Average 1,700 posts with Corporate Data Surface on the Dark Web Monthly
The Kaspersky Digital Footprint Intelligence team has over the past two years uncovered almost 40,000 dark web posts about the sale of internal corporate information. These posts, created by cybercriminals, are used to buy, sell, or distribute data stolen from various companies through cyberattacks. The number of posts offering access to corporate infrastructure has seen a 16% increase compared to the previous year. Worldwide, every third company was referenced in dark web posts associated with the sale of data or access.
Kaspersky Digital Footprint Intelligence experts observed an average of 1,731 dark web messages per month about the sale, purchase, and distribution of internal corporate databases and documents, totaling almost 40,000 messages between January 2022 and November 2023. The monitored resources encompassed dark web forums, blogs, and shadow Telegram channels.
Another category of data available on the dark web is access to corporate infrastructure, allowing cybercriminals to purchase pre-existing access to a company, enabling attackers to streamline their efforts. According to Kaspersky’s research, more than 6,000 dark web messages have been advertising such offers from January 2022 to November 2023. Currently, cybercriminals are increasingly offering access, with the average number of corresponding monthly messages witnessing a 16% rise from 246 in 2022 to 286 in 2023. While the number of messages may not seem high, it doesn’t diminish the potential magnitude of the issue. With the looming threat of supply chain attacks in the coming year, even breaches targeting smaller companies could escalate to impact numerous individuals and businesses globally.
“Not every message on the dark web contains new and unique information. Some offers can be repetitive; for instance, when a malicious actor aims to quickly sell data, they may post it on different underground forums to reach a larger audience of potential criminal buyers. Moreover, certain databases might be combined and presented as new. For instance, there are ‘combolists’ – databases that aggregate information from various previously leaked databases, such as passwords for a specific email address,” explains Anna Pavlovskaya, expert at Kaspersky Digital Footprint Intelligence.
To further enhance security of businesses worldwide, Kaspersky Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data being compromised in 2022, providing information about cyberthreats originating from the dark web.
The findings revealed that 233 organizations – one-in-three companies – were mentioned in dark web posts related to the illicit exchange of data. These references specifically involved topics such as data breaches, stolen access to infrastructure, or compromised accounts.
More statistics about dark web discussions are presented on Securelist, while the Kaspersky Digital Footprint Intelligence website provides a comprehensive incident response playbook for handling leak-related incidents.
Essentially, a company must gather evidence to confirm the attack occurred and that data has been compromised. Continuously monitoring the dark web allows for the detection of both fake and real breach-related posts, as well as the tracking of spikes in malicious activity. Given the resource-intensive nature of dark web monitoring, external experts often take on this responsibility.
Also read:
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!