November 2024 Deep Web and Dark Web Trend Report
Note
This trend report on the deep web and dark web of November 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true.
Major Issues
1. Ransomware
1.1 RansomHub
The ransomware gang RansomHub claimed to have attacked SYM Global, a scooter and small automobile manufacturer based in Taiwan. RansomHub claimed to have stolen 265 GB of confidential data from SYM Global, and released a sample of the stolen data as evidence.
SYM Global is a company based in Taiwan, established in 1961. They manufacture cars, motorcycles, mobile products, parts/accessories, molds etc. The company is one of the leading automobile manufacturers in Taiwan and is particularly strong in scooters and small automobiles.
SYM Global has a strategic partnership with Hyundai Motor Company in South Korea. Through this partnership, SANYANG (SYM’s official company name) has grown to become a leading car manufacturer in Taiwan. SANYANG promotes the Hyundai brand and sells its products through its own marketing channels. The company also supplies high-quality parts to Hyundai Motor Company, making it a key partner in Hyundai’s global strategy.
On November 1, 2024, the RansomHub gang listed SYM Global as a victim on their Dedicated Leak Site (DLS). The gang usually gives victims a week to respond before publicly releasing the stolen data, which is a common strategy used by ransomware gangs to pressure victims.
Table 1. Ransomware Group’s Tactic Type
Analyzing the data disclosure strategy and behavioral psychology of ransomware group, the following can be summarized:
- Main Tactics
|
Tactics |
Specific Method |
Intended Effect |
| Time pressure | Setting time limit Displaying countdown timer |
Forcing rapid decisions Setting response time limit |
| Step-by-step data leak | Categorizing data (8-15 Items) Announcement of sequential release schedule |
Continual pressure Threat of expanding damage |
| Psychological pressure | Threat of data breach Emphasizing the risk increase by time |
Causing stress and anxiety Inducing quick surrender |
| Negotiation strategy | Conditioned data protection promise Proposing step-by-step negotiation |
Urging for victim’s cooperation Obtaining financial gain |
- Psychological and Behavioral Tactics
|
Psychological and Behavioral Tactics |
Implementation |
Expected Effect |
| Demonstration of control | Control of the data disclosure timing Seizing the initiative |
Inducing a sense of powerlessness Weakening resistance to threats |
| Creating fear | Setting a time limits Intensifying threats gradually |
Weakening judgment Maximizing anxiety |
| Creating a sense of urgency | Demanding an immediate response Creating time pressure |
Preventing adequate countermeasures Requiring immediate decision |
| Gaining the upper hand in negotiations | Threatening to increase damage gradually Setting negotiation terms |
Gaining negotiation advantage Increasing the acceptability of demands |
| Business approach | Communicating professionally Building transactional relationship |
Justifying criminal actions Disguising trustworthiness |
Table 2. Attacker’s Psychological and Behavioral Tactics
- Security Expert Recommendations
|
Recommendations |
Reasons |
| Implement zero trust principles | Lack of trustworthiness in the criminal organization High probability of data breach |
| Necessity of countermeasures | Regularly back up data in advance Enhance security measures |
Table 3. Recommendations for security professionals on the tactics and psychological behavior of ransomware groups
Ransomware threat actors are highly calculated in their psychological tactics to maximize fear and anxiety in their victims and gain their desired profit. However, security experts advise against trusting these promises. There is no reason to trust the words of these criminals, and in most cases, the threat actors may have already made copies of the data.
The RansomHub attack against SYM Global has the following important implications:
- Exposure of manufacturer vulnerabilities
It was revealed that companies in the manufacturing industry are vulnerable to cyber attacks. In particular, traditional manufacturing companies were found to have inadequate security measures in place during their digital transformation process.
- Importance of supply chain security
This incident highlighted the fact that ransomware attacks against global manufacturers can affect the entire supply chain. It also underscored the need to enhance security across the entire supply chain, including partners and customers.
- The Need for a Ransomware Response System
It became evident that a systematic incident response plan is necessary to counteract the strategies employed by ransomware threat actors, such as time pressure tactics and incremental data leaks.
The SYM Global attack case of RansomHub clearly demonstrates the severity of modern ransomware threats. Threat actors attempted to manipulate affected companies by applying sophisticated psychological pressure tactics, making it difficult for companies to respond promptly.
