Unidentified attackers have apparently unlimited resources, pressuring security authorities to regularly evaluate all aspects of their security strategy. People, procedures and technology must be examined in order to guarantee that every important component is optimized in the struggle against current attacks. But just a defense effort without a thorough understanding of cyber threats won’t stop data breaches.
CTI is a key component in the security program of a company. CTI, when appropriately utilized, allows companies to adopt decisive actions to safeguard their users, data and their reputation in the event they are adequately informed about security and business decisions.
The Dark Web is a concealed, undetectable sector of the Web that offers a fertile environment for international illicit operations. It is not only to sell illegal substances and arms, but to sell your stolen information or threats for company and customers.
Dark web monitoring allows you to monitor and get online notifications for your private business information on the Dark Web. The information you wish to be tracked is controlled by you. If this material is available on the Dark Web, you will get an alert immediately by e-mail. Getting sensitive information from the Dark Web is critically important, especially nowadays.
SOCRadar analysts constantly monitor and analyze the Dark Web and publish a report with interesting statistics. May 2021 edition is no different. It is full of useful information.
According to the study, 377 global threats were mentioned in the Dark Web in May. Using data from SOCRadar DarkMirror, the figure below shows the countries that have the greatest number of Deep Web threats.
Figure 1 – The list of the countries that have the greatest number of Deep Web threats
The U.S. comes in first place, with 241 threats. One of the main reasons for this is Russian hackers keep exploiting bugs in commonly used systems to infiltrate sensitive data from American organizations. India and the UK follow the USA.
Based on the study the top Dark Web threat is data breach. A data breach may involve personal health information (PHI), personally identifiable information (PII), trade secrets or other confidential information. In May, 50,1% data leak was about customer data leak. 17,7% was SQL dump, 16,4% sensitive data leak, 13,7% customer database leak, 1,8% employee data leak, 0,2% stealer logs leak. 36% Dark Web posts share data (mostly customer data) for free.
Ransomware is one of the biggest challenges and security problems on the internet for all size organizations and it takes its route in a more dangerous and harmful direction. Its costs are forecast to reach a record $20 Billion by 2021. It was predicted by security researchers that in 2021, a ransomware attack will take place every 11 seconds.
SOCRadar analysts detected the most ransomware data on the Dark Web provided by one of the most active ransomware gangs, called “Conti”.
Figure 2 – Top Ransomware Contributors
Access control (or authorization) involves applying restrictions on who (or what) may attempt to perform or access the resources requested by them. Access control depends on authentication and session management in the context of online applications. In May, Admin Panel Access was one of the top access methods followed by network access, and RDP access.
Figure 3 – Top Access Methods
Government was at the top of the list for the most affected industries in May with 10,39%. It is obvious that cyberware between countries never stops. E-commerce is just right after the government sector with 9,81%. E-commerce security threats are causing havoc in online trading. The industry experiences up to 32.4% of all successful threats annually. Hackers usually target e-commerce store admins, users, and employees using a myriad of malicious techniques.
What happened on the Dark Web in May?
SOCRadar analysts monitored the Dark Web constantly, they detected and fed SOCRadar DarkMirror with hundreds of cyber events in May as well. Here are the couple of examples;
- Moscow Voting Database is on Sale
In a hacker forum monitored by SOCRadar, a new alleged online voting database sale is detected operating in Russia.
The constantly updated databases of subscribers of the "Smart Voting" project are on sale.
In the presence of a database of Moscow and the Moscow region.
The database contains the following fields: ip address, e-mail, place of permanent registration of the subscriber. On request, for an additional fee, it is possible to add the database with a field with the registration date.
- Customer Database of Minecraft is on Sale
In a hacker forum monitored by SOCRadar, a new alleged database sale is detected for Minecraft.
- Vietnam Database is on Sale
In a hacker forum monitored by SOCRadar, a new alleged database sale is detected in Vietnam.