According to Kaspersky’s Digital Footprint Intelligence (DFI) report for APAC, database leaks in the region account for 95% of the total amount of advertisements. Singapore’s and Australia’s data leaks markets are by far the largest when looking at the weighted GDP amounts of orders.

The report highlights results collected last year for organizations and even countries to keep an eye on possible external threats and stay informed about potential cybercriminal activities, including ones being discussed on the Darknet. Monitoring of external data sources in Kaspersky’s Digital Footprint Intelligence service, including Darknet resources, provides insights into cybercriminal activity through different stages of attack lifecycle.

There are two major types of data found when analyzing an organization’s digital footprint: fraudulent activities and cyberattack footprints. While Kaspersky discovered numerous fraud signs, the focus of the report remains on attack detection.

Kaspersky opens registration for Secur’IT Cup ’22
Kaspersky blocks 47M brute force attacks targeting remote workers

Darknet activity related to attack impact (advertisements on selling data leaks and compromised data) dominates the statistics as these are spread over time, where criminals sell, resell and repack a lot of data leaks from the past.

Organizations from Australia, India, mainland China, and Pakistan are the major adversaries’ interest to start an attack. These countries were present in 84% of ads from the attack preparation category. Pakistan and Australia attract huge interest as seen by the number of orders weighted with their GDP.

Data leaks

Looking at the size of infrastructure, businesses, and industrialization, mainland China poses relatively low interest for adversaries. This may indicate the presence of a language barrier cybercriminal scene in the APAC region or the complications with network-level access to organizations in the country.

The most promising findings are from the attack execution stage: artifacts are stating that adversaries have capabilities or already have access to organizations’ networks or services, but there is no business impact yet. In terms of advertisements on the Darknet, indicating an attack executed, Australia, India, mainland China, and the Philippines cover 75% of those detected by Kaspersky.

Once a data leak occurs, the sale or free access to the stolen information will follow. An indicator of compromise can be data leaks as well as insider activity orders, sale or free access to internal data, including but not limited to databases, confidential documents, PII, credit cards, VIP information, financial data, and many more.

Organizations from Australia, mainland China, India, and Singapore take 84% of all data leaks sell orders placed on the Darknet. Singapore’s and Australia’s data leaks market are by far the largest when looking at the weighted with GDP amounts of orders.

It should be noted that the Philippines, Pakistan, and Thailand organizations were among the adversaries interest to begin an attack or appeared as already compromised, but the amount of data leaks is on par with other countries from the middle of the group.

How to protect your company from these threats

-Demand for corporate and personal data on the black market is high, and it doesn’t always involve targeted attacks. Attackers may gain access to the infrastructure of a random company to sell it to blackmailers or other advanced cybercriminals later.

An attack like this can affect a company of any size, big or small, because corporate system access is often priced moderately on underground forums, especially compared to the potential damage to a business.

Sellers on the dark web most often offer remote access via RDP. To protect corporate infrastructure from attacks through remote access and control services, make sure the connection via this protocol is secure by:

– providing access to services (for example, RDP) only through a VPN,
– using strong passwords and Network Level Authentication (NLA),
– using two-factor authentication for all services,
– monitoring for leaks of access data. Dark web monitoring is available on Kaspersky Threat Intelligence Portal.