Threat Trend Report on Deep Web & Dark Web – Ransomware Groups & Cybercrime Forums and Markets of October 2024
Note
This trend report on the deep web and dark web of October 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true.
Major Issues
1. Ransomware
1.1. KillSec
On October 6, 2024, a company that provides insights on commercial real estate and investments in Korea was listed as a victim on the DLS (Dedicated Leak Site) and Telegram channel operated by the ransomware gang known as KillSecurity or KillSec. The affected company is a prominent player in the Korean real estate sector, providing comprehensive insights and analysis on commercial real estate investments. Based in Seoul, the company plays a crucial role in helping real estate professionals, investors, and stakeholders navigate the complex real estate market.
Figure 1. Victim company listed on KillSec DLS
The gang claimed that the leaked data includes personal credentials, educational records, business registration information, tax-related information, government-issued documents, contact information, institutional data, education completion certificates, market research data, industry trends, financial forecasts, company performance metrics, and more. Such data breaches can have a significant impact on the credibility and security of affected companies.
Figure 2. Sample data provided by KillSec as evidence of data leakage
The attack on a Korean company by the KillSec ransomware gang has revealed new threats in the Korean cybersecurity environment. Korean companies should be more cautious as this gang, which has previously targeted other foreign countries, has now attacked a Korean company for the first time.
It is noteworthy that, in general, the ransomware gang’s usual targets are manufacturing companies. However, this time the target was a commercial real estate information provider. The fact that real estate market data, financial projections, and market research reports were leaked shows an increase in cyberattacks on economic information. In addition, the leak of sensitive personal information such as individual identities, educational records, and business registration information highlights the growing importance of data protection responsibilities for companies.
The fact that the KillSec gang has announced their data disclosure 6 days after the breach shows how ransomware attacks are becoming more sophisticated. This means that companies need to approach cybersecurity as a strategic threat management issue.
This incident has brought the reality of global ransomware threats to Korean companies. In response, companies need to reevaluate their security systems, strengthen the protection of personal information, and improve their cybersecurity response systems by collaborating with the government. The importance of increasing investment in cybersecurity and maintaining continuous monitoring has also been emphasized.
2.2. Underground
Ransomware gang Underground claims to have launched an attack on Casio Computer Co., Ltd., a well-known electronics and IT manufacturer in Japan. They claim to have stolen 204.9 gigabytes of data from Casio Computer Co., Ltd. The stolen data allegedly includes confidential documents, legal documents, employee personal information, non-disclosure agreements, employee salary information, patent information, company financial documents, project information, and incident reports. Currently, all the data has been published on the DLS of the ransomware gang.
