etc.

As we continue our Darknet Marketplace snapshot series we will review Dark Empire Market, one of the most popular marketplaces available on the darknet today. Check it out.

6. Threat Actor Spotlight: SCATTERED SPIDER

In the digital age there are many groups of threat actors that operate in the cyber realm targeting different industries, countries and have different motivations. It is important to monitor these groups in order to identify who they are likely to target, what methods they are using and how they are operating. In this blog, we explore one such group known as SCATTERED SPIDER (SS) by security researchers. Read more.

7. Actor Spotlight: ShinyHunters

For fans of Pokémon, the name ShinyHunters refers to a practice of seeking out, capturing and collecting shiny Pokémon. However, on the dark web the term has a much more nefarious meaning.  

ShinyHunters is a cybercriminal group known for their high-profile data breaches and relentless pursuit of sensitive information, and has carved out a reputation as one of the most prolific and dangerous actors in the cybercrime arena.  

In this blog, we will take a deeper dive into their activities and their association with the dark web forum BreachForums. Read blog here.

8.  Darknet Marketplace Snapshot Series: Ares Market

Dark web marketplaces are synonymous with the dark web where users can buy and sell illicit goods. It began with Farm Market, followed by the more prolific Silk Road. Ever since Silk Road was taken down by law enforcement, different markets have jostled for supremacy. As such, dark web markets are perhaps one of the more recognized things to appear on the dark web and they operate just like surface web marketplaces with reviews, escrow services and reputations.  

However, in recent years law enforcement have become more and more successful at shutting down these marketplaces, meaning that the vendors have to move to new areas. There have also been a number of exit scams from marketplaces with the admins closing down the site and taking the funds in escrow. 

Originally established in 2021, Ares Market is a well-known marketplace that offers a variety of products, from illicit substances and pharmaceutical substances to digital fraud products ranging from credit card fraud, cryptocurrency fraud, malware source code as well as a robust variety of counterfeit products like currency and IDs. Learn more.

9. ISIS Activity on Messaging Apps

The Islamic extremist group formerly known as ISIS (Islamic State of Iraq and Al-Sham) or IS (Islamic State), a designated terrorist group, came to prominence in 2014, formed from al-Qaeda linked groups, declared itself a caliphate and occupied territory in Iraq and Syria. IS is a transnational Islamic extremist movement that now has more widespread support today in parts of Africa and Asia than at the time of its formation in 2014. The group has been responsible for and inspired terrorist attacks throughout the world, killing and injuring thousands. In this blog, DarkOwl analysts review recent terrorist attacks from IS and the groups activity on Telegram and Rocket.Chat. Full blog here.

10. Gaming and the Darknet

In celebration of National Video Game Day on July 8^th, this blog examines the intersection between gaming and darknet communities, notably instances of criminal activity targeting gamers or carried out by gamers themselves. This blog will highlight the prevalence of hacking in gaming communities—stolen accounts, pirated games, leaked data, etc.—as well as the infiltration of violent extremist ideologies into certain gaming communities. Read blog here.

2024, That’s a Wrap!

Thank you to everyone who reads, shares and interacts with our content! Anything you would like to see more of, let us know by writing us at [email protected]. Can’t wait to see what 2025 brings! Don’t forget to subscribe to our newsletter below to get the latest research delivered straight to your inbox every Thursday.

January 02, 2025

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Over 1,000 arrested in massive ‘Serengeti’ anti-cybercrime operation – Bleeping Computer

Between September 2 and October 31, 2024, an INTERPOL-led operation dubbed Serengeti resulted in the arrest of 1,006 suspects and the takedown of 134,089 malicious infrastructures and networks in 19 African countries. The joint INTERPOL and AFRIPOL operation specifically targeted criminals behind “ransomware, business email compromise (BEC), digital extortion and online scams.” Read full article.

2. FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized – The Hacker News

In a December 12 press release, the U.S. Department of Justice (DOJ) announced the seizure of Rydox, an illicit, online marketplace known for selling “stolen personal information, access devices, and other tools for carrying out cybercrime and fraud.” The press release also revealed the arrest of three Kosovo nations for serving as Rydox’s administrators. Two of the administrators were arrested in Kosovo while the third was arrested in Albania. Article here.

