Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Protecting your organization from dark web threats

by Sevan Sarkhoshian , Senior Technical Security Advisor
Published

It's not just AI changing the game

As a Senior Threat Analyst at Resilience, I’ve observed firsthand how the dark web’s evolving landscape poses growing risks to organizations’ data and reputation. Threat actors are increasingly utilizing advanced tools and AI to scale operations and increase attack efficiency, creating unprecedented challenges for business security. 

But what does that mean for you? Here are my insights into how business leaders can stay ahead of these emerging threats to maintain their security and trust.

Recent concerning dark web trends

One of the most alarming developments I’m tracking is the surge of “infostealers,” a kind of sophisticated malware often delivered through phishing campaigns or malicious downloads, that covertly extracts sensitive information from infected systems. Infostealers harvest everything from login credentials to financial data and personal information, and can be purchased under a subscription model, as in the LummaC2 infostealer which costs from $250 to $1000 monthly

What happens next is equally concerning: cybercriminals sell this data on underground markets, fueling a range of crimes from banking fraud to business email compromise (BEC). 

But it doesn’t stop there. Compromised employee credentials can become gateways into corporate environments, allowing attackers to steal intellectual property, access customer records, and launch devastating ransomware attacks or espionage campaigns. This two-pronged approach makes infostealers particularly dangerous: they’re not just stealing data, they’re creating multiple revenue streams for criminals.

What’s especially concerning to me is how threat actors are adapting their methods to stay ahead of law enforcement. They’re increasingly turning to platforms like Tor and Telegram private chat groups, making our job of tracking and countering their activities more challenging by the day.

I’m also particularly troubled by how they’re misusing AI language models like ChatGPT and Claude. These tools are being repurposed to automate phishing attacks, generate convincing fake content, and develop and refine malicious code. The result? More sophisticated, targeted attacks that are increasingly scalable, and thus, harder to detect and prevent.

Despite black market shutdowns by law enforcement, threat actors respawn new ones, and the dark web’s booming trade in stolen data remains a concern for any security professional given the long tail effects of a data break to you or one of your vendors or partners. While massive amounts of stolen information are available for purchase, verifying authenticity is difficult. This creates a significant problem for businesses trying to assess their actual exposure and risk levels.

How to protect your organization

From my experience, effective dark web monitoring is primordial, but it’s not as simple as it sounds. The landscape is fragmented and complex. You need more than just access; you need continuous data collection and monitoring across multiple networks to identify relevant threats, and oftentimes, threat actor engagement through the human element. The sheer volume of data that needs to be analyzed for organization mentions or leaked credentials requires sophisticated tools and expertise that many internal teams struggle to manage.

That’s why I often recommend organizations consider outsourcing their dark web monitoring to special vendors. These providers bring dedicated expertise, advanced tools, and constant surveillance capabilities. This approach not only ensures more effective threat detection, but also prevents the resource drain that often comes with managing this internally.

Essential security practices

Luckily, there are some key security measures that have proven essential with organizations across industries. These practices aren’t just theoretical, but are battle-tested strategies that make a real difference in protecting against dark web threats. Here’s what you need to know:

1. Be prepared: Staying ahead of dark web threats requires a comprehensive security approach. One thing I always emphasize: hackers often target indiscriminately. I’ve seen supposedly “secure” unconcerned organizations fall victim because they weren’t prepared. With malicious communities expanding rapidly and AI lowering barriers for less sophisticated actors, vigilance is more important than ever. I highly advocate for regular testing, simulation exercises, and strongly adhering to the concept of “least privilege”, where access is given at the minimal necessary level and only when needed.

2. Be proactive, not reactive: One of the biggest mistakes I see organizations make is waiting until their data appears on the dark web before taking action. By then, it’s too late. This is where cyber insurance becomes crucial, not just for recovery after an incident, but as an incentive for proactive risk management. At Resilience, we’ve developed solutions that go beyond traditional insurance coverage, combining financial protection with advanced tools and expertise to address today’s complex threats.

Managing dark web exposure in 2025 is undoubtedly challenging, but I’ve seen how organizations can effectively protect themselves by combining the right tools, expertise, and proactive mindset. The key is not waiting until it’s too late—the time to act is now.

You might also like

Your cyber insurance policy could be a target

Organizations invest heavily in cyber insurance policies to shield their businesses from evolving threats, but many overlook a critical vulnerability: the security of the insurance policy documents themselves. While these policies are designed to protect you from cyber threats, they can become powerful weapons when they fall into the wrong hands. Over the past year, […]

A complete guide to domain spoofing

Domain spoofing is a cyberattack technique most commonly used in phishing and fraud, where criminals impersonate a legitimate organization’s domain name to deceive users. Think of it as digital identity theft at scale: Attackers make fraudulent emails or websites appear as if they originate from your trusted company domain, tricking victims into revealing sensitive data, […]

The 3 types of CISOs: How to succeed in any version – and what to do when you’re misaligned

As the CISO, are you and your organization in alignment? The CISO role has evolved dramatically over the past decade, but organizational cybersecurity programs have not always kept pace.  If you think about CISOs like software versions, version 1.0 is your first generation of CISOs, focused on structure and technical architecture. Version 2.0 moves beyond […]

The Security Squeeze

One of the most important features of the Resilience SaaS platform is our Quantified Cyber Action Plan. It supports CISOs making decisions under risk and uncertainty by providing a prioritization for which cyber controls should be implemented, based on their ROI. The power of this approach lies in the fact that it guides the most […]

How Scattered Spider’s vertical-focused strategy creates industry-wide security emergencies

This post is based on a threat intelligence report by Resilience Director of Threat Intelligence Andrew Bayers. Scattered Spider has emerged as a sophisticated threat actor whose advanced social engineering tactics blur the lines between common cybercrime and nation-state tradecraft. Their tendency to tackle specific verticals at a time – as they did in the […]

The essential guide to cyber incident response leadership and decision making

When 43% of UK businesses report experiencing a cyber breach or attack in just the past year, the question isn’t whether your organization will face a cyber incident—it’s how well you’ll respond when it happens.  This stark reality was at the center of a recent webinar hosted by Resilience, featuring insights from Scott Tenenbaum, Head […]