The number of dark web marketplaces, also known as darknet markets, continues to grow year-on-year, despite law enforcement’s efforts to close the networks down. Cybercriminals use these illicit platforms to trade hacking tools, services, stolen data and other sensitive information obtained from cyber attacks. Tools such as malicious software, phishing kits and email extractors are being sold by sophisticated hackers through these darknet markets to inexperienced cybercriminals, democratising their use.
With advancements in these tools and technologies (such as AI) driving wider use of ransomware and malware-as-a-service (MaaS), the need for organisations to protect digital identities through robust cybersecurity has never been greater. To address and mitigate the vulnerabilities leaving them exposed to cyber attacks, organisations must familiarise themselves with the tools and tactics cybercriminals are using.
Last year, half of UK businesses experienced a cyber attack or some kind of breach, with the primary attack type being phishing (84%), and viruses or other malware accounting for only 17% of attacks. With phishing’s main purpose being to steal credentials or sensitive information, this knowledge gives organisations a better understanding of what cybercriminals are after and, by extension, where cybersecurity efforts should be prioritised. As organisations struggle to combat cyber attacks, now must be the time to refer to the hacker’s playbook and beat them at their own game.
Battling hacker sophistication
More sophisticated attacks and entrepreneurial approaches to the tools hackers make available to other cybercriminals are threatening to outpace organisations in the cyber race. As well as this, evolving technologies, like AI, are accelerating the democratisation of cyber attacks, giving less experienced threat actors the resources they need to carry out a serious breach.
Recent cases have shown us the extent of damage MaaS attacks can cause. The cybercriminals who carried out the Snowflake data theft and extortion used infostealer malware and purchased credentials to carry out the attack which left up to 165 businesses compromised. The data stolen from such attacks is a valuable commodity on darknet marketplaces, with darknet market ‘vendors’ making the sensitive information available to even the most novice cybercriminals. Last year’s attack on Synnovis, an NHS provider, is another example of this kind of work in the wild, resulting in the ransomware gang which carried out the attack (Qilin) publishing 400GB of private healthcare data online. These attacks reveal how hacking tools and sensitive information is being made available for all types of cybercriminals to utilise.
Readily available MaaS, including adware, keyloggers, spyware, worms, Trojan horses and more is concerning. Organisations are racing against time to combat the ever-growing volume and complexity of attacks fuelled by open trade on darknet markets.
How organisations can take advantage of the playbook
The World Economic Forum’s Global Cybersecurity Outlook report for 2025 found a 223% increase in deepfake-related tools being traded on the dark web, outpacing organisations’ abilities to keep up with AI-driven cyber attacks.
As attacks and the technology behind them evolve, so too must cyber defences. For organisations to defend digital identities from malicious intentions, they must stay informed of the technologies and strategies hackers are exploiting, as well as the most valuable targets for cybercriminals.
Understanding how hacking tools are being used and what data is most valuable for cybercriminals will become more critical as organisations develop strategies to tackle threats. With bad actors continuously adopting new technologies and changing their attack styles, proactive defence measures, such as behavioural analytics and AI-driven threat detection, should be widely implemented to outsmart cybercriminals before an attack is successfully completed.
Importantly, personally identifiable information (PII), financial information and passwords or login credentials top the list of the most valuable data cybercriminals sell on the dark web. Alongside proactive defence measures, focusing cybersecurity efforts on these vulnerabilities is critical, and as this information is often stolen through phishing attacks, email and password security should be a primary focus.
The importance of password-related security is often overlooked. Alternative authentication methods, such as multi-factor authentication (MFA), token authentication and biometric identification can easily be implemented to defend against attacks carried out by sophisticated hackers and less skillful cybercriminals alike. Decentralising identity is also often under-utilised as a defence strategy, despite its proven benefit of making it more difficult for cybercriminals to carry out an attack.
Darknet markets will remain
Protecting significant vulnerabilities, such as passwords, which are knowingly exploited to steal PII, financial details and credential information, is of ever-growing importance as hackers continue to go to great lengths to steal one of the dark web’s most valuable commodities – data.
As technologies and cybercriminals rapidly evolve, organisations must rethink their approach to cyber defence. By keeping well informed of hacking tools and techniques and focusing resources into defences protecting the most valuable aspects of data, businesses can better position themselves to secure digital identities.
Ad