6. Romania’s election systems targeted in over 85,000 cyberattacks – Bleeping Computer

On December 4, Romania’s top security council declassified reports from its intelligence agencies which revealed an extensive influence operation carried out by Russia against the Romanian presidential election. According to the agencies’ findings, Romania’s election infrastructure was the target of over 85,000 cyber attacks. Furthermore, in the weeks leading up to the first round of the presidential election, intelligence agencies identified 25,000 TikTok accounts supporting Călin Georgescu, a far-right candidate who has “vowed to end all Romanian aid to neighboring Ukraine.” Read full article.

7. AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections – The Hacker News

A 26 November report from Recorded Future’s Insikt Group revealed an additional influence operation carried out by a Russia-based entity in an effort to influence public opinion regarding the ongoing Russia-Ukraine war. The campaign—dubbed “Operation Undercut”—was executed by the Social Design Agency (SDA), which the United States sanctioned in March, 2024, for “providing services to the government of Russia in connection with a foreign influence campaign.” Operation Undercut has been observed targeting audiences in the United States, Ukraine, and Europe. Read full article.

8. FBI spots HiatusRAT malware attacks targeting web cameras, DVRs – Bleeping Computer

In a December 16 Private Industry Notification (PIN), the Federal Bureau of Investigation (FBI) warned of HiatusRAT actors targeting Chinese-branded web cameras and DVRs. HiatusRAT—a Remote Access Trojan (RAT) used by threat actors to remotely gain control of a device—has focused on targeting devices waiting for security patches. This malicious activity was observed in March 2024, when the threat actors carried out a scanning campaign targeting Internet of Things (IoT) devices in several countries, including the U.S. Learn more.

---

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

December 30, 2024

As 2024 comes to a close, our content and marketing teams are taking a moment to reflect on the exciting events, trends, and changes the DarkOwl team experienced throughout the year. We’re eagerly looking ahead to a successful and prosperous 2025 and extend our best wishes to all our customers, partners, and readers! Thank you for your support over the past year—your engagement, readership, and willingness to share our content means the world to us.

We hope you continue to find the topics we explore valuable, enlightening, and engaging. One final marketing reminder for the year: be sure to sign up for our weekly newsletter to stay updated on the latest insights from our research and content teams!

DarkOwl Around the World

Trade Shows and Events

DarkOwl made the rounds this year traveling all over the world for trade shows and speaking sessions and we are so glad to be able to see our customers, partners, and prospects face to face. In 2024, the team attended several events all around the world from San Francisco, Las Vegas, Tampa, Omaha, Dubai, Riyadh, Singapore, Lille, Nuremberg, and more. Thank you to everyone who sat down with DarkOwl along the way. We hope to see even more you on the road in 2025. Check out where we will be in 2025 and request time to meet here.

Employee Fun and Events

The team not only traveled the globe for client meetings and conferences but also had plenty of fun back at DarkOwl’s headquarters in Denver, CO! With an increasingly remote-friendly workforce and a focus on attracting top talent, ensuring that everyone at DarkOwl remains connected has never been more important.

2 years ago, we adopted an owl! This year we renewed that adoption again! He jumped early from his Michigan nest in 2015 and fractured his right wing in two places and was on the ground for about a week next to a barn before he was picked up by the landowners and brought to a rehabilitation center. He was sent to the Raptor Education Foundation in Denver in August, 2016 where he now lives. You can learn more about him on his dedicated adoption page. 

We love our #Pets!

Gotta show some pet love as well from our Pets Slack Channel (the best channel).😻

Yearly reminder: DarkOwl analysts and their pets recommend you never use your pet’s name in any password combination as it is a popular term for threat actors using brute force attacks.

New Product Enhancements

At DarkOwl, we prioritize learning from our customers to ensure our products consistently deliver value. We are dedicated to enhancing our dark web data solutions with features tailored to the needs of analysts and threat intelligence teams. Here are some highlights from this year.

DarkOwl Purchases Certain Assets of Skurio Ltd.

In April, DarkOwl LLC announced that it has purchased certain assets of Skurio Ltd from the Administrators Keenan CF Ltd, effective March 22, 2024. These assets include certain customer information, source code, and other commercial material.

DarkOwl Revolutionizes Forum Data Analysis with Enhanced Structuring

DarkOwl announced a groundbreaking upgrade to its platform, empowering users with unparalleled insights into darknet forums. The new forum structuring feature represented a significant leap forward in data analysis, streamlining the user experience and enhancing the ability to extract actionable intelligence.

This evolution toward a more sophisticated approach allowed users to navigate darknet discussions like never before. DarkOwl enabled clients to reconstruct conversations in chronological order accurately and effortlessly, improved search capabilities, and streamlined navigation—empowering clients to uncover critical insights with ease.

