Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention.
While the darknet does facilitate the sale of diverse data types, for example, bank card information, driver licenses and ID photos, etc.
As a result of our research, we found out that 223 in 700 companies were mentioned across Darknet in different data breach-related topics.
Statistically, it means that every third company was referenced in dark web posts associated with the sales of data or access, while from the news we know that even the companies with high cybersecurity maturity level were hacked.
Further in the article, we present a statistical overview encompassing all dark web posts regarding the sale, purchase, or free distribution of compromised accounts, data sourced from breaches, and corporate accesses spanning January 2022 to November 2023.
A data breach exposes confidential, sensitive information and can cause major problems.
The most common example are databases and internal documents, since every company of all sizes operate with confidential data which has a price.
The leaks can affect the company itself, the employees, and the customers.
According to Kaspersky DFI Portal, around 1,700 unique posts appeared on Darknet every month related to sale, distribution, or purchase of data breaches.
Other popular type of recirculating leakages are databases with scraped public data, such as names, profiles IDs and emails, from popular social networks.
Another popular type of data sold on Darknet is infrastructure accesses.
The reason for the infrastructure accesses popularity is simple: complex attacks almost invariably include several phases, such as reconnaissance, initial access to the infrastructure, gaining access to target systems and/or privileges, and the actual malicious acts.
For a business that wants to mitigate the risks related to infrastructure access sale, the very first challenge is to get to know about the sale.
The huge difference of this data type compared to other types is that cybercriminals prefer not to mention the company's name in the message so not to lose the access.
A few examples of forum messages with companies' attributes.
Typically, hacked access to corporate infrastructure includes accounts for a corporate VPN service and some servers or hosts in the internal networks.
There is another category of data which is a real find for gaining initial access - compromised accounts.
They still can do it if they do not need the data anymore and want to level up their rate among cybercriminal community on a specific darknet forum.
All three types of leaked credentials threaten companies since, despite prohibitions, employees use corporate email addresses to register on third-party websites.
In a typical scenario, company employees are using the same passwords for external services and for corporate resources, which can help cybercriminals to get unauthorized access to the corporate infrastructure.
This Cyber News was published on securelist.com. Publication date: Tue, 12 Dec 2023 10:13:05 +0000