Financial crime on the dark web on the rise, reveals new report

in ,

BY Fraser Tennant

Cyber criminals are increasingly and persistently targeting the financial services sector, particularly banking institutions, using the dark web, according to a new report by Searchlight Cyber.

In ‘Dark Web Threats Against the Banking Sector’, the dark web intelligence company outlines the tactics cyber criminal are using against banking institutions, highlighting the most prominent threats visible on the dark web.

According to the report, the most prominent threat is initial access broker posts which sees threat actors sell vulnerabilities such as remote network access, web shells, remote code execution and SQL injection (a cyber attack that injects malicious SQL code into an application allowing the attacker to view or modify a database) on dark web forums for other cyber criminals, including ransomware operators, to exploit.

“We have observed threat actors that are known to be associated with ransomware groups interacting with initial access broker posts in this report,” said Jim Simpson, director of threat intelligence at Searchlight Cyber. “Knowledge is power, and identifying vulnerabilities being sold before the ransomware operator is able to successfully breach their organisation would be a huge win for defenders.”

Additional threats noted in the report include insider threats, where employees proactively advertise their ability to undermine the security of their organisation, as well as cyber criminals trying to recruit employees at banks, and threats against banks’ supply chains, which sees criminals identify the banks that can be impacted in posts targeting their suppliers.

The report also explains how such dark web intelligence can be used by banks in security practices such as threat hunting, internal investigations and gathering intelligence on the tactics of specific cyber criminals.

“While a lot of the cyber criminal activity described in this report sounds alarming, the point of this research is not to scare banks,” said Jim Simpson, director of threat intelligence at Searchlight Cyber. “In fact, it is to demonstrate the opportunity that the dark web provides to identify threats earlier. Banks are always going to be a target for threat actors, but monitoring the dark web allows them a chance to spot criminal activity in the ‘pre-attack’ or planning stage and gives security teams valuable time to adjust their defences.”

Report: Dark Web Threats Against the Banking Sector

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.