CAMPBELL, Calif.--(BUSINESS WIRE)--Bitglass, the Total Cloud Security company, today announced new research that shows how the Dark Web, the value of stolen data and cybercriminal behaviors have dramatically evolved in recent years. In 2015, Bitglass conducted the world’s first data tracking experiment to better understand how data is viewed and accessed on the Dark Web. Today, with the world becoming more digital and the increasing number of data breaches, the Bitglass Threat Research Group recreated this experiment and compared this year’s findings to those of six years ago and found the following:
Stolen Data Has a Wider Reach and Moves More Quickly
- Breach data received over 13,200 views in 2021 vs. 1,100 views in 2015 — a 1,100% increase.
- In 2015, it took 12 days to reach 1,100 link views — in 2021, it took less than 24 hours to surpass that milestone.
- Breach data was downloaded from entities across 5 different continents.
“We expect that the increasing volume of data breaches as well as more avenues for cybercriminals to monetize exfiltrated data has led to this increased interest and activity surrounding stolen data on the Dark Web,” said Mike Schuricht, leader of the Bitglass Threat Research Group.
Dark Web Activity Has Become Darker
- The number of anonymous viewers on the Dark Web in 2021 (93%) outnumber those in 2015 (67%).
- This year’s experiment indicates particular interest in retail and government data from anonymous viewers; 36% and 31%, respectively.
“Given increased efforts by law enforcement to track and prosecute cybercriminals, we expect malicious actors to continue to use anonymous VPNs and proxies when accessing breached data in attempts to evade law enforcement,” said Schuricht.
Cybercriminals are Particularly Interested in Retail and U.S. Government Data
- Of all of the types of data Bitglass researchers seeded on the Dark Web, data to access retail and U.S. Government networks received the most clicks, 37% and 32%, respectively.
“Gaining access to large retailers’ networks remains a top priority for many cybercriminals wishing to deploy ransomware and extort payouts from large and profitable organizations,” said Schuricht. “Similarly, interest in the U.S. Government information is likely either from state-sponsored hackers or independent hackers looking to sell this information to nation-states.”
Cybercriminals are Closer Than You Think
- Cybercriminals may be more of a “homegrown” threat than many believe, with downloads of the stolen data originating from the United States as the second-most frequent location. The top three were: Kenya, United States, and Romania.
“In comparing the results of this latest experiment to that of 2015, it is clear that data on the Dark Web is spreading farther, faster,” said Schuricht. “Not only that, but cybercriminals are getting better at covering their tracks and taking steps to evade law enforcement efforts to prosecute cybercrime. Unfortunately, organizations’ cybersecurity efforts to protect data have not kept pace, as evident by the continuous onslaught of headlines reporting on the latest data breaches. As we advised organizations six years ago, it is vital they use best practices and new technologies to protect their data.”
The Bitglass Threat Research Group created a fictional identity claiming to have a list of vetted login and password data originating from the RockYou2021 password compilation leak. Researchers posted in various Dark Web marketplaces also known as “pastebins” with links to faux files with credentials that would allow access inside organizations in retail, government, gaming and media. The files were embedded with Bitglass’ proprietary watermarking technology, which traced the data after users on the Dark Web accessed it. This allowed the Bitglass Threat Research Group to draw the curtain back on current Dark Web trends and reveal the value of stolen data in today’s world.
To access the full report with additional findings and ways that organizations can protect their data, visit here.
Bitglass’ Total Cloud Security Platform is the only secure access service edge offering that combines a Gartner-MQ-Leading cloud access security broker, the world’s only on-device secure web gateway, and zero trust network access to secure any interaction. Its Polyscale Architecture boasts an industry-leading uptime of 99.99% and delivers unrivaled performance and real-time scalability to any location in the world. Based in Silicon Valley with offices worldwide, the company is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.