An average of 1,700 posts with corporate data on the dark web per month

The Kaspersky Digital Footprint Intelligence team has unearthed nearly 40,000 posts on the dark web over the past two years about the sale of corporate insider information. These posts - created by cybercriminals - are used to buy, sell or distribute data stolen from various companies through cyberattacks. The number of posts offering access to corporate infrastructure saw a 16% increase compared to the previous year. Globally, one in three companies reported dark web posts related to data sales or access.

Kaspersky Digital Footprint Intelligence experts observed an average of 1,731 posts on the dark web per month related to the sale, purchase and distribution of corporate internal databases and documents, totaling nearly 40,000 posts between January 2022 and November 2023. The resources tracked included dark web forums, blogs, and Telegram shadow channels.

Another category of data available on the dark web is access to corporate infrastructure that allows cybercriminals to purchase pre-existing access to a company, allowing attackers to streamline their efforts. According to Kaspersky's research, more than 6,000 messages on the dark web have advertised such offers from January 2022 to November 2023. Currently, cybercriminals are increasingly offering access, with the average number of corresponding monthly messages increasing by 16% from 246 in 2022 to 286 in 2023. While the number of messages may not seem high, it does not diminish the potential magnitude of the issue. With the looming threat of supply chain attacks next year, even breaches targeting smaller companies could escalate to affect many individuals and businesses worldwide.

To further strengthen enterprise security globally, Kaspersky Digital Footprint Intelligence experts tracked reports from 700 random companies related to corporate data compromised in 2022, providing insights into digital threats originating from the dark web.

The findings revealed that 233 organisations - one in three companies - reported dark web posts related to illegal data sharing. These reports related to specific issues such as data breaches, infrastructure access or compromised accounts.
More statistics on dark web discussions are presented on Securelist, while the Kaspersky Digital Footprint Intelligence website provides a comprehensive guide to handling leak-related incidents. 

To avoid threats related to data breaches, it is worth implementing the following security measures:

• Rapid detection and response to data breaches is essential. Those facing a crisis should start by verifying the source of the breach, cross-checking internal data and assessing the reliability of the information. Essentially, a company must gather evidence to confirm that the attack occurred and that data has been compromised.
• Continuous monitoring of the dark web allows for the identification of both fake and real breach-related posts, as well as monitoring spikes in malicious activity. Given the resource-intensive nature of dark web monitoring, external experts often take on this responsibility.
• It is beneficial to prepare a communications plan in advance to interact with customers, journalists and government agencies.
• Developing comprehensive incident response plans that include defined teams, communication channels and protocols allows for immediate and effective handling of such incidents when they occur.