Experts collected statistics on what data is stolen most often and how it ends up on the darknet.
In a world where every third business faces cybersecurity threats, the statistics of data leaks are alarming. A Kaspersky Lab study conducted in 2022-2023, covering 700 companies from various fields, including industry, telecommunications, finance and retail, showed that 223 of them were mentioned in dark markets in the context of data leaks.
Distribution of industries by darknet leaks (2022)
Kaspersky Lab focuses on three key threats: the sale of compromised accounts, internal databases and documents, and access to corporate infrastructures. According to Kaspersky Lab, about 1,700 messages appear on the darknet markets every month regarding the sale, distribution or purchase of data obtained as a result of leaks.
The study also shows that not every message represents a unique or relevant leak. Often these are repeated announcements about the same leaks, merging or splitting databases by country, as well as databases with public data, for example, from social networks. For example, in 2021, the personal data of more than 700 million LinkedIn users and 533 million Facebook users were stolen and published on the darknet.
One of the most popular types of data sold on the darknet is infrastructure access. In 2022, about 3,000 unique offers for the sale of this type of access were discovered, and by November 2023, their number exceeded 3,100. These accesses usually include accounts for a corporate VPN service and some servers or hosts on internal networks.
In addition, compromised accounts are an important category of data. Such data can be divided into three categories:
All three types of credential leaks pose a threat to companies because, despite bans, employees use corporate email addresses to register on third-party sites. In a typical scenario, employees use the same passwords for external services and corporate resources, which can help cybercriminals gain unauthorized access to corporate infrastructure.
It is worth noting that when a data leak is detected, there is no time to regret unrealized security measures. Rapid identification of threats and a competent incident response plan can neutralize the situation or at least reduce the damage. The article also provides guidance on responding to darknet-related incidents and an incident action plan.
In a world where every third business faces cybersecurity threats, the statistics of data leaks are alarming. A Kaspersky Lab study conducted in 2022-2023, covering 700 companies from various fields, including industry, telecommunications, finance and retail, showed that 223 of them were mentioned in dark markets in the context of data leaks.
Distribution of industries by darknet leaks (2022)
Kaspersky Lab focuses on three key threats: the sale of compromised accounts, internal databases and documents, and access to corporate infrastructures. According to Kaspersky Lab, about 1,700 messages appear on the darknet markets every month regarding the sale, distribution or purchase of data obtained as a result of leaks.
The study also shows that not every message represents a unique or relevant leak. Often these are repeated announcements about the same leaks, merging or splitting databases by country, as well as databases with public data, for example, from social networks. For example, in 2021, the personal data of more than 700 million LinkedIn users and 533 million Facebook users were stolen and published on the darknet.
One of the most popular types of data sold on the darknet is infrastructure access. In 2022, about 3,000 unique offers for the sale of this type of access were discovered, and by November 2023, their number exceeded 3,100. These accesses usually include accounts for a corporate VPN service and some servers or hosts on internal networks.
In addition, compromised accounts are an important category of data. Such data can be divided into three categories:
- public leaks that are freely distributed within the cybercrime community;
- restricted access leaks that are sold on hacker forums and in private chats. Sometimes these are just small databases containing unverified information that can even be generated;
- compromised user accounts obtained through malware
All three types of credential leaks pose a threat to companies because, despite bans, employees use corporate email addresses to register on third-party sites. In a typical scenario, employees use the same passwords for external services and corporate resources, which can help cybercriminals gain unauthorized access to corporate infrastructure.
It is worth noting that when a data leak is detected, there is no time to regret unrealized security measures. Rapid identification of threats and a competent incident response plan can neutralize the situation or at least reduce the damage. The article also provides guidance on responding to darknet-related incidents and an incident action plan.
