Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Protecting your organization from dark web threats

by Khalid Halloumi , Senior Intel Analyst
Published

It's not just AI changing the game

As a Senior Threat Analyst at Resilience, I’ve observed firsthand how the dark web’s evolving landscape poses growing risks to organizations’ data and reputation. Threat actors are increasingly utilizing advanced tools and AI to scale operations and increase attack efficiency, creating unprecedented challenges for business security. 

But what does that mean for you? Here are my insights into how business leaders can stay ahead of these emerging threats to maintain their security and trust.

Recent concerning dark web trends

One of the most alarming developments I’m tracking is the surge of “infostealers,” a kind of sophisticated malware often delivered through phishing campaigns or malicious downloads, that covertly extracts sensitive information from infected systems. Infostealers harvest everything from login credentials to financial data and personal information, and can be purchased under a subscription model, as in the LummaC2 infostealer which costs from $250 to $1000 monthly

What happens next is equally concerning: cybercriminals sell this data on underground markets, fueling a range of crimes from banking fraud to business email compromise (BEC). 

But it doesn’t stop there. Compromised employee credentials can become gateways into corporate environments, allowing attackers to steal intellectual property, access customer records, and launch devastating ransomware attacks or espionage campaigns. This two-pronged approach makes infostealers particularly dangerous: they’re not just stealing data, they’re creating multiple revenue streams for criminals.

What’s especially concerning to me is how threat actors are adapting their methods to stay ahead of law enforcement. They’re increasingly turning to platforms like Tor and Telegram private chat groups, making our job of tracking and countering their activities more challenging by the day.

I’m also particularly troubled by how they’re misusing AI language models like ChatGPT and Claude. These tools are being repurposed to automate phishing attacks, generate convincing fake content, and develop and refine malicious code. The result? More sophisticated, targeted attacks that are increasingly scalable, and thus, harder to detect and prevent.

Despite black market shutdowns by law enforcement, threat actors respawn new ones, and the dark web’s booming trade in stolen data remains a concern for any security professional given the long tail effects of a data break to you or one of your vendors or partners. While massive amounts of stolen information are available for purchase, verifying authenticity is difficult. This creates a significant problem for businesses trying to assess their actual exposure and risk levels.

How to protect your organization

From my experience, effective dark web monitoring is primordial, but it’s not as simple as it sounds. The landscape is fragmented and complex. You need more than just access; you need continuous data collection and monitoring across multiple networks to identify relevant threats, and oftentimes, threat actor engagement through the human element. The sheer volume of data that needs to be analyzed for organization mentions or leaked credentials requires sophisticated tools and expertise that many internal teams struggle to manage.

That’s why I often recommend organizations consider outsourcing their dark web monitoring to special vendors. These providers bring dedicated expertise, advanced tools, and constant surveillance capabilities. This approach not only ensures more effective threat detection, but also prevents the resource drain that often comes with managing this internally.

Essential security practices

Luckily, there are some key security measures that have proven essential with organizations across industries. These practices aren’t just theoretical, but are battle-tested strategies that make a real difference in protecting against dark web threats. Here’s what you need to know:

1. Be prepared: Staying ahead of dark web threats requires a comprehensive security approach. One thing I always emphasize: hackers often target indiscriminately. I’ve seen supposedly “secure” unconcerned organizations fall victim because they weren’t prepared. With malicious communities expanding rapidly and AI lowering barriers for less sophisticated actors, vigilance is more important than ever. I highly advocate for regular testing, simulation exercises, and strongly adhering to the concept of “least privilege”, where access is given at the minimal necessary level and only when needed.

2. Be proactive, not reactive: One of the biggest mistakes I see organizations make is waiting until their data appears on the dark web before taking action. By then, it’s too late. This is where cyber insurance becomes crucial, not just for recovery after an incident, but as an incentive for proactive risk management. At Resilience, we’ve developed solutions that go beyond traditional insurance coverage, combining financial protection with advanced tools and expertise to address today’s complex threats.

Managing dark web exposure in 2025 is undoubtedly challenging, but I’ve seen how organizations can effectively protect themselves by combining the right tools, expertise, and proactive mindset. The key is not waiting until it’s too late—the time to act is now.

About the Author
Khalid Halloumi , Senior Intel Analyst

Khaled H. is a Senior Cyber Threat Analyst with Resilience, a former Threat Analyst at Flashpoint and a former web application pentester, who has held roles within the United Nations Security Council and the Counter-Terrorism Office, working on sanctions and program management. He graduated from the Georgetown University School of Foreign Service with a masters in cybersecurity and policy, and holds a bachelors from Hunter college in International Affairs. Khalid is fluent in Arabic (+6 dialects), French, English, Spanish, with a basic command of Chinese Mandarin and Brazilian Portuguese.

You might also like

What is the ROC?

The cybersecurity industry thrives on headlines. A major software vulnerability, a ransomware attack, or a widespread outage—each event sends ripples of concern through the digital ecosystem, often accompanied by a rush to assign blame and predict catastrophic consequences.  However, the reality of cyber risk is far more nuanced than these attention-grabbing headlines suggest. The key […]

Quantifying cyber risk for strategic business alignment

In Resilience’s recent webinar, “Quantifying Cyber Risk for Strategic Business Alignment,” (which I hosted along with my colleagues Eric Woelfel, Senior Cybersecurity Engineer, and Erica Leise, Senior Security Engineer) we wanted to tackle a common—and often limiting—mindset in cybersecurity. It’s a mindset I’ve seen again and again in my decade and half building machine learning […]

Ransomware and third-party breaches are driving material cyber losses

Cyber risk isn’t just evolving—it’s accelerating. And for CISOs and CROs, this shift presents a critical challenge: how to make smarter business decisions that strengthen resilience and reduce material losses. As reported in our 2024 Mid-Year Cyber Risk Report, the past year saw a dramatic shift in how businesses experience and respond to cyber threats, […]

Understanding the Digital Operational Resilience Act (DORA)

The financial sector is facing an unprecedented convergence of cyber threats, regulatory pressure, and digital transformation. The European Union’s Digital Operational Resilience Act (DORA), which took full effect on January 17, 2025, is a defining moment for financial institutions. It requires firms to prepare for, withstand, and recover from cyber threats to ensure stability in […]

Why the OODA loop matters for cybersecurity

In 2004 as I prepared to board a flight to Tokyo, I strolled through a bookstore in ATL’s international concourse looking for something to occupy my mind during the 14 hour flight. Just as I was about to head to my gate empty-handed, I noticed a book that I had just read a review about […]

What DeepSeek means for cyber risk

The January 20 release of DeepSeek, an open source LLM developed by a Chinese research lab, rocked both the tech world and the financial markets. The product quickly demonstrated what appears to be exponentially better energy, cost efficiency, and similar performance capabilities when compared with American-made AI products like OpenAI. It also highlighted a number […]