Phishing and stealers dominate dark web forums (but don't mention ransomware)
The malware types and hacking services most discussed over the last year on dark web forums are dominated by phishing, stealers, zero-day attacks, and ransomware.
But the 2021 Year-End Data Breach Report from Risk Based Security finds discussing ransomware has been widely banned on major forums as evidenced by referring to ransomware offerings as 'crypters' or 'lockers' to avoid the post or account getting immediately banned.
The most popular access types advertised for sale on forums are admin- or user-level access for Remote Desktop Protocol (RDP), virtual private network (VPN) and content management systems (CMS).
According to the report 22 billion records were exposed in data breaches last year. While that's 14.5 billion fewer records exposed than the previous year, it's still the second highest year for the amount of confidential data compromised since 2005.
The report also shows there were five percent fewer publicly disclosed breaches, however, the number reported in the United States increased 10 percent, growing to 2,932 in 2021 compared to 2,645 in 2020.
Names and Social Security numbers (or their non-US equivalents) are the two most compromised data types. Interestingly though payment card information seems to have become less attractive to malicious actors and was compromised in only three percent of reported breaches.
Looked at by sector healthcare experienced the most incidents, accounting for 14 percent of reported breaches. However, when economic sectors are broken out into their component risk groups, financial services and software providers are the top two most breached business groups, with healthcare practitioners' offices coming in third. Manufacturing, not typically considered a popular sector to target, accounts for 10.5 percent of reported breaches.
The report's authors conclude:
If 2020 was a rollercoaster ride, 2021 was more of the same, but perhaps with a little less surprise at the twists and turns that defined the year. As hopeful as we were that law enforcement's successes against ransomware operators would put a damper on activity, new groups formed, updated malware strains arrived on the scene, and operations continued after a short blip in late
Accidental insider errors took a toll as well, contributing significantly to the number of records exposed during the year. What's more, these errors exposed highly sensitive information like Social Security numbers and their non-US equivalent. Much talk has been given to how the pivot to work from home would create a field day for malicious actors. Perhaps so, but the stress of the past two years is surely playing a role too in the amount of data exposed.
You can get the full report from the Risk Based Security site.