Kaspersky Digital Footprint Intelligence experts observed an average of 1,731 dark web messages per month about the sale, purchase and distribution of internal corporate databases and documents, totaling almost 40,000 messages between January 2022 and November 2023. The monitored resources encompassed dark web forums, blogs, and also shadow Telegram channels.
Distribution of the Dark web messages related to corporate data sale, purchase, or distribution, January 2022 – November 2023
Another category of data available on the dark web is access to corporate infrastructures allowing cybercriminals to purchase pre-existing access to a company, enabling attackers to streamline their efforts. According to Kaspersky’s research, more than 6,000 dark web messages have been advertising such offers in January 2022-November 2023. Currently, cybercriminals are increasingly offering access, with the average number of corresponding monthly messages witnessing a 16% rise from 246 in 2022 to 286 in 2023. While the number of messages may not seem high, it doesn’t diminish the potential magnitude of the issue. With the looming threat of supply chain attacks in the coming year, even breaches targeting smaller companies could escalate to impact numerous individuals and businesses globally.
“Not every message on the dark web contains new and unique information. Some offers can be repetitive; for instance, when a malicious actor aims to quickly sell data, they may post it on different underground forums to reach a larger audience of potential criminal buyers. Moreover, certain databases might be combined and presented as new. For instance, there are ‘combolists’ - databases that aggregate information from various previously leaked databases, such as passwords for a specific email address,” explains Anna Pavlovskaya, expert at Kaspersky Digital Footprint Intelligence.
An example of a ‘Combolist’ offer
To further enhance security of businesses worldwide, Kaspersky Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data being compromised in 2022, providing information about cyberthreats originating from the dark web.
The findings revealed that 233 organizations – one-in-three companies – were mentioned in dark web posts related to the illicit exchange of data. These references specifically involved topics such as data breaches, stolen access to infrastructure, or compromised accounts[1].
More statistics about dark web discussions are presented on Securelist, while the Kaspersky Digital Footprint Intelligence website provides a comprehensive incident response playbook for handling leak-related incidents. To avoid threats related to data breaches, it is worth implementing the following security measures:
[1] To prevent unauthorized access to the affected companies’ data or infrastructure during the initiative, compromised data was not verified in any way.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.