Get The Latest Insights

By |

According to Forta’s Phishlabs, credit unions became the top targeted industry on the dark web in Q2, surpassing banking institutions for the first time since we began reporting on this data in 2021. Financial institutions as a whole experienced the vast majority of abuse, with compromised credit card data leading all threat types on the dark web.

Every quarter, Fortra’s PhishLabs analyzes hundreds of thousands of attacks targeting our clients. In this blog, we identify the most recent threats on the dark web and the industries they are targeting by analyzing a sample set of client data representative of the underground landscape. PhishLabs defines the dark web in this article as the part of the web that cannot easily be indexed, and generally requires some technical obstacles to access.

Dark Web Threats

Q2 Dark Web Threats

The variety of threats advertised on the dark web showcases the challenges organizations face when safeguarding their digital assets. In Q2, credit card data led all other threat types on the dark web, accounting for 61.5% of total volume. Card information is consistently in demand on underground channels, as this type of perpetually lucrative data has enduring appeal for cybercriminals. Credit card volume did decline slightly in share in Q2, dropping 2.6%.

Fraud tools remained the second most popular threat advertised on the dark web, representing just over 18% of total volume. This type of threat can take the form of instructional guides, overlay screens impersonating login pages, and phish kits.

Corporate credentials for sale made up over 13% of total threats. Gaining unauthorized access to corporate networks continues to drive a high volume of malicious exchanges, with cybercriminals showing a consistent interest in buying and selling corporate credentials.

Consumer credentials for sale and deposit fraud were also sought after, although less in Q2 than Q1. Consumer credentials made up 5.76% of volume and deposit fraud was observed just under 1.5% of the time.

Most Abused Industries

Industries Targeted on the Dark Web in Q2

In Q2, the financial industry as a whole remained the overwhelming focus of cybercriminals, making up more than 82% of total attack volume. Notably, for the first time since reporting on this dataset, credit unions were most targeted among all industries with 38% of share of volume, edging out historical leader banking by a slight margin. Credit unions have consistently been attractive targets for attack because of their perceived vulnerability. However, this is the first time that they have been more favored than any other industry. Banks made up 37.5% of total volume.

Other categories within the financial industry include financial services and payment services. Financial services were the third most targeted industry overall, with 5.1% of volume. Payment services placed in seventh with 1.8%.

Dating was the top targeted non-financial in Q2, with 3.3% of volume. Ecommerce followed close behind,despite a minor quarter-over-quarter decline. Ecommerce was victim to 2.8% of total abuse.

Remaining non-financial targets included:

  • Staffing & Recruiting 2.0%
  • Telecommunications 1.5%
  • Computer Software 1.3%

Where Stolen Data is Marketed

Q2 Dark Web Site Types

Understanding where compromised data is marketed provides vital insights into a cybercriminal’s playbook. In Q2, there were several fluctuations in where threatening behavior was conducted.

Cybercriminals used chat-based services to conduct suspicious activity more than any other dark web site-type after a nearly 18% increase in activity over Q1. Chat-based services represented just under 40% of all marketplace activity. This is the greatest share of volume for the category since Q2 of 2022.

Carding marketplaces moved from first place in Q1 to the second spot in Q2, with 28.8% of volume. Carding marketplaces and chat-based services have regularly alternated as the most used platform-type for malicious exchanges for the past two years.

Other spaces where threatening transactions occur include:

  • Forums 19.2% (+4.9%)
  • Account Marketplace 11.5% (-8.1%)
  • Traditional Marketplace 1.1% (+0.7%)
  • Paste Site 0.1% (+0.1%)

Detecting and countering dark web threats remains a formidable challenge for organizations. The lack of visibility into these spaces can leave sensitive information exposed and vulnerable to exploitation. In order to prevent attacks stemming from activity on the dark web, organizations should prioritize visibility into dark web spaces and monitor for suspicious activity that relates to their brand.

Learn how PhishLabs delivers visibility into Dark Web activity targeting organizations.