InTegriLogic Blog

Let Dark Web Facts (Not Hype) Inform Your Security Decisions

Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.

 

Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.

• Dark Web activity has increased by 300% in the last 3 years.
• Over 30% of North Americans access the dark web regularly.
• In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
• More than 22 billion new records were added to the dark web in 2020
• Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
• An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
• About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
• The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
• Hackers attack every 39 seconds, on average 2,244 times a day.
• 60% of the information available on the Dark Web could potentially harm enterprises.

 

What’s For Sale on the Dark Web?

In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games.

In a recent breakdown of activity in popular dark web forums, researchers noted:

• An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
• Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
• Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
• About 7% of forum posts were ads for hackers looking for work.
• 2% of forum posts were made by cybercriminal developers who were selling the tools

Let Dark Web Facts (Not Hype) Inform Your Security Decisions

Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.  

Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.

• Dark Web activity has increased by 300% in the last 3 years.
• Over 30% of North Americans access the dark web regularly.
• In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
• More than 22 billion new records were added to the dark web in 2020
• Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
• An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
• About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
• The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
• Hackers attack every 39 seconds, on average 2,244 times a day.
• 60% of the information available on the Dark Web could potentially harm enterprises.

 

What’s For Sale on the Dark Web?

In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games. In a recent breakdown of activity in popular dark web forums, researchers noted:

• An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
• Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
• Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
• About 7% of forum posts were ads for hackers looking for work.
• 2% of forum posts were made by cybercriminal developers who were selling the tools

The surge in cybercrimes against businesses during the COVID-19 pandemic proved how flexible cyber players are. Remember that it could happen to any organization, including yours, if you do not arm your business with robust backup and regular security awareness training.

It’s alarming that phishing shot up by 67% since the start of the pandemic. Initially, when this turn of events stunned the world and businesses struggled to adapt to the new normal, hackers pretending to be the World Health Organization (WHO) duped people into clicking on malicious links or sharing sensitive information. Such evil tricks, if not tackled, can easily violate your business network and lead to a terrible disaster, compromising invaluable data.

For instance, in November 2020, the Internal Revenue Services (IRS) issued a warning regarding an SMS-based phishing scam through which hackers cheated citizens in the name of a 'Covid-19 TREAS FUND'. When someone clicked on the link , they were redirected to a website identical to www.irs.gov which collected their data. This scam is just the tip of an iceberg of phishing scams that unfurled in 2020. What if one of your employees fell prey to such a scam? A careless mistake like that could result in a successful cyber attack on your business that can have severe repercussions. Data loss, downtime, hefty penalties, lawsuits or even permanent closure.

The sudden appearance of COVID-19 caused a sense of panic among businesses. With the virus spreading like wildfire, the work-from-home model was the only available option to maintain a safe working environment. However, the unprecedented scale of remote work has endangered the security of several businesses, including yours. If you do not fix the gap between the preparedness and efficacy of your backup and security defenses, data loss could just be the first of many problems you could face.

Why Backups and Security Awareness Training Matter?

Backups can be a lifesaver for your business by protecting your valuable data from being deleted or altered by cybercriminals. Although the pandemic acted as a catalyst for backup adoption, only 41% of businesses back up their data at least once a day. That is not a very healthy practice and you must make sure proper policy development, regular testing and continual reviews fuel your backup strategy.

Other than protecting your sensitive data, backups can help reduce severe downtime. They also improve your business’ reputation and act as a single access point for your entire database.

Even if you have all your backups in order, a negligent employee can still be a threat to your business data. In 2020, the San Jose Federal Court convicted an employee from a global MNC for carelessly deleting business-sensitive data. Thus, the only way to tackle the factor of human error is through regular security awareness training.

Always bear in mind that backups and security awareness training are equally important when it comes to your business successfully warding off cyberattacks that can result in downtime, data loss and more. Selecting one over the other can dilute your business’ counter-threat strategy. By implementing a robust backup and regular security awareness training, your business can deal with harsh times as well as cyberthreats that exploit such difficult periods.

