Over the past two years, almost 40,000 dark web posts about the sale of internal corporation have been uncovered by the Kaspersky Digital Footprint.
Created by cybercriminals, these posts are used to buy, sell, or distribute data stolen from various companies through cyberattacks. A recent survey has shown that the number of posts offering access to corporate infrastructure has seen a 16 percent increase compared to the previous year. Worldwide, every third company was referenced in dark web posts associated with the sales of data or access.
Kaspersky Digital Footprint Intelligence experts observed an average of 1,731 dark web messages per month about the sale, purchase and distribution of internal corporate databases and documents, totaling almost 40,000 messages between January 2022 and November 2023. The monitored resources encompassed dark web forums, blogs, and also shadow Telegram channels.
Another category of data available on the dark web is access to corporate infrastructures allowing cybercriminals to purchase pre-existing access to a company, enabling attackers to streamline their efforts. According to Kaspersky’s research, more than 6,000 dark web messages have been advertising such offers in January 2022-November 2023. Currently, cybercriminals are increasingly offering access, with the average number of corresponding monthly messages witnessing a 16% rise from 246 in 2022 to 286 in 2023. While the number of messages may not seem high, it doesn’t diminish the potential magnitude of the issue. With the looming threat of supply chain attacks this year, even breaches targeting smaller companies could escalate to impact numerous individuals and businesses globally.
“Not every message on the dark web contains new and unique information. Some offers can be repetitive; for instance, when a malicious actor aims to quickly sell data, they may post it on different underground forums to reach a larger audience of potential criminal buyers. Moreover, certain databases might be combined and presented as new. For instance, there are ‘combolists’ – databases that aggregate information from various previously leaked databases, such as passwords for a specific email address,” explains Anna Pavlovskaya, expert at Kaspersky Digital Footprint Intelligence.
To further enhance security of businesses worldwide, Kaspersky Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data being compromised in 2022, providing information about cyberthreats originating from the dark web.
The findings revealed that 233 organisations – one-in-three companies – were mentioned in dark web posts related to the illicit exchange of data. These references specifically involved topics such as data breaches, stolen access to infrastructure, or compromised accounts