40,000 internal corporate data for sale on Dark Web

Almost 40,000 dark web posts relating to the sale of internal corporate information have been uncovered according to a report by Kaspersky.

Cybersecurity experts observe that an average of 1,731 dark web messages per month about the sale, purchase and distribution of internal corporate databases and documents were made available between January 2022 and November 2023 on the dark web.

According to the Kaspersky report, the number of posts offering access to corporate infrastructure increased by 16% compared to 2023. Worldwide, one in every three companies is referenced in dark web posts associated with the sales of data or access.

The monitored resources also include dark web forums, blogs, and also shadow Telegram channels. Another category of data that is available on the dark web is access to corporate infrastructures which allows cybercriminals access to purchase pre-existing access to a company, enabling attackers to streamline their efforts.

Looming supply chain attacks

The report also shows a looming threat of supply chain attacks this year, even breaches targeting smaller companies could escalate to impact numerous individuals and businesses globally.

Anna Pavlovskaya, expert at Kaspersky Digital Footprint Intelligence, shares some insight into the value of the information being spread across the dark web saying “Not every message on the dark web contains new and unique information. Some offers can be repetitive; for instance, when a malicious actor aims to quickly sell data, they may post it on different underground forums to reach a larger audience of potential criminal buyers.”

She added that, “certain databases might be combined and presented as new. For instance, there are ‘combolists’ – databases that aggregate information from various previously leaked databases, like passwords for a specific email address.”

Kaspersky’s Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data being compromised in 2022, providing information about cyberthreats originating from the dark web.

Other resources that can help guide cybersecurity research related to the dark web are available on Securelist, while the Kaspersky Digital Footprint Intelligence website provides a comprehensive incident response playbook for handling leak-related incidents.

To avoid threats related to data breaches, it is worth implementing the following security measures:

• Swift identification and response to data breaches is essential. Those facing a crisis should start by verifying the source of the breach, cross-referencing internal data, and assessing the information’s credibility. Essentially, a company must gather evidence to confirm the attack occurred and that data has been compromised.
• Continuously monitoring the dark web allows for the detection of both fake and real breach-related posts, as well as the tracking of spikes in malicious activity. Given the resource-intensive nature of dark web monitoring, external experts often take on this responsibility.
• It’s beneficial to prepare a communications plan in advance to interact with clients, journalists, and government agencies.
• Developing comprehensive incident response plans that include designated teams, communication channels, and protocols allows for the prompt and effective handling of such incidents when they occur.