• Databases dominate the information shared on Dark Web forums, making up 51.16% of posts. Access-related content, including sales and shares, follows at 29.65%, while website attacks like defacements and DDoS comprise 7.56% of posts.
• U.K. businesses face a majority of targeted cyberattacks, with 66.3% of incidents specifically aimed at U.K. organizations. The remaining 33.7% involve U.K. institutions due to shared systems, even though they are not the direct target.
• Threat actors targeting the U.K. are primarily selling stolen data and tools. Sales-related posts represent 58.14% of activity, while Sharing and Hack Announcements account for 30.23% and 11.05%, respectively.
• Retail is the most targeted industry in the U.K., with 14.29% of Dark Web posts related to it. The Finance and Insurance sector ranks second at 11.15%, followed by Electronic Shopping and Mail-Order Houses, also at 11.15%.
• SOCRadar’s research reveals a common usage of generic, non-sophisticated phishing pages. The presence of “-” titled pages indicates that threat actors are using less refined tactics for these attacks.

This report underscores the evolving nature of cyber threats in the U.K., particularly as geopolitical conflicts influence malicious activity. Understanding these trends can help organizations strengthen their defenses against increasingly targeted attacks. Download the Full Report to gain deeper insights into the cyber impact of the Russia-Ukraine war on the United Kingdom.