Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Protecting your organization from dark web threats

by Sevan Sarkhoshian , Senior Technical Security Advisor
Published

It's not just AI changing the game

As a Senior Threat Analyst at Resilience, I’ve observed firsthand how the dark web’s evolving landscape poses growing risks to organizations’ data and reputation. Threat actors are increasingly utilizing advanced tools and AI to scale operations and increase attack efficiency, creating unprecedented challenges for business security. 

But what does that mean for you? Here are my insights into how business leaders can stay ahead of these emerging threats to maintain their security and trust.

Recent concerning dark web trends

One of the most alarming developments I’m tracking is the surge of “infostealers,” a kind of sophisticated malware often delivered through phishing campaigns or malicious downloads, that covertly extracts sensitive information from infected systems. Infostealers harvest everything from login credentials to financial data and personal information, and can be purchased under a subscription model, as in the LummaC2 infostealer which costs from $250 to $1000 monthly

What happens next is equally concerning: cybercriminals sell this data on underground markets, fueling a range of crimes from banking fraud to business email compromise (BEC). 

But it doesn’t stop there. Compromised employee credentials can become gateways into corporate environments, allowing attackers to steal intellectual property, access customer records, and launch devastating ransomware attacks or espionage campaigns. This two-pronged approach makes infostealers particularly dangerous: they’re not just stealing data, they’re creating multiple revenue streams for criminals.

What’s especially concerning to me is how threat actors are adapting their methods to stay ahead of law enforcement. They’re increasingly turning to platforms like Tor and Telegram private chat groups, making our job of tracking and countering their activities more challenging by the day.

I’m also particularly troubled by how they’re misusing AI language models like ChatGPT and Claude. These tools are being repurposed to automate phishing attacks, generate convincing fake content, and develop and refine malicious code. The result? More sophisticated, targeted attacks that are increasingly scalable, and thus, harder to detect and prevent.

Despite black market shutdowns by law enforcement, threat actors respawn new ones, and the dark web’s booming trade in stolen data remains a concern for any security professional given the long tail effects of a data break to you or one of your vendors or partners. While massive amounts of stolen information are available for purchase, verifying authenticity is difficult. This creates a significant problem for businesses trying to assess their actual exposure and risk levels.

How to protect your organization

From my experience, effective dark web monitoring is primordial, but it’s not as simple as it sounds. The landscape is fragmented and complex. You need more than just access; you need continuous data collection and monitoring across multiple networks to identify relevant threats, and oftentimes, threat actor engagement through the human element. The sheer volume of data that needs to be analyzed for organization mentions or leaked credentials requires sophisticated tools and expertise that many internal teams struggle to manage.

That’s why I often recommend organizations consider outsourcing their dark web monitoring to special vendors. These providers bring dedicated expertise, advanced tools, and constant surveillance capabilities. This approach not only ensures more effective threat detection, but also prevents the resource drain that often comes with managing this internally.

Essential security practices

Luckily, there are some key security measures that have proven essential with organizations across industries. These practices aren’t just theoretical, but are battle-tested strategies that make a real difference in protecting against dark web threats. Here’s what you need to know:

1. Be prepared: Staying ahead of dark web threats requires a comprehensive security approach. One thing I always emphasize: hackers often target indiscriminately. I’ve seen supposedly “secure” unconcerned organizations fall victim because they weren’t prepared. With malicious communities expanding rapidly and AI lowering barriers for less sophisticated actors, vigilance is more important than ever. I highly advocate for regular testing, simulation exercises, and strongly adhering to the concept of “least privilege”, where access is given at the minimal necessary level and only when needed.

2. Be proactive, not reactive: One of the biggest mistakes I see organizations make is waiting until their data appears on the dark web before taking action. By then, it’s too late. This is where cyber insurance becomes crucial, not just for recovery after an incident, but as an incentive for proactive risk management. At Resilience, we’ve developed solutions that go beyond traditional insurance coverage, combining financial protection with advanced tools and expertise to address today’s complex threats.

Managing dark web exposure in 2025 is undoubtedly challenging, but I’ve seen how organizations can effectively protect themselves by combining the right tools, expertise, and proactive mindset. The key is not waiting until it’s too late—the time to act is now.

About the Author
Sevan Sarkhoshian , Senior Technical Security Advisor

Sevan Sarkhoshian is a Senior Technical Security Advisor at Resilience with over 8 years of experience designing, implementing, and managing comprehensive cybersecurity and IT solutions across multifaceted environments. He excels at building robust cybersecurity programs that align with business goals, mitigate risks, and ensure regulatory compliance. Previously, Sevan spent 6 years in various roles, including Senior Security Engineer, Security and Systems Engineer, and IT Support Specialist. He holds a Bachelor’s degree in Finance from California State University, Northridge, and CISSP, CISM, CySA+, Security+, eJPT certifications.

You might also like

The vendors you’re probably missing

While the seven data streams from our previous post will capture the majority of your vendor relationships, they’re primarily designed to find digital services and traditional procurement relationships. Today, we’re exploring the vendor categories that fall through the cracks of most discovery programs, as well as why they often represent some of your highest-risk relationships. […]

How to prepare your organization for a post-quantum world

Quantum computing is on the horizon, and with it comes a seismic shift in how organizations must think about cybersecurity risk. The ability of future quantum machines to break today’s cryptographic protections, what we call quantum decryption, could undermine the trust, confidentiality, and resilience of digital business. This briefing series distills a highly technical topic […]

When will quantum decryption become practical?

As part of Cybersecurity Awareness Month, we’re publishing this three-part series that distills a highly technical topic into strategic insights for leaders. Part 1 explained why quantum decryption poses a threat to current encryption systems. Part 2 lays out credible timelines for when the disruption may arrive. Part 3 will offer practical guidance on how […]

What business leaders need to know about post-quantum cyber risk

Quantum computing is on the horizon and with it comes a seismic shift in how organizations must think about cybersecurity risk. The ability of future quantum machines to break today’s cryptographic protections–what we call quantum decryption–could undermine the trust, confidentiality, and resilience of digital business.                                                                                          As part of Cybersecurity Awareness Month, throughout October we are […]

The false promise of paying criminals to delete your data

On October 6, 2025, hackers demanded ransom from Salesforce for nearly one billion stolen customer records. The company’s response was unequivocal: no payment, no negotiation. While the refusal made headlines, the more important question is why Salesforce—and increasingly, other mature organizations—are walking away from the table when criminals offer to “suppress” stolen data. The answer […]

A CISO’s guide to winning the annual budgeting battle

It’s that time of year again. Finance has sent the email with the budget template attached. Your CFO wants preliminary numbers by next week. And you’re staring at a spreadsheet wondering how to justify the security investments your organization desperately needs when last quarter’s board meeting included the phrase “do more with less.” Welcome to […]