Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Know Your Enemy: Leveraging the Dark Web to Strengthen Security

Virtual, underground marketplaces operating on the Dark Web generate billions of dollars worth of illegal business – from selling drugs to stolen credit card data, to intellectual property and more. Research shows that the volume of Dark Web users surged more than 40 percent in the early months of the pandemic and an estimated $100 million in COVID-related goods and services were offered for sale, from fake vaccines to the personally identifiable information (PII) that has been stolen through COVID-themed phishing attacks.

However, the Dark Web can also be used as an effective tool for legitimate cybersecurity researchers.

We spoke with Ziv Mador, Vice President of Security Research at Trustwave SpiderLabs for this Q&A that digs into how organizations can leverage the Dark Web’s secretive communities and glean valuable information that they can use to better protect their data and strengthen their security posture.


The Underground Economy Part 2

Wondering what the underground world of cybercrime looks like following after a year of unprecedented events? Bad actors capitalize on these events – from political unrest and economic instability to changing workforce dynamics and ongoing public health concerns – putting organizations of all sizes and across all industries at increased risk.



What kind of information can be found on the Dark Web and why is it valuable?

In closed forums, information is more valuable than drugs or illegal goods. It can serve as both the currency with which forum members pay their way into the community, as well as the merchandise being bought and sold. Once one has gained access to these closed forums by sharing nefarious information, it is easy to find ads selling large volumes of PII and other sensitive data such as bank account details, login credentials and full credit card numbers with CCVs – the latter of which can sell for as little as $20 per record. Some of the information being bought and sold on the Dark Web is intentionally timed to take advantage of current events and geo-political trends.

In addition to selling stolen or leaked consumer information, Dark Web forums also serve as a marketplace for buying and selling pre-packaged cyberthreats. Forum members can purchase malware, easy-to-use keyloggers and ransomware kits that come complete with detailed instructions on how to use them. Occasionally, new zero-day exploits can even be found for sale before they have been launched in the wild, though this is less common. Still other cybercriminals on the Dark Web will sell their expertise and skills as a service, offering up information on how to exploit a particular vulnerability or execute a certain attack technique. Some specialize in credential stealing, others in social engineering methods – such as impersonating a company’s IT department and pretending to “verify” access credentials or other sensitive information from unsuspecting remote workers.  

What are the security benefits to monitoring and collecting threat intelligence on the Dark Web?

By regularly monitoring the Dark Web, security professionals can gain valuable insights on emerging trends and specific threat intelligence they can use to improve their defensive techniques. They can leverage chatter on Dark Web forums as an early warning system, alerting them to new bots, viruses or malware that have appeared on the scene. This early warning gives security professionals time to harden their defenses and update their response playbooks, enabling them to mitigate the risk of the threat being used against their organization, or respond more quickly if an attack does occur.

Security professionals can also learn about new or emerging attack techniques that could be targeted at a particular vertical industry or sector. Individual organizations are rarely targeted, unless they have a particularly sought-after asset, but cybercriminals and hackers will often exploit vulnerabilities to target a particular industry. For example, knowing that healthcare systems have been overwhelmed during the pandemic, cybercriminals have actively increased their attacks targeting the industry and are sharing their techniques for executing ransomware attacks aimed at hospitals and healthcare providers. By monitoring the Dark Web, security professionals can stay ahead of the threats and better prepare their defenses.   

How can organizations start utilizing the Dark Web to bolster their security posture?

Because it can take years to earn reputation on the Dark Web – not to mention a unique talent for blending into these secretive communities while walking the fine line of not aiding criminal activity – enterprise security teams may find it most practical to turn to a trusted partner or managed security services provider that is already monitoring these forums. Whether done in-house or with the help of a partner, keeping an eye on the Dark Web can prove very beneficial for cybersecurity professionals by providing actionable threat intelligence that can give them an advantage over their adversaries. As the old saying goes, “Keep your friends close, and your enemies closer.”

For more information about Trustwave SpiderLabs and our global threat intelligence capabilities, please click here.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More