Access to Innovation
Access to Capital
Access to Talent
Access to Market
Access to Knowledge
Date Trend snippet:
21 December 2021
Relevance date:
2020, 2021
Type of Treath or Oppertunity
Domain of application
Source of threat
Trends in Security
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Few Major Changes in the Dark Web threat landscape
With regard to the Dark Web, EU law enforcement agencies have reported few major changes in the threat landscape. While the infrastructure of Dark Web marketplaces has not changed drastically, several smaller developments that had already been taking place for some years have now become more commonplace
More source info
5.1 Similar goods and services, but more extortion and novel weapons
The types of goods and services for sale on the Dark Web have remained largely the same in the past 12 months. However, the presence of ransomware groups on dedicated hidden services on the Dark Web offering their malware ‘as-a-service’ has increased.
In last year’s IOCTA, Europol included the development of perpetrators threatening to sell or wipe data encrypted in a ransomware attack. Several countries reported that the exposure of data of individuals and companies had gained further traction as a business model for ransomware groups on the Dark Web. Governments have expressed similar warnings about such advanced extortion concerning ransomware groups that not only encrypted data, but also threatened to use DDoS attacks and leak stolen data if ransoms were not paid.
Weapons appear to be traded increasingly on encrypted chat applications, such as Telegram and Wickr, but sold slightly less on Dark Web marketplaces.
Furthermore, weapons were being sold on a Dark Web marketplace taken down in May 2021 by French authorities. InSeptember 2020, an illegal workshop for printing three-dimensional weapons was dismantled in Spain, revealing a novel modus operandi. The suspect downloaded templates for weapons printing from
the Dark Web.
Furthermore, vendors have not stopped seizing the opportunity to abuse the uncertainty surrounding the pandemic by offering fake vaccines and masks for sale, consequently scamming buyers.
5.2 More use of Monero and non-cooperative swapping services
Bitcoin has by far remained the go-to cryptocurrency of choice for users of the Dark Web. However, the criminal usage of privacy coin Monero on Dark Web marketplaces has further increased. As reported last year, Monero is becoming the most established privacy coin on the Dark Web. For example, a marketplace that only accepts Monero as a payment option was around from early 2019 to October 2021. Zcash was also seen as a payment option, but its usage has not come close to Monero. While criminals still make most payments in Bitcoin, recipients are increasingly converting them to Monero and other currencies by using swapping services. These services often operate on the Clearnet and in a grey area, utilising jurisdictions with lenient legislation and vague or non-existent know-your-customer (KYC) procedures. Some other services, such as Kilos3, are
operating on the Dark Web and even admit to ‘skirting legal procedures’. Kilos was already mentioned in last year’s IOCTA, but now it also deploys its own swapper and mixer, called ‘KSwap’ and ‘Krumble’ respectively.
The use of swappers falls within a bigger trend of adopting more complex money laundering methods. In the early days of Dark Web marketplaces, vendors often simply transferred cryptocurrency directly from a marketplace to an exchange. However, in the last few years, many different obfuscation methods have gained popularity, such as mixers, CoinJoin, swapping, crypto debit cards, Bitcoin ATMs, local trade and more.
Source:
Report
Internet Organised Crime Threat Assessment (IOCTA) 2021
Date published
11 November 2021
