3 Reasons to Worry About the Dark Web
Yes, You Should Still be Nervous About Threats from the Dark Web
Cyberattack danger is ramping up for organizations in every sector as the world grows more technology-dependent and interconnected. Shifting circumstances due to tumultuous world events are giving the bad guys golden opportunities to profit from cybercrime, and they’re not hesitating to act. Just like any other business, cybercrime outfits have been evolving their business models to maximize their growth opportunities and making adjustments to their strategies because of market fluctuations, industry innovation and world events. But unlike legitimate businesses, their market is the dark web, and their organization’s success always requires another organization’s failure. Although the dark web may not be as buzzed-about as it was a few years ago, the danger it presents to businesses hasn’t decreased.
Excerpted in part from the new eBook The Dark Web Monitoring Buyer’s Guide for Businesses
Do you need best-in-class dark web monitoring? This checklist gives you the answer. GET CHECKLIST>>
Today’s Organizations Face a Dark Cybercrime Landscape
The cradle of cybercrime, the dark web is where some of the nastiest existential threats to organizations get their start including ransomware, hacking and phishing. It’s also the marketplace that bad actors use to source assets for cyberattacks like credentials and malware. In a world of economic uncertainty, cybercrime is a sector that’s booming, and that isn’t good news for anyone but the bad guys. Take a look at a few compelling reasons why keeping an eye on potential risks emerging from the dark web is always a smart move.
1. The Dark Web is Hopping
Dark web activity has steadily grown in the last two years. While not everyone using the dark web is doing so for nefarious purposes, it’s safe to say that’s exactly what many dark web users are up to. Take a look at traffic patterns on The Onion Router (TOR), the most popular dark web browser.
TOR…
- Counts about 3 million active users daily.
- Had about 1.5 million daily active users in January 2020
- Hosts an estimated 30,000 dark web websites
Where in the World Are Dark Web Users?
| Country | Mean daily users | % of Total |
| Russia | 35546 | 46.98 % |
| United States | 7128 | 9.42 % |
| Germany | 3372 | 4.46 % |
| Iran | 2639 | 3.49 % |
| France | 1925 | 2.54 % |
| Netherlands | 1864 | 2.46 % |
| United Kingdom | 1765 | 2.33 % |
| China | 1427 | 1.89 % |
| Belarus | 1342 | 1.77 % |
| India | 1331 | 1.76 % |
Source: https://metrics.torproject.org/userstats-bridge-table.html
Security and compliance training pays amazing dividends. Get tips to run an effective program with our how-to guide! GET GUIDE>>
2. It’s Easy to Buy and Sell Credentials on the Dark Web
Credentials are a hot commodity on the dark web. While most username and password pairs hit the market through data breaches, it pays for organizations to remember that bad actors don’t always come from outside. Malicious insider actions like selling credentials result in an estimated 25% of data breaches. The more privileged a user credential, the more damage it can cause in the wrong hands. Highly privileged or super malicious insiders know the capabilities of their employer’s security measures and security team and how to manipulate or bypass automated and software-based security measures to avoid detection. The super malicious insider accounted for 32% of malicious insider incidents investigated in 2021. Data volume transacted on the dark web grew in 2021. Keeping an eye out for users selling their credentials in the booming dark web markets is a power move for reducing risk.
- An average legitimate corporate network credential sells for around $3,000.
- Legitimate privileged user credentials can go for as much as $120,000.
How Much Does Information Sell for On the Dark Web?
It is incredibly easy and affordable for bad actors to get their hands on sensitive information that enables them to conduct effective cyberattacks, steal identities and carry out other criminal operations. Just like any other marketplace, prices on the dark web for things like data, malware or hacking services are constantly in flux. This snapshot offers an idea of what services and commodities sell for on the dark web and how those prices fluctuate.
| Credit card details, account balance up to $5,000 | $120 |
| Stolen online banking login, minimum 2,000 on account | $65 |
| Cashapp verified account | $800 |
| PayPal transfers from stolen account, $100-$1,000 balance | $15 |
| Hacked Coinbase verified account | $120 |
| Hacked Uber account | $15 |
| Minnesota driver’s license | $150 |
| French Passport | $3800 |
| Malware, Premium quality, per 1,000 installs | $5500 |
| DDoS attack, Unprotected website, 10-50k requests per second, 24 hours | $45 |
Source: Privacy Affairs
Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>
3. Dark Web Credential Exposure is a Gateway to Disaster
User credentials are the key that unlocks the door to an organization’s systems and data, making credential compromise a fast path to a data breach or worse. An estimated 60% of data breaches involved the improper use of credentials in 2021. Unfortunately, it’s far too easy for bad actors to get their hands on credentials. An estimated 15 billion unique logins are circulating on the dark web right now, and the average organization is now likely to have 17 sets of login details exposed on the dark web. Even credentials belonging to 133,927 C-level Fortune 1000 executives are accessible in dark web markets.
One big reason why it pays to maintain awareness of potential credential exposure on the dark web is that the risk just keeps growing. There has been a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web since 2020. Adding fuel to the fire, people just will not stop reusing and recycling passwords, frequently reusing the same ones between their business and personal accounts. A whopping 82% of workers admitted sometimes reusing the same passwords and credentials. That propensity to reuse passwords increases credential compromise risk for their employers, because every reuse is an opportunity for that password to become compromised. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused.
The 20 Most Common Passwords Found on the Dark Web
- 123456
- 123456789
- Qwerty
- Password
- 12345
- 12345678
- 111111
- 1234567
- 123123
- Qwerty123
- 1q2w3e
- 1234567890
- 000000
- DEFAULT
- Abc123
- 654321
- 123321
- Qwertyuiop
- Iloveyou
- 666666
Source: CNBC
Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>
Protection from Credential Compromise Surprises is Essential
Dark web monitoring with the award-winning Dark Web ID helps organizations find and fix credential compromises before the bad guys have a chance to strike.
- 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses
- Uncover compromised credentials in Dark Web markets, data dumps and other sources, and get fast alerts to new ones
- An easy-to-use, automated monitoring platform that deploys in minutes and gets to work immediately, with SaaS or API options available
Schedule your demo of Dark Web ID today. BOOK IT>>
Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!