Empower Your Business Now

If there’s one lesson the pandemic has taught businesses, it’s that it’s better to be safe than sorry. The business world is at a critical juncture and your proactive approach can make or break your business’ future. While a world without cybercriminals would be great, such a utopian world unfortunately does not exist. The only way forward is through the implementation of strategies to protect your business data, processes, systems and people. And for that, you must empower your business by integrating backups and comprehensive security awareness training.

Remember, you don’t have to take the first step to a safer tomorrow alone. The right partner by your side can make your journey easier and more successful. It all begins with a simple email to us. Get in touch today!

 
Article curated and used by permission.

Data Sources:

• Security Magazine Verizon Data Breach Digest
• Security Magazine
• Help Net Security Magazine
• Bloomberglaw.com

The surge in cybercrimes against businesses during the COVID-19 pandemic proved how flexible cyber players are. Remember that it could happen to any organization, including yours, if you do not arm your business with robust backup and regular security awareness training.

It’s alarming that phishing shot up by 67% since the start of the pandemic. Initially, when this turn of events stunned the world and businesses struggled to adapt to the new normal, hackers pretending to be the World Health Organization (WHO) duped people into clicking on malicious links or sharing sensitive information. Such evil tricks, if not tackled, can easily violate your business network and lead to a terrible disaster, compromising invaluable data.

For instance, in November 2020, the Internal Revenue Services (IRS) issued a warning regarding an SMS-based phishing scam through which hackers cheated citizens in the name of a 'Covid-19 TREAS FUND'. When someone clicked on the link , they were redirected to a website identical to www.irs.gov which collected their data. This scam is just the tip of an iceberg of phishing scams that unfurled in 2020. What if one of your employees fell prey to such a scam? A careless mistake like that could result in a successful cyber attack on your business that can have severe repercussions. Data loss, downtime, hefty penalties, lawsuits or even permanent closure.

The sudden appearance of COVID-19 caused a sense of panic among businesses. With the virus spreading like wildfire, the work-from-home model was the only available option to maintain a safe working environment. However, the unprecedented scale of remote work has endangered the security of several businesses, including yours. If you do not fix the gap between the preparedness and efficacy of your backup and security defenses, data loss could just be the first of many problems you could face.

Why Backups and Security Awareness Training Matter?

Backups can be a lifesaver for your business by protecting your valuable data from being deleted or altered by cybercriminals. Although the pandemic acted as a catalyst for backup adoption, only 41% of businesses back up their data at least once a day. That is not a very healthy practice and you must make sure proper policy development, regular testing and continual reviews fuel your backup strategy.

Other than protecting your sensitive data, backups can help reduce severe downtime. They also improve your business’ reputation and act as a single access point for your entire database.

Even if you have all your backups in order, a negligent employee can still be a threat to your business data. In 2020, the San Jose Federal Court convicted an employee from a global MNC for carelessly deleting business-sensitive data. Thus, the only way to tackle the factor of human error is through regular security awareness training.

Always bear in mind that backups and security awareness training are equally important when it comes to your business successfully warding off cyberattacks that can result in downtime, data loss and more. Selecting one over the other can dilute your business’ counter-threat strategy. By implementing a robust backup and regular security awareness training, your business can deal with harsh times as well as cyberthreats that exploit such difficult periods.

Empower Your Business Now

If there’s one lesson the pandemic has taught businesses, it’s that it’s better to be safe than sorry. The business world is at a critical juncture and your proactive approach can make or break your business’ future. While a world without cybercriminals would be great, such a utopian world unfortunately does not exist. The only way forward is through the implementation of strategies to protect your business data, processes, systems and people. And for that, you must empower your business by integrating backups and comprehensive security awareness training.

Remember, you don’t have to take the first step to a safer tomorrow alone. The right partner by your side can make your journey easier and more successful. It all begins with a simple email to us. Get in touch today!

  Article curated and used by permission. Data Sources:

• Security Magazine Verizon Data Breach Digest
• Security Magazine
• Help Net Security Magazine
• Bloomberglaw.com