Over the last two years, Kaspersky’s Digital Footprint Intelligence team has uncovered a concerning trend: a surge in dark web posts related to the sale, purchase, and distribution of internal corporate information.
Cybercriminals are leveraging these platforms to trade stolen data obtained through cyberattacks.
The team’s findings revealed an average of 1,731 dark web messages per month between January 2022 and November 2023, totaling almost 40,000 messages.
Furthermore, Kaspersky’s research indicates a 16% increase in the number of posts offering access to corporate infrastructures compared to the previous year. Shockingly, every third company worldwide has been referenced in dark web posts associated with the illicit sale of data or access.
The dark web isn’t just a marketplace for stolen data; it also serves as a platform for cybercriminals to sell pre-existing access to corporate infrastructures.
Kaspersky’s research found that over 6,000 dark web messages advertised such offers between January 2022 and November 2023, with a 16% rise in the average monthly messages from 2022 to 2023.
Anna Pavlovskaya, an expert at Kaspersky Digital Footprint Intelligence, highlighted the deceptive nature of some dark web offers, emphasizing that certain databases might be combined and presented as new, such as ‘combolists’—aggregated databases from various previously leaked sources.
To address this growing concern, Kaspersky Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data being compromised in 2022.
The findings revealed that one in three companies were mentioned in dark web posts related to the illicit exchange of data, including data breaches, stolen access to infrastructure, or compromised accounts.
To mitigate the risks associated with data breaches, Kaspersky recommends implementing several security measures, including swift identification and response to breaches, continuous monitoring of the dark web, preparation of a communications plan, and the development of comprehensive incident response plans.
For more detailed statistics and insights, visit Securelist, and for incident response guidance, refer to the Kaspersky Digital Footprint Intelligence website.
To prevent unauthorized access to the affected companies’ data or infrastructure during the initiative, compromised data was not verified in any way.