Learn about the critical threats that can affect your organization and the criminals behind them from Cybersixgill’s threat experts. Each story sheds light on the underground activity, the threat actors and why you should care, and what you can do to reduce your risk.
The deep and dark web, also known as the cybercriminal underground, is where criminals gather to share plans, sell goods or services, and recruit others to help with their illegal activities. Understanding how it functions and what information it offers is critical to proactively protecting your environment from attacks, as it is in these spaces that threat actors often reveal their intentions before launching an attack.
State of underground 2024
Our annual State of underground 2024 is an in-depth report that sheds light on the evolving underworld of cybercrime by examining the trends and behaviors observed on the deep dark web through 2023. Compiled by Cybersixgill’s cyber threat intelligence experts, this comprehensive analysis provides valuable insight into the tactics, techniques and technology used by threat actors around the world. Topics covered in the report include:
- Compromised credit card trends
- Physical products on the subway
- Messaging platforms and underground forums
- Initial access trends
- Malware and ransomware trends
The report concludes its analysis with a look at Cybersixgill’s predictions for 2023, assessing whether these predictions have come true (or not) and what impact they have had on the cybersecurity landscape.
Take a subway tour
Since the dark web is a hub for cybercriminals where they share tools, information and services, dark web threat intelligence is critical for companies as it offers an unbiased view of today’s cybercrime landscape and trends. Accessing deep web and dark web sources is difficult as they are not indexed and require exact URLs. These underground sites are constantly publishing data, from credit card information and data dumps to compromised endpoints, malware and drugs. Join Cybersixgill cyber threat intelligence analyst Michael-Angelo Zuma as he demonstrates how to access the dark web and offers a guided tour of this hidden world.
In the head of a hacker
If you’ve ever wondered what life is like as a threat actor in the cybercriminal underground, you’ll want to watch this webinar. In it, our experts provide a rare glimpse into the mind of a hacker and the tools they use to carry out malicious activities. Using the Cyber Kill Chain framework to map the stages of a successful cyber attack, the discussion delves into how hackers think, their methods of penetrating and exploiting networks, and their motivations for doing so.
Wholesale access markets: a breeding ground for ransomware
The first step in an active cyber attack is to gain initial access to gain a foothold in the network. This step is not easy, so many would-be attackers buy network access from skilled threat actors. There are two main types of access-as-a-service available in Metro: Initial Access Brokers (IABs) and Wholesale Access Markets (WAMs). IABs auction access to companies for hundreds to thousands of dollars, while WAMs sell access to compromised endpoints for around $10.
WAMs are like flea markets with low prices, huge inventory, and low quality (as listings can be owned by random individual users or enterprise endpoints). However, they can play a large role in how threat actors launch ransomware attacks. Our research provides an analysis of SaaS logins to WAM lists and describes how threat actors can attribute the list to an enterprise. In other words, WAM messages often list the resources to which the compromised endpoint is connected, which can reveal a major vulnerability for enterprises. Systems sold as part of enterprise software (such as Slack or Jira) are believed to belong to the organization whose name is often mentioned in the URL.
To learn more about cyber threat intelligence on Cybersixgill’s deep dark web, contact us to schedule a demonstration.