Cybercriminal activity on the dark web surged in 2024, with significant growth in discussions around crypto-drainer malware and advertisements for corporate database breaches, according to Kaspersky’s latest Security Bulletin.
The report highlights an evolving cyber threat landscape, with increased interest in malware targeting cryptocurrency wallets and intensified activity around data leaks and breaches.
Discussions about crypto-drainers, a type of malware designed to empty cryptocurrency wallets, rose by 135% between 2022 and 2024.
Initially emerging three years ago, these drainers exploit victims through methods such as fake airdrops, phishing sites, malicious browser extensions, and fraudulent NFT marketplaces.
Dark web forums have become hubs for buying, selling, and distributing this malware, often accompanied by discussions on tactics and recruitment of accomplices.
Data breaches also saw a marked rise in interest. Between August and November 2024, advertisements for corporate databases on a prominent dark web forum increased by 40% compared to the same period in 2023.
While some postings featured older leaks repackaged as new, others targeted major corporations, signaling a sustained focus on exploiting sensitive data.
Kaspersky researchers noted that not all advertisements represent genuine breaches; some are crafted to generate buzz or tarnish corporate reputations.
These tactics underscore the need for businesses to monitor mentions of their assets on dark web platforms and respond promptly to mitigate reputational and operational risks.
Other trends observed include a shift among cybercriminals from Telegram back to dark web forums, prompted by increased enforcement and bans on Telegram channels.
Additionally, ransomware groups are fragmenting into smaller, more elusive units, complicating tracking and enforcement efforts. The rise of Malware-as-a-Service is also contributing to the proliferation of malware, including stealers and drainers.
The Middle East remains a focal point for cyber threats, with hacktivism and ransomware incidents escalating due to geopolitical tensions. If these trends persist, the region is expected to see further increases in cyberattacks in 2025.
Kaspersky advises individuals and businesses to adopt robust security measures and actively monitor dark web activities to detect and counter potential threats.