Access to forum data, encompassing discussions on topics such as leaks, hacking, fraud, and more, in a structured format proved vital for organizations aiming to fortify their cybersecurity defenses and stay ahead of emerging threats. Additionally, forum usernames and enhanced user search capabilities facilitated deeper social and threat actor analysis. Clients could track threat actors’ activities across multiple threads and investigate all their communications within a particular forum. This advancement enhanced analysts’ ability to connect disparate pieces of information and identify emerging trends or patterns effectively.

Figures 1 and 2 (left to right): Previous view of a thread versus new enhanced view

Direct to Darknet

The team released “Direct to Darknet” within Vision UI in partnership with Authentic8, a leading provider of cloud-based secure browsing solutions. This feature allows users to further investigate Vision UI search results on forums, marketplaces, and other Onion sites. This can be helpful for an investigation to view the original website, view images or advertisements that may be on the sites, take a screenshot for reporting, and more. By combining DarkOwl’s comprehensive darknet database and monitoring capabilities with Authentic8’s Silo cloud browser, which is known for its secure browsing environment, organizations will gain unprecedented visibility and protection against cyber threats surfacing on the darknet.

Website Mentions

One of our most requested features from clients went live earlier this year! Website Mentions is a feature extraction in our dataset, which provides more inclusive searching and monitoring for domain results. This helps you surface more results when you search—such as results with subdomains as well as domains within URLs. 

Site Context for Forums

Site Context is information from the DarkOwl analyst team that gives additional enrichment about search results. This includes the Site Name and any aliases, and may include relevant dates or other information. Where available, options to pivot to Actor Explore, or to pivot to search associated Telegram channels will be present.

Jennifer Ewbank Joins DarkOwl Board of Directors

In August, Jennifer Ewbank, former Deputy Director of the CIA for Digital Innovation and founder of Andaman Strategic Advisors, joined the DarkOwl Board of Directors.

Ewbank brings decades of experience spanning technological innovation, operating expertise, geopolitical risk management, strategic global engagements and public-private partnerships.  As Deputy Director of the CIA for Digital Innovation, Ewbank guided what was a start-up inside the organization to a fully operational global team. Ewbank also led her global workforce in developing a competitive digital strategy, realigning projects to mission partners’ top priorities, and promoting integrated technical development across organizational boundaries. She also named the CIA’s first Director for AI and sponsored an ambitious AI strategy to achieve competitive advantage over global adversaries.

We are thrilled to have her on the team!

Clients Seeing Increased Demand for Dark Web OSINT

We understand how incredibly challenging it is to maintain insight into everything the threat actors have insight into. This year, we put an emphasis on leveraging our company’s expertise in darknet technology to gather the data that allows our clients and their customers to stay ahead of potential threats.

Newly announced partnerships include: 

---

Don’t miss any updates from DarkOwl in 2025 and get weekly content delivered to your inbox every Thursday.

December 19, 2024

This year’s Black Friday online shopping set a new record, with a total of $10.8 billion in sales. Meanwhile, according to Forbes, holiday shopping sales are expected to exceed $260 billion this year. With much shopping left to be done before the holidays, it is vital that buyers be cognizant of the types of holiday-related fraud often observed during this season. In light of the FBI’s recent warning to consumers regarding holiday fraud, this blog examines some of the most frequently observed holiday scams as well as recommendations for how to best defend oneself in the face of increased cybercriminal activity.   

Common Holiday Scams 

Online Shopping Scams 

Online shopping-related scams remain some of the most prevalent during the holiday season, as previously highlighted in DarkOwl’s Black Friday Scams blog. Among these, so-called “non-delivery” scams are especially common, and involve criminals offering deals—often via phishing emails or fake online advertisements—to attract consumers. The advertised items tend to be highly coveted goods, such as electronics or designer products, and are listed at a suspiciously low price. As the name “non-delivery” implies, the items are purchased but never received. The FBI’s Internet Crime Complaint Center (IC3) revealed in a 2023 report that non-delivery and non-payment scams (when goods are shipped by sellers but payment is never received) cost victims more than $309 million that year.  

