Webhose Cyber Update: Latest News & New Sources Alert

Posted on July 14, 2021 by Webhose

read the article

A major LinkedIn breach, a new massive ransomware attack, and our latest addition of new sources are on our cyber update this time. Also, while news of the latest ransomware attack spread over the news, we were able to find a new and alarming ransomware attack in the making on the darknet.

All of that and more in our latest update from our cyber team, so let’s start.

LinkedIn Breach reveals data of over 90% of users

Picture credit: www.pixabay.com

A  second massive LinkedIn breach was reported as a popular hacker advertised data from 700 million LinkedIn users for sale, which is more than 92% of the total 756 million LinkedIn users.

The database is currently for sale on a hacker forum with a  sample of the data – information of one million LinkedIn users, which includes: email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn usernames and profile URLs, personal and professional experiences, background, gender, and other social media accounts and usernames. 

On the same day the hacker posted about the leak, Webhose crawled it and we have since crawled the entire sample database. 

Here’s the first post the hacker published, publicizing his news:

To find LinkedIn data breaches, run the query: (“Linkedin” OR “2021” OR “700” OR “sample” OR “leak”) AND site.domain:raidforums.com

Weekly Find: New Ransomware Discovered

Picture credit: Photostockeditor

While news of ransomware continues to dominate the agenda, Webhose has crawled an alarming post that was published by a hacker bragging about a new ransomware he is working on. The post appeared on Dread forums, a dark web discussion forum featuring news and discussions around darknet markets.

In the post, the hacker mentions his new ransomware named “Chaos”: 

Although Dread is a dark web forum that is mostly known for market discussions, it also has discussions related to hacking, including ransomware. We have detected this hacker’s post in Dread’s malware site section. 

In the comments, someone suggested the hacker talked to him directly as he may have a target for his new ransomware.

To find content related to early detection related to ransomware use the query:

 title:(“ПАРТНЕРСКАЯ ПРОГРАММА” OR partner OR affiliate OR raas OR “ransomware as a service” OR ПАРТНЕРКА OR “шифровальщик как услуга” OR ransomware OR ransom OR Trojan OR “Crypto Virus” OR “Cryptotrojan” OR “lock virus” OR эксплуатировать OR “вымогателей” OR malware

Trending: Major Ransomware Attacks up to 1,500 Companies

Hackers are suspected to be behind a mass extortion attack that affected between 800 to 1,500  companies worldwide late on Sunday. The hackers demanded $70 million in cryptocurrency to unlock the data they are holding ransom, according to a posting on a dark web site.

The ransomware was injected using a known vulnerability CVE-2021-30116 in Kaseya, an IT service provider directly connected to customer infrastructures. According to data from Webhose’s Cyber API, Kaseya was mentioned in hacker forums two years ago as an add-on that had vulnerability. 

A month ago, it was reported again on the Exploit hacking forum that the injection of Sodinokibi ransomware was enabled through the Kaseya console using powershell scripts. We also found evidence that seven months ago Kaseya account credentials were traded in RussianMarket.

As ransomware continues to threaten companies around the globe, this type of intelligence based on cyber data is critical for early detection of risks related to a wide range of organizations.

To find content related to Sodinokibi Ransomware use the query:

(Kaseya AND (Revil OR ransomware OR 0day )) OR “CVE-2021-30116”

New on Webhose: Two Carding Forums Now Available

Last week, we added two new carding forums to our coverage. Carding forums are a common type of communication on the dark web where actors share different carding methods and tools. Sometimes it also has sections dedicated to the sharing of hacking methods and leaked accounts that could further assist in the carding fraud. 

The first forum we added, “Blackhat Carding,” has 180,000 registered members and only has sections directly related to the sharing of carding methods and tools and carding-related discussions.

The second forum we added, “Carding World,” has 22,000 registered members and contains both sections related to carding and topics such as hacking and the sharing of leaked databases. 

To find content crawled from those forums to our Cyber API, use the following query:

site.domain:blackhatcarding* OR site.domain:cardingworld*

That’s it for our Cyber News Update from our Cyber Team this time. We’ll be back again next time with more exciting news from the world of cyber. Until then, if you come across anything interesting, don’t be shy -share it with us by dropping us a line on: cyber@webhose.io

Until next time, 

Team Webhose