Dark web market trends

January 2024 Information Security

Last year, Kaspersky experts witnessed a significant uptick in stealers and extortion activities on the dark web market. The company also anticipates new challenges, including a heightened presence of crypto-drainer services, increased promotion of fraudulent websites through search advertising, and a rise in malicious 'loaders'.

In the latest Kaspersky Security Bulletin (KSB), experts from the Global Research and Analysis Team and Kaspersky Digital Footprint Intelligence have compiled a comprehensive review of the past year and provided insights into emerging trends in the shadowy dark web market – a central hub for illicit services within the cybercriminal community.

2023 Highlights

Ransomware blog posts saw a surge: Ransomware actors typically create blogs for blackmailing companies, revealing new successful hacks of businesses or as a place to post stolen data. In 2022, there were around 386 monthly blog posts on public platforms and the dark web. In 2023, the average surged to 476, peaking in November (634 posts).

Personal and corporate credentials faced an escalating risk of leakage: The dark web market saw a rise in posts related to stealer malware, designed to pilfer sensitive information such as login credentials, financial details, and personal data. Cybercriminals sell this data to other malicious actors for identity theft, financial fraud, or other illicit activities.

Notably, posts offering Redline stealer logs, a popular malware family, tripled from an average of 370 per month in 2022 to 1200 in 2023. Overall, the volume of various malware log files, containing compromised user data and freely posted on the dark web, rose by almost 30% in 2023, compared to the previous year.

As Kaspersky looks ahead to 2024, several trends are expected to shape the landscape of dark web market:

Scammers will increasingly turn to search engine advertising to promote websites embedded with malware: Previously reliant on phishing emails, cybercriminals now employ Google and Bing ads to ensure their landing pages – embedded with malware – receive top positions in search results. Black traffic dealers are likely to escalate their sales activities in the underground market, and Kaspersky expects a continued rise in these deceptive practices.

Growing demand for crypto-drainer services: Crypto drainers, a category of malicious software engineered for the swift and automated withdrawal of funds from legitimate crypto wallets to malicious actors’ wallets, are gaining momentum among crypto scammers. Kaspersky forecasts a rise in demand for this kind of crypto-stealing malware, resulting in an increased prevalence of advertisements promoting its development and sale in the underground market. The sustained interest in cryptocurrencies, NFTs, and related digital assets is expected to fuel the proliferation of these drainers.

Apart from that, experts anticipate the following tendencies:

• The number of services providing AV evasion for malware (crypt) will increase.

• Loader malware services will continue to evolve.

• Bitcoin mixers and cleaning services will continue to evolve and exhibit dynamic market changes.

“Cybersecurity demands a proactive stance. Monitoring dark web market activities and trends is akin to peering into the enemy’s playbook, allowing early threat detection, understanding adversary tactics, and ensuring you are several steps ahead in terms of cyber defences. It is not just about protection; it is about mastering the evolving threat landscape to fortify against tomorrow’s risks and ensure the resilience of corporate security,” says Sergey Lozhkin, Principal Security Researcher, Global Research and Analysis Team (GReAT) at Kaspersky.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.

Surveillance and cybersecurity
Cathexis Technologies Information Security
Whether your business runs a security system with a handful of cameras or it is an enterprise company with thousands of cameras monitoring sites across a multinational organisation, you must pay attention to cybersecurity.

Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.