Companies and non-profits work hard to be good stewards of the sensitive data they collect from employees, customers, vendors, and external stakeholders. When those defenses are breached, and that security is compromised, companies are left feeling exposed and vulnerable – and the consequences can be devastating. Thinking about protected data as a commodity to be stolen, bought, and sold by threat actors makes that feeling of exposure so much worse.
Unfortunately, this scenario has become increasingly common, and the financial ramifications can be great. The global average total cost of a data breach in 2023 reached $4.45 million, a 15.3% increase from numbers reported in 2020†.
The first installment of this article series explored the ways in which cybercriminals exploit public-facing information to refine their attacks on individuals or companies. In this article, you’ll gain insight into what happens to your data once it is stolen and what you can do to help protect yourself, your employees, and your organization.
What is the dark web?
The majority of content on the internet can’t be found using your traditional search engine. Much of that unavailable content might be information behind a private search engine or paywall, or may require account login credentials. A smaller percentage, though, is illegal content that can only be accessed using special web browsers.
The deep web contains more than 90% of all online content‡. It’s private and not accessible using search engines. Examples of content here include electronic health records, emails, social media messages, and information behind a paywall.
The dark web goes a layer further and includes encrypted, illegal content that can be accessed anonymously by using special web browsers.
What is available on the dark web?
The dark web operates anonymously, providing a wide variety of services and content to its users, some circumventing or disregarding legality. While not all content on the dark web is explicitly illegal, the dark web is home to a thriving marketplace of stolen data, credentials, network access, and personal protected information (PPI).
- Stolen Personal Information: The dark web is a thriving marketplace for stolen personal information, including sensitive data such as social security numbers, driver's license details, and credit card information.
- Fraud Networks: Fraudsters can collaborate, share knowledge, and exchange stolen information to carry out fraudulent activities.
- Insider Threats & Data Leaks: Disgruntled employees or cybercriminals with access to sensitive information can sell it on the dark web. One recent example of this was at the end of 2022, when more than 400 million X accounts were put up for sale by cybercriminals on the dark web following a breach§.
- Cyber Threats and Ransomware: Cybercriminals leverage dark web marketplaces to buy and sell hacking tools, malware, and ransomware.
Accessing the dark web to purchase this information allows cybercriminals to outsource the tedious task of stealing credentials or working their way in themselves.
The same report found VPN and Remote Desktop Protocol (RDP) were the most common types of corporate network accesses advertisedⱢ.
What is stolen data worth on the dark web?
Cybercriminals wouldn’t go to the trouble of stealing, selling, or trading data if it wasn’t profitable. But just how much is that stolen data worth? Prices across the dark web are continuously monitored, and they fluctuate just like every market.
Here is a snapshot of the average price of stolen data on the dark webⱠ:
|Average Price in USD
|Stolen Online Banking Logins (minimum $2k in the account)
|Hacked Gmail Account
|LinkedIn Company Page with 1,000 Followers
|Cloned Credit Card with PIN (As of December 2022, an estimated 7.5 million credit cards were available on the Dark Web)
|Email Database Containing 10 Million U.S. Email Addresses
The Privacy Affairs website maintains a dark web price index. You can access it here to find additional prices for stolen data.
Did any of these prices surprise you? Demand for stolen credentials is high, as evident by the number of cyberattacks launched using stolen data. A 2023 Data Breach Investigations Report found stolen credentials were used in 31% of reported cybersecurity breaches††. Since demand is high, the relatively low cost of this information gives a hint into how much stolen data must be available. The sheer volume of data available to be purchased has driven costs down, which is supported by the findings from a 2022 survey of the threat landscape‡‡.
How can I help protect my company if our data is on the dark web?
Knowing if your information is on the dark web is a critical component of protecting yourself from threats. Leverage dark web or identity monitoring tools to help find leaked or stolen information that is being shared and sold among cybercriminals operating on the dark web.
- There are online data breach tools that allow you to determine if any passwords, usernames, or other account information has been exposed in data breaches. Checking these sites is often the first step in discovering if your credentials have been compromised.
- If an account of yours has been stolen or leaked, such as an email or social media account, identify which username and password was connected to it. Pay close attention to whether the compromised password is one you frequently reuse or iterate on (changing the numbers at the end, for example). Immediately change any passwords that might have been compromised.
- Determine whether the compromised account credentials (username or password) is connected to any other account. Threat actors can collect these credentials and target you through other associated accounts.
Other protective measures can include:
- Implement security scanning tools to detect and manage vulnerabilities and help lower the risk of network and equipment compromise.
- Enable enhanced authentication processes, such as multi-factor authentication (MFA) and enforce strong password practices within your company.
- Cybercriminals often target employees within an organization to carry out attacks. Deliver regular cybersecurity training to raise awareness of common tactics, including business email compromise (BEC), email phishing, and vishing and smishing.
Remaining vigilant against cyber threats and raising awareness of the risks with your company can help prevent costly data breaches. For more information on implementing best practices and security controls to increase cybersecurity defenses, reach out to your relationship manager or contact our team through the link below.