Personal and company data are always one click away from cybercriminals’ grasp. But once data has been robbed, where does it go, and next, what happens? Well, the answer is simple—the dark web. The deep web stolen data is often found in the dark web world, where it is sold, traded, exploited, and powers the global cybercrime economy. In this post, we will explore the lifecycle of the stolen data and how threat actors exploit leaked information.
The Lifecycle of Deep Web Stolen Data
The data is first obtained from somewhere. Most of the data is obtained via the surface web and the deep web through hacks or breaches. However, some of the cases involve insiders misusing the access. But in the end, it hits the dark web while being through several hands. Here we have the detailed journey of data from being stolen to trading in the dark web market.
First: Data is Compromised
The data is stolen in multiple methods. It is the main objective for many threat actors and cybercriminal groups. Here are the methods by which the data can be compromised.
- Malicious software
Malware and trojans can take cover within networks and devices, withdraw data, and evade detection.
- Unauthorized Access
Account compromise attacks are accomplished through brute force attacks, credential theft, phishing, or social engineering. It offers the keys to the kingdom, specifically if organizations are not limiting account privileges or permissions.
- Vulnerability Exploits
The explosion of SaaS apps has increased the attack surface of any given organization significantly, making susceptibility management a loftier challenge. It means threat actors have an easier time misusing known vulnerabilities to negotiate with organizations and their data.
Usually, threat actors encrypt the data, shutting the person or a company out of their own network or resources. But now, threat actor groups are threatening to leak and expose sensitive data, knowing it could lead to further reputational, legal, and financial damage.
This new method is largely why the rate and cost of ransomware expenses have been progressively growing over the last decade. Once threat actors have their hands on data, they can now make money with it. However, in many cases, the deep web stolen data go to the dark web.
Second: Earn from Stolen Data on the Dark Web and Surface Web
Stolen data tends to filter down through communities; in the end, it lands in open forums or large dark web marketplaces. The data is traded in these places:
- Traded between close contacts or sold to known customers.
- Posted for sale in locked forums with high barriers to access.
- Posted for sale in locked forums with lower barriers to access.
- Posted for sale on multi-good dark web marketplaces like Elysium, Ares, and DrugHub.
- Posted for free on forums.
- Posted for free on the paste site.
In all these places the stolen data is sold and sold back, traded and re-traded, and repackaged many times.
How Dark Web Facilitates the Deep Web Stolen Data
The dark web is the hidden part of the internet that sells data like personal data, credit card information, Social Security numbers, login credentials, Govt or military data, or bulk data from a company negotiation. Threat actors go to sell deep web stolen data, sell access to stolen data, or sell access to negotiated accounts or companies.
Almost 70 percent of attacks result in payments, so access to a company can result in more attacks. With such a big payment rate, threat actors are highly prompt to monetize that access because it is an easy sell. However, it depends on what stolen data is being sold. It can be presented at a fixed market price or sold via an auction to the highest purchaser. The dark web has evolved and become more efficient and frictionless to use, enabling transactions and further incentivizing data stealing.
For Instance,
Payment is not required to enter the darknet market, removing a barrier for anyone who wants to access the dark web from scratch. The rise of cryptocurrency in the dark web also facilitated criminal activity because it makes it easier for individuals to cover their tracks, mask their activity, and stay anonymous.
However, some markets are shut down, and single-vendor marketplaces emerge in their place. Now it is becoming a decentralized crime world that makes it difficult for law enforcement agencies (LEAs) to track and shut down. Right now, law enforcement activity is at a low point; combined marketplaces with authorized and reviewed vendors are starting to come up making it even easier for purchasers to do business with trusted vendors.
These advancements make deep web stolen data even more profitable because it is easier to use dark web marketplaces, sell or access data, and stay away from law enforcement agencies. Furthermore, it has become so easy right now that even low-level scavenger hackers can flourish. They take the lead in cases where data breaches are posted on public (non-dark web) hacker forums. The data is ultimately deleted as GDPR takes down the stolen data. However, scavenger hackers can easily take that data for free and sell it on the dark web before it is taken down.
Sum Up
The dark web is continuously evolving into an active market for surface and deep web stolen data. Cybercriminals are also improving their strategies and increasing their reach. So you must stay informed and vigilant so your data is not breached.
