Cyber Threat Intelligence: Illuminating the Deep, Dark Cybercriminal Underground

Dark Cybercriminal Underground

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.

The deep and dark web, otherwise known as the cybercriminal underground, is where malicious actors gather to exchange plans, sell goods or services, and recruit others to help in their illicit activities. Grasping how it functions and the intelligence it offers is crucial for proactively safeguarding your environment against attacks, as it is in these spaces that threat actors frequently reveal their intentions prior to launching an attack.

The State of the Underground 2024

Our annual State of the Underground 2024 is a detailed report that sheds light on the evolving underworld of cybercrime, exploring trends and behaviors observed within the deep, dark web during 2023. This comprehensive analysis, compiled by Cybersixgill’s cyber threat intelligence experts, provides valuable insights into the tactics, techniques, and technologies employed by threat actors worldwide. Topics addressed in the report include:

  • Compromised credit card trends
  • Physical products on the underground
  • Messaging platforms and underground forums
  • Initial access trends
  • Malware and ransomware trends

The report completes its analysis with a look back at Cybersixgill’s 2023 predictions, assessing whether those predictions came true (or not) and the impact they had on the cybersecurity landscape.

Click here to learn more

Take a guided tour of the underground

Because the dark web is a hub for cybercriminals to exchange tools, information, and services, dark web threat intelligence is crucial for companies, as it offers an uncensored view into the current cybercrime landscape and trends. Accessing deep and dark web sources is challenging since they are not indexed and require exact URLs. These underground sites constantly post data, from credit card information and data dumps to compromised endpoints, malicious programs, and narcotics. Join Cybersixgill’s Cyber Threat Intelligence Analyst Michael-Angelo Zummo as he demonstrates how to access the dark web and provides a tour of this hidden world.

Click here to watch

Inside the mind of a hacker

If you’ve ever wondered what life as a threat actor on the cybercriminal underground is like, you’ll want to watch this webinar. In it, our experts provide a rare glimpse into the mind of a hacker and the tools they use to undertake malicious activities. Using the Cyber Kill Chain framework to map the stages of successful cyber attacks, the discussion delves into how hackers think, their methods for infiltrating and exploiting networks, and their motivations for doing so.

Discover more here

Wholesale Access Markets: a feeding ground for ransomware

The first stage of an active cyberattack is gaining initial access to establish a foothold within a network. This step is challenging, so many aspiring attackers buy network access from skilled threat actors. There are two main types of access-as-a-service available on the underground: initial access brokers (IABs) and wholesale access markets (WAMs). IABs auction access to companies for hundreds to thousands of dollars, while WAMs sell access to compromised endpoints for about $10.

WAMs are like flea markets with low prices, a vast inventory, and poor quality (since listings could belong to random individual users or enterprise endpoints). Still, they can play a big role in how threat actors launch ransomware attacks. Our research provides an analysis of SaaS logins in WAM listings and describes how threat actors might attribute the listing to an enterprise. In other words, WAM posts often list the resources into which the compromised endpoint is connected, which can reveal a major vulnerability for enterprises. For-sale systems that are logged onto enterprise software (for example, Slack or Jira) presumably belong to the organization whose name is often mentioned in the URL.

Read more here

To learn more about Cybersixgill’s deep, dark web cyber threat intelligence, contact us to schedule a demo.



Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.