-

Searchlight Cyber Alerts Energy Sector to Dark Web Threats

New threat intelligence report shows how cybercriminals routinely target energy companies on dark web forums

WASHINGTON & PORTSMOUTH, England--(BUSINESS WIRE)--Searchlight Cyber, the dark web intelligence company, today released its new report, Dark Web Threats Against the Energy Industry, which examines cybercriminals’ reconnaissance against energy companies on the dark web. The report analyzes threat actor activity against the energy sector over a 12 month period and provides guidance on how this dark web intelligence can be factored into threat models to help organizations improve their security posture.

Searchlight Cyber analysts detail numerous instances of threat actors selling initial access to energy organizations around the world including targets in the USA, Canada, UK, France, Italy, and Indonesia on popular dark web forums like Exploit, RaidForums, and BreachForums. The research also highlights threat actors discussing ICS systems and sharing tutorials, papers, and documents, on ICS/SCADA, PLC, RTU, HMI and other components of industrial systems.

The research also found:

  • The predominant activity observed are auctions for initial access to energy companies that routinely take place on dark web forums.
  • Threat actors often use the terms “Start”, “Step” and “Blitz”, which indicate the start price, the increments of the bids, and a “buy-it-now” price (blitz) for initial access.
  • Most of these auction posts list the access type along with the country of the organization, its industry, and its revenue.
  • Several threat actors post multiple “auctions” impacting different organizations, suggesting that they are specialists in the initial access market.

Critically, the report explains how energy organizations monitoring the dark web can use this intelligence to spot when they are being targeted, and to prepare their defenses for the most likely types of attack based on the threats they observe against their peers. This “threat modeling” process involves identifying, categorizing, and prioritizing threats based on a hypothetical attacker’s point of view.

Commenting on the findings, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber said: “Energy companies are routinely discussed on dark web forums, with threat actors frequently auctioning initial access via remote software, VPNs, and stolen credentials for exploiting corporate infrastructure, Industrial Control Systems, and Operational Technology. The examples we highlight in this report are alarming but the intention of this research is to demonstrate to security professionals operating in this sector that they can use this intelligence to protect themselves, if they have access to it.

“With visibility into cybercriminal reconnaissance, energy companies can identify likely paths of attack, inform their defenses, and prioritize security measures that will help them cope with the most imminent threats. Dark web data gives companies an insight into the mindset and operations of cybercriminals, which is invaluable to any intelligence team.”

Click here to read the full report.

ENDS

About Searchlight Cyber

Searchlight Cyber provides organizations with relevant and actionable dark web intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks. To find out more visit slcyber.io or follow Searchlight Cyber on LinkedIn and Twitter.

Contacts

Searchlight Cyber


Release Versions

Contacts

Social Media Profiles
More News From Searchlight Cyber

Searchlight Cyber Launches New Dark Web Marketplace Module for Law Enforcement, Government, and Security Professionals

PORTSMOUTH, England--(BUSINESS WIRE)--Searchlight Cyber, the Continuous Threat Exposure Management company, has enhanced its dark web investigation platform Cerberus with a new Marketplace Search and Insights module. This new feature automatically collates data on dark web marketplaces with enhanced functionality for filtering based on investigation priorities. The module gives investigators greater oversight of the dark web landscape, enables the prioritization of the highest-risk threats, and...

Searchlight Cyber Report Shows 38% YoY Increase in Active Dark Web Ransomware Groups

PORTSMOUTH, England & WASHINGTON--(BUSINESS WIRE)--Searchlight Cyber, the Continuous Threat Exposure Management company, has released its annual report on ransomware trends from the dark web, “Same Game, New Players: Ransomware in 2025”. This year’s report tracks disruption to the “key players” in the ransomware landscape, an uptick in new ransomware groups operating on the dark web, and an increase in listed ransomware victims. Key findings of the report include: A total of 94 ransomware group...

Searchlight Cyber Acquires Assetnote to Enhance Continuous Threat Exposure Management

PORTSMOUTH, England & WASHINGTON & BRISBANE, Australia--(BUSINESS WIRE)--Searchlight Cyber (or “Searchlight”), today announced that it has acquired Assetnote, a Brisbane-based Attack Surface Management (ASM) company. The acquisition, the first by Searchlight Cyber, will integrate Assetnote’s industry-leading ASM solution with its dark web intelligence and monitoring capabilities, creating a holistic Continuous Threat Exposure Management (CTEM) platform that enables customers to zero in on the h...
Back to Newsroom