Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Protecting your organization from dark web threats

by Sevan Sarkhoshian , Senior Technical Security Advisor
Published

It's not just AI changing the game

As a Senior Threat Analyst at Resilience, I’ve observed firsthand how the dark web’s evolving landscape poses growing risks to organizations’ data and reputation. Threat actors are increasingly utilizing advanced tools and AI to scale operations and increase attack efficiency, creating unprecedented challenges for business security. 

But what does that mean for you? Here are my insights into how business leaders can stay ahead of these emerging threats to maintain their security and trust.

Recent concerning dark web trends

One of the most alarming developments I’m tracking is the surge of “infostealers,” a kind of sophisticated malware often delivered through phishing campaigns or malicious downloads, that covertly extracts sensitive information from infected systems. Infostealers harvest everything from login credentials to financial data and personal information, and can be purchased under a subscription model, as in the LummaC2 infostealer which costs from $250 to $1000 monthly

What happens next is equally concerning: cybercriminals sell this data on underground markets, fueling a range of crimes from banking fraud to business email compromise (BEC). 

But it doesn’t stop there. Compromised employee credentials can become gateways into corporate environments, allowing attackers to steal intellectual property, access customer records, and launch devastating ransomware attacks or espionage campaigns. This two-pronged approach makes infostealers particularly dangerous: they’re not just stealing data, they’re creating multiple revenue streams for criminals.

What’s especially concerning to me is how threat actors are adapting their methods to stay ahead of law enforcement. They’re increasingly turning to platforms like Tor and Telegram private chat groups, making our job of tracking and countering their activities more challenging by the day.

I’m also particularly troubled by how they’re misusing AI language models like ChatGPT and Claude. These tools are being repurposed to automate phishing attacks, generate convincing fake content, and develop and refine malicious code. The result? More sophisticated, targeted attacks that are increasingly scalable, and thus, harder to detect and prevent.

Despite black market shutdowns by law enforcement, threat actors respawn new ones, and the dark web’s booming trade in stolen data remains a concern for any security professional given the long tail effects of a data break to you or one of your vendors or partners. While massive amounts of stolen information are available for purchase, verifying authenticity is difficult. This creates a significant problem for businesses trying to assess their actual exposure and risk levels.

How to protect your organization

From my experience, effective dark web monitoring is primordial, but it’s not as simple as it sounds. The landscape is fragmented and complex. You need more than just access; you need continuous data collection and monitoring across multiple networks to identify relevant threats, and oftentimes, threat actor engagement through the human element. The sheer volume of data that needs to be analyzed for organization mentions or leaked credentials requires sophisticated tools and expertise that many internal teams struggle to manage.

That’s why I often recommend organizations consider outsourcing their dark web monitoring to special vendors. These providers bring dedicated expertise, advanced tools, and constant surveillance capabilities. This approach not only ensures more effective threat detection, but also prevents the resource drain that often comes with managing this internally.

Essential security practices

Luckily, there are some key security measures that have proven essential with organizations across industries. These practices aren’t just theoretical, but are battle-tested strategies that make a real difference in protecting against dark web threats. Here’s what you need to know:

1. Be prepared: Staying ahead of dark web threats requires a comprehensive security approach. One thing I always emphasize: hackers often target indiscriminately. I’ve seen supposedly “secure” unconcerned organizations fall victim because they weren’t prepared. With malicious communities expanding rapidly and AI lowering barriers for less sophisticated actors, vigilance is more important than ever. I highly advocate for regular testing, simulation exercises, and strongly adhering to the concept of “least privilege”, where access is given at the minimal necessary level and only when needed.

2. Be proactive, not reactive: One of the biggest mistakes I see organizations make is waiting until their data appears on the dark web before taking action. By then, it’s too late. This is where cyber insurance becomes crucial, not just for recovery after an incident, but as an incentive for proactive risk management. At Resilience, we’ve developed solutions that go beyond traditional insurance coverage, combining financial protection with advanced tools and expertise to address today’s complex threats.

Managing dark web exposure in 2025 is undoubtedly challenging, but I’ve seen how organizations can effectively protect themselves by combining the right tools, expertise, and proactive mindset. The key is not waiting until it’s too late—the time to act is now.

About the Author
Sevan Sarkhoshian , Senior Technical Security Advisor

Sevan Sarkhoshian is a Senior Technical Security Advisor at Resilience with over 8 years of experience designing, implementing, and managing comprehensive cybersecurity and IT solutions across multifaceted environments. He excels at building robust cybersecurity programs that align with business goals, mitigate risks, and ensure regulatory compliance. Previously, Sevan spent 6 years in various roles, including Senior Security Engineer, Security and Systems Engineer, and IT Support Specialist. He holds a Bachelor’s degree in Finance from California State University, Northridge, and CISSP, CISM, CySA+, Security+, eJPT certifications.

You might also like

Scattered Spider strikes again in recent UK retail attacks

In the past two weeks, the UK retail industry has faced an unprecedented wave of sophisticated cyberattacks, exposing critical vulnerabilities across the sector. The high-profile breaches at Marks & Spencer, Harrods, and others have sent shockwaves through the industry, with M&S alone suffering an estimated £3.8 million in lost online sales per day and seeing […]

See what a cyber attack could really cost your enterprise

Data breaches cost U.S. businesses an average of $9.36 million per breach in 2024, yet many enterprises still struggle to quantify their specific cyber risk exposure in financial terms. How do you translate complex technical vulnerabilities into language that your CFO, board members, and other stakeholders can understand and act upon? We’re excited to announce […]

A decision scientist’s perspective on AI

As the Senior Director of Cyber Resilience at Resilience, I bring a somewhat unconventional perspective to the table. Unlike many in our industry who come from traditional cybersecurity or insurance backgrounds, my expertise lies in decision science. Throughout my career, I’ve been fascinated by one central question: How can we help people make good decisions […]

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]

How to create an effective Incident Response Plan

Cyberattacks are no longer a distant threat—they are a certainty. Whether it’s a ransomware attack, data breach, or insider threat, organizations must be prepared to respond quickly and effectively. Without a solid plan in place, even a minor security incident can spiral into a major crisis, leading to financial losses, reputational damage, and regulatory penalties. […]

Understanding the ClickFix attack

Imagine a cyberattack so simple yet so deceptive that all it takes is three keystrokes to compromise your system. This is the reality of the ClickFix attack, a threat that Resilience threat researchers have observed in the wild since 2024 and that seems to be ramping up in recent weeks. ClickFix cleverly manipulates users into […]