Get The Latest Insights

By Jessica Ellis | December 1, 2022

In Q3, Credit Unions nearly overtook National Banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs. Credit Unions have been increasingly targeted on underground channels, with Q3 2022 representing the highest incident count for the industry in four consecutive quarters.

Compromised data associated with Financial Institutions as a whole is consistently in high demand on the Dark Web. In Q3, Financial Institutions represented 75% of the information marketed on underground channels.

Every quarter, Fortra analyzes hundreds of thousands of attacks targeting enterprises and our clients. In this blog, we identify the most recent threats on the Dark Web and who they are targeting by analyzing a sample set of client data representative of the underground landscape. In this piece, the Dark Web is defined as the part of the web that cannot easily be indexed, and generally requires some technical obstacles to access.

Top Dark Web Threats

In Q3, Credit and Debit Card Fraud was the top threat to businesses on the Dark Web with nearly 65% of activity targeting stolen card data. The buying and selling of card data on underground markets did decrease slightly from Q2, yet consistently remains the top threat to businesses.

The exchange of Fraud Tools on the Dark Web was the second most common threat in Q3 after experiencing an increase of 14% of share. Fraud tools contributed to 19% of total Dark Web threat volume.

Consumer Credentials for Sale declined slightly, dropping to just under 11% of Dark Web activity in Q3. Corporate Credentials moved from the second spot to the fourth after declining 8.4% from Q2. Corporate Credentials represented 4.7% of volume.

Top Targeted Industries

Financial Institutions as a whole were targeted most on the Dark Web in Q3, with bad actors advertising data associated with these industries nearly three-quarters of the time. National/Regional Banks and Credit Unions represented a significant majority, taking the brunt of attacks within the financial services group.

National/Regional Banks represented the top spot among all industries, despite a 6.9% decline in abuse from Q2. Attacks on Credit Unions nearly overtook National/Regional Banks for the first time since PhishLabs’ reporting on this data, growing 2.7% in share to make up 33% of all attacks. This is the highest incident count Credit Unions have experienced in four consecutive quarters.

Similar to Q2, Financial Services were the only industry within the group in Q3 to see a decline in activity. Financial Services experienced 4.5% of attacks.

Telecoms & ISPs were abused 0.7% more in Q3, accounting for 8.7% of attacks and holding at the third spot for the second consecutive quarter. Other non-financials Ecommerce and Staffing & Recruiting also experienced increases, making up 6.1% and 2.5% of abuse, respectively.

Where Stolen Data is Marketed

In Q3, Chat-Based Services, Carding Marketplaces, and Credential Marketplaces displayed nearly identical volume, with each contributing to just over a quarter of all Dark Web activity. The exchange of stolen data on the Dark Web is extremely volatile, and marketplace activities often fluctuate as malicious sites gain the attention of government officials or authorities.

Carding Marketplaces specializing in the sale of account and card data tied Chat-Based Services for the top-used service in Q3, after increasing 6.5% from Q2. Though tied for the top percentage of share, threat actors moved away from Chat-Based Services, with activity dropping 16.5%. Both represented 28.6% of Dark Web activity.

Credential Marketplaces represented just over 6% of exchanges on the Dark Web, as activity increased 13% from Q2. Forums dropped 4.4%, totaling 14.3% of share of volume.

In Q3, enterprise data continues to be heavily targeted on the Dark Web. While the location of illegal activity continuously fluctuates, understanding what types of data are located on underground channels will help security teams identify compromised information pertaining to their brand. Fortra’s PhishLabs aids in the detection of malicious activity targeting brands, their employees, and their customers on the Dark Web to prevent damaging attacks.

Learn how Fortra’s PhishLabs can help your organization gain visibility into threats on the Dark Web and more, here.