Business, Security

Demand for corporate data on the dark web growing at alarming rate

Brendyn Lotz

9th January 2024

Kaspersky has noticed a 16 percent increase in the amount of corporate data for sale on the dark web.
While some of the data is unique, there are many posts which aggregate data from a range of breaches into one “combolist”.
With it taking up to 207 days for a breach to be detected, cybercriminals could steal data and sell it before a company even knows it has been breached.

Rather than breaching a company and compromising it, cybercriminals are increasingly stealing data from companies and selling this data to other nefarious individuals.

Over the last two years, Kaspersky has found 40 000 dark web posts claiming to be selling data stolen from companies in cyberattacks. However, in 2023 this figure grew 16 percent compared to the two years prior.

Over the last year, Kaspersky Digital Footprint experts saw an average of 1 731 dark web messages about the sale, purchase, and distribution of stolen data. While some of the data for sale is legitimate, cybercriminals are taking chances.

Kaspersky notes that often, cybercriminals will repackage data gleaned from older breaches in what are dubbed combolists.

“Not every message on the dark web contains new and unique information. Some offers can be repetitive; for instance, when a malicious actor aims to quickly sell data, they may post it on different underground forums to reach a larger audience of potential criminal buyers. Moreover, certain databases might be combined and presented as new. For instance, there are ‘combolists’ – databases that aggregate information from various previously leaked databases, such as passwords for a specific email address,” explains Anna Pavlovskaya, expert at Kaspersky Digital Footprint Intelligence.

With this in mind, it’s vital that companies keep an eye on the dark web and monitor it for signs that confidential information has been leaked. Many cybersecurity firms – Kaspersky included – offer dark web monitoring as a service and it’s well worth investing in such a service.

This sort of service is especially important when one considers that the time it takes to detect a breach increased from 197 days in 2018 to 207 days in 2019. In that time a cybercriminal could hoover up your firm’s data, sell it to the highest bidder and then repackage it a few months later in a combolist before the company even knows it has been breached.

Of course, strong security policies can help mitigate some of the damage done in the event of an attack. Conduct regular training and assessments of the perimeter, be aware of the threats that lurk online and don’t think you’re immune to an attack. Cybercriminals are a crafty bunch and being able to fill out a combolist with details gleaned from a smaller company help them fetch higher prices.

[Image – Pete Linforth from Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.