In a recent report from EclecticIQ, analysts identified a phishing campaign targeting online shoppers in Europe and the U.S. for Black Friday. EclecticIQ assesses with high confidence that the campaign was likely carried out by a Chinese threat actor which the firm dubbed “SilkSpecter.” The report lists several identified phishing domains, including one posing as the American company The North Face. DarkOwl analysts located an additional fake North Face domain featuring the keyword “Christmas,” instead of “Black Friday.” As can be seen in the screenshots included below, the fake website uses a simplistic font that does not match that of the legitimate North Face website. Moreover, the website’s listings appear to be limited entirely to deals, all of which feature up to an 80% discount. The significant discount in and of itself stands out as a red flag, particularly when paired with promises of “free gifts” if buyers meet a baseline purchase amount. Additionally, most items appear to be in low stock, a detail meant to pressure buyers into purchasing the item as quickly as possible while supplies last. Finally, in the “contact us” section, the fake website lists an email that does not appear anywhere on the official North Face website. Unlike genuine customer service emails, the one included on the scam website does not use a North Face domain or any associated keywords.  

Figure 3: Illegitimate Listing   

Figure 4: Illegitimate Listing  Featuring “Free Gifts” 

Figure 5: Fake Customer Service Email 

Holiday Getaway Scams 

Similar to fake shopping websites mimicking legitimate businesses, scammers may also attempt to attract individuals to fake travel websites. In these instances, the scammers’ goals are the same: obtain victims’ personal information, including full names, social security numbers, and credit card numbers. Illegitimate travel-related websites may advertise non-existent getaways, flights, and accommodations.  

Phishing/Smishing 

Phishing emails, which aim to deceive victims into sharing personal information or installing malware, increase significantly during the holiday season. In an effort to mislead targets, senders often spoof a legitimate business and convey a sense of urgency. Claims of a failed package delivery or a delay in delivery are particularly common, especially during the holiday season when there is a greater urgency to receive packages on time. These fraudulent messages will often encourage the receiver to click a link to track/change a delivery or to update the payment method. Smishing—phishing via text message—has seen a notable rise over the past few years, particularly since 2020, and continues to persist. This method of delivery combined with the use of AI to fabricate convincing messages free of spelling errors has rendered the phishing threat landscape even more complex and difficult to navigate.   

Fraudulent Charity Scams 

In addition to shopping-related scams, the FBI has warned of charity scams being carried out during the holiday season. These scams are characterized by scammers creating fake charities or imitating legitimate charities to solicit donations through “phone calls, emails, crowdfunding platforms, and social media.” As highlighted by Forbes, these scams often prey on sympathy by appealing to victims emotionally. Moreover, as is often the case with phishing emails and texts, fake charity scams may also be characterized by a sense of urgency to pressure victims into donating.  

Gift Card Scams 

The IRS has notably warned of an increase in gift card scams in which scammers impersonate a legitimate company or government official to request gift cards. The agency has warned that scammers may send requests via email or call its victims to demand payment. In some instances, the fraudsters may even impersonate a colleague or acquaintance to request the purchase of a gift card and to subsequently share the card information.  

The FBI has also warned of gift card “draining,” another form of gift card fraud in which criminals steal the number and security code from a gift card in a store and re-seal the card for future purchase by an unknowing victim. 

Recommendations 

• Do not click on any suspicious links received via email or text, or located online. Phishing emails and texts often include links which, when clicked, may prompt the receiver to enter personal information or can even download malware on the device.  

• Do not respond to any suspicious texts or emails; doing so may prompt further phishing and smishing messages.  

• Verify websites, as scammers may spoof legitimate businesses and advertise fake deals. Before making any purchases, inspect the website’s URL to ensure that it is legitimate and has an “https” address, indicating that the site is secure. Fake shopping websites may also include grammatical errors and low-quality images.  

• Do not pay with pre-paid gift cards when prompted by sellers. Scammers often request payment via gift card to steal the card’s funds. Using a credit card instead can allow consumers to dispute charges and recover funds, if needed. 

• Inspect gift cards in stores; do not purchase the card if the packaging appears to have been tampered with.  

• Research advertised charities through trusted sources to avoid being scammed by fake charities.  

Ultimately, while holiday scams may be on the rise, there are steps individuals can take to safeguard themselves against these threats. It is also encouraged that suspicious websites, (fake shopping sites, fake charities, etc.), phishing emails, and phishing texts be reported to the Federal Trade Commission (FTC) and the FBI’s Internet Crime Complaint Center (IC3). Additional information can support these agencies’ investigations into reports of fraud and help prevent further scams.  

---

Never miss a thing from the DarkOwl team. Subscribe to email.