Data Breach Sales: What’s Trending on the Dark Web?

Financial, Retail, and Healthcare Sectors Among Hardest-Hit

Every year Flashpoint analyzes all of the activity that we observed in threat actor communities where the discussion centered on the sale and distribution of breached data. In our observations this year, we found that over 69% of all data breaches were concentrated within five industry sectors (see Figure 1): Financial Institutions (19%), Retail (17%), Healthcare (12%), Technology (12%), and Government (10%).

COVID-19 Cybercrime Disrupts Organizations Worldwide

Retail and healthcare industries were also badly battered by coronavirus-related threats. Retail cybersecurity teams dealt with the rapid transition of online sales, as threat actors sought to exploit misconfigurations, such as SQL injections and other web vulnerabilities. Meanwhile, hospitals, which were already stretched thin treating COVID-19 patients, were left exposed to increases in threat actor attempts to gain admin-level access to data and patient health information (PHI) to sell or use in their own extortion schemes.

Threat Actors Concentrate Data Breach Ads on Exploit and Raid Forums

Threat actors most frequently posted about or advertised data breaches on Exploit and Raid Forums (see Figure 2). Data breach advertisements on these forums typically promote sellers’ access to victim networks, offering information to prove the validity and value of the access offered.