New research released today by cloud security company Bitglass Inc. finds that stolen data on the dark web is being shared and accessed more quicker than ever.

Following up on a data tracking experiment in 2015, the researchers created a fictional identity claiming to have a list of vetted login and password data originating from the RockYou2021 password compilation leak. The Bitglass researchers posted the data on various marketplaces on the dark web, a shady corner of the internet reachable with special software, and pastebins with links to fake files with credentials that would allow access inside retail, government, gaming and media organizations.

The files were embedded with Bitglass’ watermarking technology, which traced the data after users on the dark web accessed it, allowing the Bitglass Threat Research Group to track its use.

The first major finding is that stolen data now has a broader reach and moves more quickly. The fake files received more than 13,200 views in 2021 versus 1,100 views in 2015, a 12-fold jump. In 2015, it took 12 days to reach 1,100 link views, while in 2021 it took less than 24 hours.

Dark web activity is described as having become even darker, with the number of anonymous viewers on the dark web in 2021 coming in at 93% compared with 67% in 2015. The experiment also indicated an interest in retail and government data from anonymous viewers, at 36% and 31% respectively.

Cybercriminals, in general, were found to be particularly interested in retail and U.S. government data, with data to access retail and U.S. government networks receiving the most clicks, 37% and 32%, respectively.

“Gaining access to large retailers’ networks remains a top priority for many cybercriminals wishing to deploy ransomware and extort payouts from large and profitable organizations,” noted Mike Schuricht, leader of the Bitglass Threat Research Group. “Similarly, interest in the U.S. government information is likely either from state-sponsored hackers or independent hackers looking to sell this information to nation-states.”

By country, the top three locations for downloads on the fake stolen data originated from Kenya, the U.S. and Romania.

“In comparing the results of this latest experiment to that of 2015, it is clear that data on the Dark Web is spreading further, faster,” Schuricht said. “Not only that, but cybercriminals are getting better at covering their tracks and taking steps to evade law enforcement efforts to prosecute cybercrime.”

Unfortunately, organizations’ cybersecurity efforts to protect data have not kept pace, as evident by the continuous onslaught of headlines reporting on the latest data breaches, Schuricht added. “As we advised organizations six years ago, it is vital they use best practices and new technologies to protect their data.”

Photo: Pikist