Dark Web Exposes Alarming Surge in Corporate Data Sales: Kaspersky Report

Kaspersky Digital Footprint Intelligence offers a comprehensive incident response playbook for handling leak-related incidents.

In a chilling revelation, Kaspersky Digital Footprint Intelligence has unearthed nearly 40,000 dark web posts over the last two years, shedding light on the rampant trade of internal corporate information.

These sinister posts, originating from cybercriminals, serve as conduits for the illicit buying, selling, and distribution of data pilfered through cyberattacks. Shockingly, the number of posts peddling access to corporate infrastructure has surged by 16% compared to the previous year, implicating every third company globally in dark web transactions related to data or access sales.

Kaspersky’s Digital Footprint Intelligence team meticulously monitored dark web forums, blogs, and shadow Telegram channels, discovering an average of 1,731 dark web messages monthly between January 2022 and November 2023. These messages pertained to the sale, purchase, and distribution of internal corporate databases and documents, signifying a pervasive and escalating threat to businesses worldwide.

The alarming trend doesn’t stop there. Another ominous category on the dark web involves the sale of access to corporate infrastructures. Cybercriminals are capitalizing on pre-existing access, streamlining their malevolent efforts. The research reveals that more than 6,000 dark web messages advertised such access offers from January 2022 to November 2023.

A concerning 16% increase in the monthly average messages, from 246 in 2022 to 286 in 2023, underscores the growing risk enterprises face in safeguarding their digital assets.

Anna Pavlovskaya, an expert at Kaspersky Digital Footprint Intelligence, emphasized the nuanced nature of these dark web messages. Some offers may be repetitive, posted across various underground forums to reach a wider criminal audience, while others may combine databases to present them as new. The prevalence of ‘combolists,’ aggregating information from multiple leaked databases, poses a unique challenge to cybersecurity.

In a bid to fortify global business security, Kaspersky Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data compromises in 2022.

The findings are alarming, with 233 organizations – a staggering one-in-three companies – mentioned in dark web posts related to the illicit exchange of data. The references spanned topics such as data breaches, stolen infrastructure access, and compromised accounts, highlighting the pervasive nature of these cyber threats.

As the specter of supply chain attacks looms large in the coming year, even breaches targeting smaller companies could potentially escalate to impact countless individuals and businesses globally. In response, experts urge swift identification and response to data breaches.

Companies are advised to gather evidence confirming the occurrence of an attack and compromised data. Continuous monitoring of the dark web is deemed essential to detect both fake and real breach-related posts, along with tracking spikes in malicious activity. Given the resource-intensive nature of dark web monitoring, external experts often assume this responsibility.

For a more in-depth exploration of the statistics and discussions on the dark web, interested parties can refer to Securelist.

Additionally, Kaspersky Digital Footprint Intelligence offers a comprehensive incident response playbook for handling leak-related incidents. The stakes have never been higher, and proactive cybersecurity measures are paramount to safeguarding businesses from the ever-evolving and insidious threats lurking in the shadows of the dark web.