Kaspersky’s latest Security Bulletin highlights a surge in ransomware blog posts and an escalating risk of personal and corporate credential leakage on the dark web in 2023. Anticipated trends for 2024 include cybercriminals turning to search engine advertising for malicious websites and a growing demand for crypto-drainer services.
19 January 2024 – Leading cybersecurity firm, Kaspersky, has released a comprehensive report detailing the evolving landscape of cyber threats based on its observations of the dark web market in 2023. Notable highlights include a surge in ransomware blog posts, escalating risks of personal and corporate credential leakage, and anticipated trends for 2024, such as increased use of search engine advertising for malicious websites and a growing demand for crypto-drainer services.
In the recently published Kaspersky Security Bulletin (KSB), experts from the Global Research and Analysis Team (GReAT) and Kaspersky Digital Footprint Intelligence present a thorough review of the past year’s dark web activities, shedding light on emerging trends in the cybercriminal community. The report reveals a noteworthy increase in ransomware blog posts, with the monthly average rising from 386 in 2022 to 476 in 2023, reaching a peak of 634 posts in November. This surge underscores the evolving tactics employed by ransomware actors, utilizing blogs for purposes such as blackmailing companies and showcasing successful hacks or stolen data.
Furthermore, the dark web market experienced a heightened risk of personal and corporate credential leakage, driven by the proliferation of stealer malware. Notably, posts offering Redline stealer logs, a popular malware family, tripled from an average of 370 per month in 2022 to 1,200 in 2023. The overall volume of various malware log files, containing compromised user data, posted freely on the dark web, rose by almost 30% in 2023 compared to the previous year.
Looking ahead to 2024, Kaspersky anticipates several trends shaping the dark web landscape. Cybercriminals are expected to increasingly turn to search engine advertising to promote websites embedded with malware, moving away from traditional phishing emails. Additionally, the report foresees a growing demand for crypto-drainer services, a type of malicious software designed to swiftly and automatically withdraw funds from legitimate crypto wallets to malicious actors’ wallets.
Experts also predict an increase in services providing anti-virus (AV) evasion for malware, the continued evolution of “Loader” malware services, and dynamic changes in the market for Bitcoin mixers and cleaning services.
Sergey Lozhkin, Principal Security Researcher at GReAT, emphasizes the importance of a proactive cybersecurity stance, stating, “Monitoring dark web market activities and trends is akin to peering into the enemy’s playbook, allowing early threat detection, understanding adversary tactics, and ensuring you’re several steps ahead in terms of cyber defenses.”