Dark Web

Web intelligence company Searchlight Cyber has released a new report on the ransomware landscape of the dark web, highlighting changing tactics and the groups that security teams need to look out for in 2024.

LockBit, BlackCat (also known as ALPHV or Noberus), and Cl0p were the most prolific ransomware groups of 2023 by the number of victims claimed on their dark web leak sites. However, a major finding of the report is that these groups' share of overall ransomware victims has actually decreased as the number of operators has grown.

A new report from Delinea shows that, while still not back to 2021 levels, ransomware attacks are increasing.

What's more, mid-sized companies appeared to be in cybercriminals’ sights the most, with 65 percent saying they've been a ransomware victim over the past 12 months. Organizations are also paying ransoms more frequently, up to 76 percent from 68 percent the prior year.

It's been another profitable year for the cybercriminal underworld. Once again, headlines have been regularly dominated by serious breaches such as the Royal Mail and Capita, whilst behind the scenes, criminal gangs have raked in huge profits.

The shadow economy of the dark web has continued to thrive and develop as a mirror of the legitimate business world. Threat actors are increasingly well-organized, from highly developed ransomware-as-a-service (RaaS) offerings to extremely lucrative vulnerability trading. Here, we'll delve into the most prominent trends driving the bustling dark web economy -- and how organizations can defend themselves against such threats.

A new report from HP Wolf Security reveals cybercriminal marketplaces offering low-level attackers the tools needed to bypass detection and infect users in the form of so-called 'meal kits'.

These are pre-packaged malware kits which give low-level attackers all the ingredients to evade detection tools, making it easier for them to breach organizations and steal sensitive data.

It won't come as any surprise that there's a thriving market among threat actors for the latest vulnerability exploits. A new report from Flashpoint lifts the lid on this world and reveals the exact vulnerability exploits that were listed for sale, purchased, and/or traded in the first half of 2023.

One of the most expensive was a remote code execution exploit for Adobe Commerce -- the eCommerce platform formerly known as Magneto -- which was listed for sale at $30,000. A Citrix ShareFile exploit was priced at $25,000.

Both ransomware groups and APTs continue to exploit vulnerabilities in public-facing applications, particularly in security appliances, business email technologies and enterprise file transfer products.

The latest mid-year threat review from Rapid7, based on the company's threat analytics and underground intelligence data, shows almost 40 percent of incidents Rapid7 managed services teams saw in the first half of 2023 were the result of missing or lax enforcement of multi-factor authentication, particularly for VPNs and virtual desktop infrastructure.

Historically Windows has been the favorite target of cybercriminals, but new research from Accenture suggests macOS is becoming a lucrative priority on the dark web and information on exploits is being traded for millions of dollars.

The Accenture Cyber Threat Intelligence (ACTI) team has noted a significant upward trend in dark-web threat actors targeting macOS from 2019 to 2022 and the volume from 2023 has overtaken 2022 in just the first six months.

A new report from the Secureworks Counter Threat Unit (CTU) uncovers a thriving market in infostealer logs that serves as a key enabler for some of the most damaging forms of cybercrime such as ransomware attacks.

On the 'Russian Market' site alone, the number of logs for sale increased by 150 percent in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

Analysis of exposed dark web assets from SpyCloud finds that the technology sector has the highest number of malware-infected employees and consumers, the highest number of exposed corporate credentials, and the most exposed malware cookie records.

In the analysis of the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, researchers uncovered 27.48 million pairs of credentials with corporate email addresses and plain text passwords, with over 223,000 exfiltrated by malware.

A new survey of over a thousand CISOs from large enterprises in the US and UK, finds that 93 percent are concerned about dark web threats and 72 percent believe that intelligence on cybercriminals is critical to defending their organization.

The report from Searchlight Cyber looks at how CISOs are gathering data from the dark web to improve their security posture.

It is estimated that by 2025, the annual global data consumption will amount to 181 zettabytes -- over ten times more than in 2015. Does it mean we will make ten times better-informed business decisions? Most likely not, and the reason is simple: according to different sources, 75 percent or more of the data companies collect lurks in the dark.

'Dark data' is the vast amount of information collected by businesses but never analyzed or used. It can be web and app logs, email correspondence, visitor tracking data, the information generated by IoT devices, etc. Nowadays, every business activity is recorded somehow. Most of this data is unstructured and gathered in different formats. This cornucopia of information has to be processed, stored, secured, and maintained. Instead of increasing ROI, it increases noise, hidden costs, and safety issues since companies are legally responsible for all the collected data, even if they don’t use it.

Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.

Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.

Netflix recently announced a crackdown on the sharing of account details and has introduced a paid sharing option to allow multiple users. It isn't surprising then that there's a thriving Dark Web market for streaming account details.

Research from AtlasVPN shows that account logins for popular streaming services are being sold for an average of $11.

Yesterday PayPal began sending out data breach notifications to thousands of its users who have had their accounts accessed via credential stuffing attacks which exposed some personal data.

BleepingComputer reports that almost 35,000 accounts were compromised in the attack which took place between December 6 and December 8, 2022.

We all know that stolen information is traded on the dark web, and new research by Trustwave looks at what is available and how much it costs. It also uncovers the additional services that are being offered to make it easier to commit fraud.

Details of a stolen credit card can be bought for as little as $8. Much more valuable though is a card with 'fullz' -- extra information on the victim that makes the card more usable. These can cost up to $70.