Please fill in the form below to subscribe to our blog

3 Reasons to Worry About the Dark Web

April 21, 2022

Yes, You Should Still be Nervous About Threats from the Dark Web 

Cyberattack danger is ramping up for organizations in every sector as the world grows more technology-dependent and interconnected. Shifting circumstances due to tumultuous world events are giving the bad guys golden opportunities to profit from cybercrime, and they’re not hesitating to act. Just like any other business, cybercrime outfits have been evolving their business models to maximize their growth opportunities and making adjustments to their strategies because of market fluctuations, industry innovation and world events. But unlike legitimate businesses, their market is the dark web, and their organization’s success always requires another organization’s failure. Although the dark web may not be as buzzed-about as it was a few years ago, the danger it presents to businesses hasn’t decreased.  

Excerpted in part from the new eBook The Dark Web Monitoring Buyer’s Guide for Businesses

Do you need best-in-class dark web monitoring? This checklist gives you the answer. GET CHECKLIST>>

Today’s Organizations Face a Dark Cybercrime Landscape 

The cradle of cybercrime, the dark web is where some of the nastiest existential threats to organizations get their start including ransomware, hacking and phishing. It’s also the marketplace that bad actors use to source assets for cyberattacks like credentials and malware. In a world of economic uncertainty, cybercrime is a sector that’s booming, and that isn’t good news for anyone but the bad guys. Take a look at a few compelling reasons why keeping an eye on potential risks emerging from the dark web is always a smart move. 

1. The Dark Web is Hopping 

Dark web activity has steadily grown in the last two years. While not everyone using the dark web is doing so for nefarious purposes, it’s safe to say that’s exactly what many dark web users are up to. Take a look at traffic patterns on The Onion Router (TOR), the most popular dark web browser.  


Where in the World Are Dark Web Users? 

Country   Mean daily users   % of Total 
Russia 35546 46.98 % 
United States 7128 9.42 % 
Germany 3372 4.46 % 
Iran  2639 3.49 % 
France  1925 2.54 % 
Netherlands 1864 2.46 % 
United Kingdom 1765 2.33 % 
China 1427 1.89 % 
Belarus 1342 1.77 % 
India  1331 1.76 % 


Security and compliance training pays amazing dividends. Get tips to run an effective program with our how-to guide! GET GUIDE>>

2. It’s Easy to Buy and Sell Credentials on the Dark Web 

Credentials are a hot commodity on the dark web. While most username and password pairs hit the market through data breaches, it pays for organizations to remember that bad actors don’t always come from outside. Malicious insider actions like selling credentials result in an estimated 25% of data breaches. The more privileged a user credential, the more damage it can cause in the wrong hands. Highly privileged or super malicious insiders know the capabilities of their employer’s security measures and security team and how to manipulate or bypass automated and software-based security measures to avoid detection. The super malicious insider accounted for 32% of malicious insider incidents investigated in 2021. Data volume transacted on the dark web grew in 2021. Keeping an eye out for users selling their credentials in the booming dark web markets is a power move for reducing risk. 

  • An average legitimate corporate network credential sells for around $3,000.  
  • Legitimate privileged user credentials can go for as much as $120,000.   

See the top 5 risks businesses face from nation-state cybercrime and how to stay out of trouble. GET LIST>>

How Much Does Information Sell for On the Dark Web? 

It is incredibly easy and affordable for bad actors to get their hands on sensitive information that enables them to conduct effective cyberattacks, steal identities and carry out other criminal operations. Just like any other marketplace, prices on the dark web for things like data, malware or hacking services are constantly in flux. This snapshot offers an idea of what services and commodities sell for on the dark web and how those prices fluctuate. 

Credit card details, account balance up to $5,000$120
Stolen online banking login, minimum 2,000 on account$65
Cashapp verified account$800 
PayPal transfers from stolen account, $100-$1,000 balance$15 
Hacked Coinbase verified account $120 
Hacked Uber account$15 
Minnesota driver’s license$150 
French Passport$3800 
Malware, Premium quality, per 1,000 installs $5500
DDoS attack, Unprotected website, 10-50k requests per second, 24 hours$45 

Source: Privacy Affairs 

Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>

3. Dark Web Credential Exposure is a Gateway to Disaster 

User credentials are the key that unlocks the door to an organization’s systems and data, making credential compromise a fast path to a data breach or worse. An estimated 60% of data breaches involved the improper use of credentials in 2021. Unfortunately, it’s far too easy for bad actors to get their hands on credentials. An estimated 15 billion unique logins are circulating on the dark web right now, and the average organization is now likely to have 17 sets of login details exposed on the dark web. Even credentials belonging to 133,927 C-level Fortune 1000 executives are accessible in dark web markets. 

One big reason why it pays to maintain awareness of potential credential exposure on the dark web is that the risk just keeps growing. There has been a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web since 2020. Adding fuel to the fire, people just will not stop reusing and recycling passwords, frequently reusing the same ones between their business and personal accounts.  A whopping 82% of workers admitted sometimes reusing the same passwords and credentials. That propensity to reuse passwords increases credential compromise risk for their employers, because every reuse is an opportunity for that password to become compromised. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused. 

The 20 Most Common Passwords Found on the Dark Web  

  • 123456  
  • 123456789  
  • Qwerty  
  • Password  
  • 12345  
  • 12345678  
  • 111111  
  • 1234567  
  • 123123  
  • Qwerty123  
  • 1q2w3e  
  • 1234567890 
  • 000000 
  • Abc123  
  • 654321  
  • 123321  
  • Qwertyuiop  
  • Iloveyou  
  • 666666 

Source: CNBC 

Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>

Protection from Credential Compromise Surprises is Essential 

Dark web monitoring with the award-winning Dark Web ID helps organizations find and fix credential compromises before the bad guys have a chance to strike.  

  • 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses 
  • Uncover compromised credentials in Dark Web markets, data dumps and other sources, and get fast alerts to new ones 
  • An easy-to-use, automated monitoring platform that deploys in minutes and gets to work immediately, with SaaS or API options available 

Schedule your demo of Dark Web ID today. BOOK IT>> 

Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!