In Q1, Credit Unions nearly surpassed Banking Institutions as the top targeted industry on the dark web. Just under 36% of stolen card data on dark web platforms was linked to Credit Unions, marking the fourth consecutive quarter the industry has seen an increase in malicious activity.
Every quarter, Fortra’s PhishLabs analyzes hundreds of thousands of attacks targeting enterprises and our clients. In this blog, we identify the most recent threats on the dark web and who they are targeting by analyzing a sample set of client data representative of the underground landscape. PhisLabs defines the dark web in this article as the part of the web that cannot easily be indexed, and generally requires some technical obstacles to access.
Top Dark Web Threats
Q1 Dark Web Threats
Stolen Credit and Debit Card Data was the top threat to organizations in Q1, despite a decrease of 4.47% in activity from Q4. Card data consistently makes up the greatest volume of threats on the dark web, despite minor fluctuations in activity. In Q1, Credit and Debit Card Data contributed to 64.07% of all recorded threats.
The distribution of Fraud Tools also experienced a decline in Q1, with cybercriminals devoting 16.88% of their time advertising and exchanging malicious resources such as phish kits.
Corporate Credentials for Sale increased for the second consecutive quarter, growing nearly one percent over Q4. Corporate Credentials represented 7.54% of dark web threats. Consumer Credentials for Sale also grew in Q1, making up 6.88% of share of total volume.
Deposit Fraud increased in Q1, with 4.64% of share of volume.
Top Targeted Industries
Q1 Top Targeted Industries
Banks and Credit Unions were the top targeted industries on the dark web in Q1. While Banks made up 36.2% of share of total volume, dark web incidents targeting Credit Unions increased for the fourth consecutive quarter, nearly closing the gap between the two. Stolen card data associated with Credit Unions is considered valuable to cybercriminals, who have traditionally viewed these institutions as lacking the security resources to detect where compromised credentials may live.
Ecommerce jumped from the fifth most targeted to the third in Q1, after a 0.6% increase in dark web activity. Ecommerce represented just over 4% of abuse. The Telecommunications industry also jumped two spots after a similar spike, contributing to 3.5% of share of volume.
Other Financial Services rounded up the top five industries most abused despite experiencing a decrease of 3%. This is the largest decline of all industries in Q1.
Other top industries affected:
- Dating 3.05% (+3.05%)
- Computer Software 2.69% (-1.66%)
- Staffing & Recruiting 2.46% (+0.55%)
- Payment Services 1.65% (+1.65%)
Where Stolen Data is Marketed
Where Compromised Data is Marketed in Q1
Where malicious transactions occur on the dark web is subject to frequent change. Cybercriminals seek to avoid attention from authorities, and will often conduct exchanges where suspicious activity will accumulate the least amount of attention. Because of this, detection of compromised data is challenging for organizations to detect.
In Q1, the majority of malicious activity took place on Carding Marketplaces, with more than 44% of share of volume. This is the second consecutive quarter Carding Marketplaces have claimed the top spot.
Chat-Based Services were the second most popular, representing 21% of malicious exchanges. Both Chat-Based Services and Carding Marketplaces experienced slight declines in share of volume.
Account Marketplaces saw an increase of 2% in Q1, nearly tying Chat-Based Services with just under 20% of share of volume. Activity on Forums also grew, representing 14.26% of activity.
The popularity of Traditional Marketplaces declined in Q1, with less than a percent of share of activity occurring in these spaces.
Detecting relevant threats on the dark web is challenging, and a lack of visibility into underground spaces can leave sensitive information exposed. While compromised information is a threat in itself, cybercriminals can also use stolen data to spin up additional attacks, causing further damage to vulnerable organizations. In order to protect against dark web threats, security teams should understand the types of threats that pertain to their organization, the platforms they may live on, and continuously monitor for suspicious activity.