Learn from Cybersixgill’s threat experts about the critical threats that could impact your organization and the bad actors behind them. Each story reveals the underground activity, the threat actors involved, why you should care, and what you can do to mitigate the risks.
The Deep Web and Dark Web, also known as the cybercriminal underworld, are where malicious actors congregate to exchange plans, sell goods and services, and recruit others to collaborate in their illegal activities. It is often in these spaces that threat actors reveal their intentions before launching an attack, so understanding how it works and what information it provides is important to proactively protect your environment from attacks.
Current state of the underground in 2024
Our annual Underground situation in 2024 is an in-depth report that sheds light on the evolving cybercrime underworld and explores the trends and behaviors observed in the depths of the dark web in 2023. Compiled by Cybersixgill’s cyber threat intelligence experts, this comprehensive analysis provides valuable insights into the tactics, techniques and technologies used by threat actors around the world. Topics covered in the report include:
- Trends in fraudulent credit cards
- Underground physical products
- Messaging platforms and underground forums
- Early Access Trends
- Malware and Ransomware Trends
The report concludes its analysis by looking back at Cybersixgill’s predictions for 2023 and assessing whether those predictions came true (or not) and how they impacted the cybersecurity landscape.
Click here for more information
Take a guided tour underground
Since the dark web is a hub where cybercriminals exchange tools, information, and services, dark web threat intelligence is crucial for businesses as it provides an uncensored view of the current cybercrime landscape and trends. Deep and dark web sources are difficult to access as they are not indexed and require an exact URL. Data is constantly being posted to these underground sites, ranging from credit card information and data dumps to compromised endpoints, malicious programs, and narcotics. Michael-Angelo Zummo, Cyber Threat Intelligence Analyst at Cybersixgill, explains how to access the dark web and guides us through this hidden world.
Click here to watch
Inside the Mind of a Hacker
If you’ve ever wondered what life is like for a threat actor in the cybercrime underground, this webinar is for you! In this webinar, our experts will provide a rare look into how a hacker thinks and the tools they use to carry out their malicious activities. Using the Cyber Kill Chain framework, we’ll map the stages of a successful cyber attack and delve into how hackers think, how they infiltrate and exploit networks, and what motivates them.
Click here for details
Wholesale access market: a ransomware victim
The first stage of an active cyber attack is to gain initial access to gain a foothold in a network. Because this step is difficult, many attackers purchase network access from experienced threat actors. Two main types of access services are available in the underground: Initial Access Brokers (IABs) and Wholesale Access Markets (WAMs). IABs auction access to companies for hundreds to thousands of dollars, while WAMs sell access to compromised endpoints for around $10.
WAMs are like a flea market with low prices, huge inventory, and low quality (as the listings could belong to random individual users or enterprise endpoints). Yet, they can play a big role in how threat actors launch ransomware attacks. Our research provides an analysis of SaaS logins in WAM listings and explains how threat actors can link the listings to enterprises. In other words, WAM postings often list resources that have compromised endpoints connected to them, potentially revealing major vulnerabilities for enterprises. Systems for sale that log onto enterprise software (e.g., Slack or Jira) likely belong to organizations whose names are frequently mentioned in the URL.
Click here for details
To learn more about Cybersixgill’s deep dark web cyber threat intelligence, contact us and schedule a demo.