Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Protecting your organization from dark web threats

by Khalid Halloumi , Senior Intel Analyst
Published

It's not just AI changing the game

As a Senior Threat Analyst at Resilience, I’ve observed firsthand how the dark web’s evolving landscape poses growing risks to organizations’ data and reputation. Threat actors are increasingly utilizing advanced tools and AI to scale operations and increase attack efficiency, creating unprecedented challenges for business security. 

But what does that mean for you? Here are my insights into how business leaders can stay ahead of these emerging threats to maintain their security and trust.

Recent concerning dark web trends

One of the most alarming developments I’m tracking is the surge of “infostealers,” a kind of sophisticated malware often delivered through phishing campaigns or malicious downloads, that covertly extracts sensitive information from infected systems. Infostealers harvest everything from login credentials to financial data and personal information, and can be purchased under a subscription model, as in the LummaC2 infostealer which costs from $250 to $1000 monthly

What happens next is equally concerning: cybercriminals sell this data on underground markets, fueling a range of crimes from banking fraud to business email compromise (BEC). 

But it doesn’t stop there. Compromised employee credentials can become gateways into corporate environments, allowing attackers to steal intellectual property, access customer records, and launch devastating ransomware attacks or espionage campaigns. This two-pronged approach makes infostealers particularly dangerous: they’re not just stealing data, they’re creating multiple revenue streams for criminals.

What’s especially concerning to me is how threat actors are adapting their methods to stay ahead of law enforcement. They’re increasingly turning to platforms like Tor and Telegram private chat groups, making our job of tracking and countering their activities more challenging by the day.

I’m also particularly troubled by how they’re misusing AI language models like ChatGPT and Claude. These tools are being repurposed to automate phishing attacks, generate convincing fake content, and develop and refine malicious code. The result? More sophisticated, targeted attacks that are increasingly scalable, and thus, harder to detect and prevent.

Despite black market shutdowns by law enforcement, threat actors respawn new ones, and the dark web’s booming trade in stolen data remains a concern for any security professional given the long tail effects of a data break to you or one of your vendors or partners. While massive amounts of stolen information are available for purchase, verifying authenticity is difficult. This creates a significant problem for businesses trying to assess their actual exposure and risk levels.

How to protect your organization

From my experience, effective dark web monitoring is primordial, but it’s not as simple as it sounds. The landscape is fragmented and complex. You need more than just access; you need continuous data collection and monitoring across multiple networks to identify relevant threats, and oftentimes, threat actor engagement through the human element. The sheer volume of data that needs to be analyzed for organization mentions or leaked credentials requires sophisticated tools and expertise that many internal teams struggle to manage.

That’s why I often recommend organizations consider outsourcing their dark web monitoring to special vendors. These providers bring dedicated expertise, advanced tools, and constant surveillance capabilities. This approach not only ensures more effective threat detection, but also prevents the resource drain that often comes with managing this internally.

Essential security practices

Luckily, there are some key security measures that have proven essential with organizations across industries. These practices aren’t just theoretical, but are battle-tested strategies that make a real difference in protecting against dark web threats. Here’s what you need to know:

1. Be prepared: Staying ahead of dark web threats requires a comprehensive security approach. One thing I always emphasize: hackers often target indiscriminately. I’ve seen supposedly “secure” unconcerned organizations fall victim because they weren’t prepared. With malicious communities expanding rapidly and AI lowering barriers for less sophisticated actors, vigilance is more important than ever. I highly advocate for regular testing, simulation exercises, and strongly adhering to the concept of “least privilege”, where access is given at the minimal necessary level and only when needed.

2. Be proactive, not reactive: One of the biggest mistakes I see organizations make is waiting until their data appears on the dark web before taking action. By then, it’s too late. This is where cyber insurance becomes crucial, not just for recovery after an incident, but as an incentive for proactive risk management. At Resilience, we’ve developed solutions that go beyond traditional insurance coverage, combining financial protection with advanced tools and expertise to address today’s complex threats.

Managing dark web exposure in 2025 is undoubtedly challenging, but I’ve seen how organizations can effectively protect themselves by combining the right tools, expertise, and proactive mindset. The key is not waiting until it’s too late—the time to act is now.

About the Author
Khalid Halloumi , Senior Intel Analyst

Khaled H. is a Senior Cyber Threat Analyst with Resilience, a former Threat Analyst at Flashpoint and a former web application pentester, who has held roles within the United Nations Security Council and the Counter-Terrorism Office, working on sanctions and program management. He graduated from the Georgetown University School of Foreign Service with a masters in cybersecurity and policy, and holds a bachelors from Hunter college in International Affairs. Khalid is fluent in Arabic (+6 dialects), French, English, Spanish, with a basic command of Chinese Mandarin and Brazilian Portuguese.

You might also like

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]

How to create an effective Incident Response Plan

Cyberattacks are no longer a distant threat—they are a certainty. Whether it’s a ransomware attack, data breach, or insider threat, organizations must be prepared to respond quickly and effectively. Without a solid plan in place, even a minor security incident can spiral into a major crisis, leading to financial losses, reputational damage, and regulatory penalties. […]

Understanding the ClickFix attack

Imagine a cyberattack so simple yet so deceptive that all it takes is three keystrokes to compromise your system. This is the reality of the ClickFix attack, a threat that Resilience threat researchers have observed in the wild since 2024 and that seems to be ramping up in recent weeks. ClickFix cleverly manipulates users into […]

How MFA can be hacked

Multi-factor authentication (MFA) represents a significant improvement over single-factor authentication, adding an extra layer of security that has become standard practice across industries. It’s become so popular that many organizations and individuals believe implementing MFA makes their accounts nearly impenetrable to attackers. After all, even if someone steals your password, they would still need access […]

What is the ROC?

The cybersecurity industry thrives on headlines. A major software vulnerability, a ransomware attack, or a widespread outage—each event sends ripples of concern through the digital ecosystem, often accompanied by a rush to assign blame and predict catastrophic consequences.  However, the reality of cyber risk is far more nuanced than these attention-grabbing headlines suggest. The key […]

Quantifying cyber risk for strategic business alignment

In Resilience’s recent webinar, “Quantifying Cyber Risk for Strategic Business Alignment,” (which I hosted along with my colleagues Eric Woelfel, Senior Cybersecurity Engineer, and Erica Leise, Senior Security Engineer) we wanted to tackle a common—and often limiting—mindset in cybersecurity. It’s a mindset I’ve seen again and again in my decade and half building machine learning […]