Dark web forums are a hotspot for cybercriminals, and our team is continuously monitoring these forums and hacker conversations to better protect our users and partners from cybercrime. In these forums, hackers share tactics, tools, stolen data, and exploits that target both individuals and businesses, creating risks that can impact everyone. Here’s a summary of just a few snippets of the intelligence our team has encountered recently.
Hackers Boast About Hacking Cameras
Here are a few posts relating to hackers sharing how easy it is to hack into cameras. From CCTV and security systems to baby monitors, such devices are frequent targets due to weak or outdated security measures. In one instance, a hacker described how to hijack personal mobile cameras using a simple app, showcasing just how accessible such attacks can be.
Data from cameras enables hackers to follow a victim, collect data about them or even use the camera for further attacks in the form of botnet attacks. A botnet attack is when hackers take control of a large number of devices—like computers, smartphones, or even smart home gadgets—without the owners knowing. These devices, called "bots," are used together like an army to carry out cyberattacks.
Here are the screenshots of hackers discussing this:
Hacker’s Freelancing
When you think of a hacker, you might picture a character from a movie—someone sitting alone in their bedroom, having taught themselves everything they know. However, this stereotype is far from the truth! Today, many hacking groups operate like legitimate businesses, complete with structured recruitment processes and freelance opportunities for skilled professionals. This level of organisation enables them to carry out sophisticated attacks on a global scale. Here’s a screenshot of a developer posting in a forum and looking for work, with a detailed outline of their experience.
Yemen-Based Group Threatens Retaliation
A Yemen-based hacking group has issued threats of electronic and military attacks on the United States in response to geopolitical events. This highlights the ongoing intersection of hacktivism and cybercrime, where political motivations fuel destructive cyber activities.
Massive Data Scraping on Social Media
Cybercriminals have collected and shared 489 million records from Instagram, revealing user bios, names, emails, and other personal details. This stolen data can be used in phishing attacks and social engineering campaigns, turning seemingly harmless information into tools for fraud.
There is a common misconception that hackers specifically target individuals, but this is often not the case. The below shows how hackers utilise public sources and data harvesting to execute large-scale attacks.
How Insurers and Policyholders Can Mitigate These Risks
These insights into the dark web highlight the importance of proactive cyber risk management. Insurers and their policyholders can take various steps to reduce exposure to such threats:
- Educate policyholders on recognising phishing attempts, securing IoT devices, and practising good cybersecurity hygiene.
- Encourage vulnerability management, including regular system updates.
- Use or offer tools for monitoring and prevention, such as Breach Check, Cyber Xpert or Breach Defence
- Emphasise data minimisation by encouraging policyholders to limit the amount of personal information shared online.
- Use 2FA on all applications/accounts where possible
If you’d like to assess the cyber risks associated with your commercial client portfolio, please contact us. We are happy to conduct a free cyber risk assessment scan to help you identify potential security issues that could leave your policyholders vulnerable to a cyber attack. Just send us an email with the request:l at info@dynarisk.com.