Resources

This report examines cybercriminal activity that took place in the deep and dark web during 2021.

This report analyzes the incidents of financial fraud on the underground throughout the final six months of 2021.

This report analyzes the digital footprints left by threat actors on underground forums, uncovering the myriad factors that influence dark web activity.

This report analyzes the incidents of financial fraud on the underground throughout the first six months of 2021.

This report analyzes ToxicEye, a Remote Access Trojan (RAT) leveraging the Telegram messaging platform as a command-and-control infrastructure through which to target compromised devices for ransomware attacks.

Learn about the underground’s reaction to CVE announcements, the popularity of CVE scanning tools and the correlation between CVSS scoring and underground chatter.

Just how many Netflix & Disney+ accounts were distributed on the deep and dark web in 2020 through Q1 2021? Find out the trends in terms of numbers and top account-types.

This report uncovers the emerging trend of hardware spoofing tools (HWID) on the underground, aiding gamers evade anti-cheating software and guarantee a competitive edge in an industry with vast potential for monetary gain.

By accessing SMS messages, attackers can reset account passwords, bypass security and gain access to sensitive information. This report shines a light on the full menu of exploits and how to protect yourself from SMS hackers.

This threat report analyzes one of the most widely shared cracking tools on the deep and dark web: OpenBullet.

The 2021 SANS Cyber Threat Intelligence (CTI) Survey, sponsored by Cybersixgill, shows the impact of COVID-19 on cyber threat intel.

This report examines dark web activity that took place in the deep and dark web during 2020.

This report examines financial fraud activity that took place in the deep and dark web during the last six months of 2020 (H2 – 2020). During this period, 45,033,323 compromised cards were offered for sale in credit card markets monitored by Cybersixgill.

This threat report analyzes dark web discourse around the energy sector to understand the impact of dark web threats on cyberattacks targeting the industry.

This threat report analyzes five popular underground forums, from inception to the end of 2020, to help understand a dark web forum’s lifecycle and internal dynamics.

As eCommerce sees growth during the COVID-19 pandemic, the fraud phenomenon of refunding has similarly boomed. This report examines underground discourse of “refunding” trends, tactics and procedures (TTPs).

A new report from ESG explains why today’s threat intelligence teams struggle to keep up with the threats they face and how can Cybersixgill can help.

As the world races towards a coronavirus vaccine, the healthcare industry has remained a focal point for cybercriminals. This report investigates why the industry is frequently targeted, and why it remains vulnerable.

With the imminent US presidential elections gripping both American and global discourse, this report explores how Decision 2020 is playing out on the deep and dark
web.

This report highlights some of the most popular education topics among threat actors in the underground and recommendations that can help prevent cyberattacks.

This report examines the economic and the personal motivations that drive abuse of social media platforms on the dark web.

Though mentions of payment platforms were already on the rise, they spiked tremendously during lockdowns. This report focuses on trends and shows examples of how payment apps provide critical infrastructure in dark web financial crime.

We took a sample of 15,000 of Darkfeed’s IOCs and compared that sample with IOCs from more than 40 leading antivirus providers to see what portion of our IOCs were also identified by their systems.

Citing data and specific examples of underground conversations, our latest threat report illustrates why the risk of gaming-related fraud is so serious.

This report examines financial fraud activity that took place in the deep and dark web during the last six months of 2020 (H1 – 2020), with 45,130,117 compromised cards offered for sale in credit card markets monitored by Cybersixgill.

Download this report to learn how the danger posed by compromised RDP servers has changed recently in light of the coronavirus outbreak, as well as practical steps you can take to stay safe.

As employees working from home implement a variety of connected devices, the potential attack surface becomes larger, with more endpoints attempting to reach company networks.

To learn how Cybersixgill’s investigative portal leverages the dark web to give you the insights you need to protect your business’ critical assets, download this whitepaper by information security expert David Strom.

The forums of the gaming hacks and Twitch exploits analyzed in this report contain hundreds of thousands of posts referencing carding/fraud techniques and credit card data for sale.

Narrowing in on the dark web drug economy reveals a microcosm of how illicit economies adapt to such crises, showcasing the unique rule of the internet in providing flexibility and resilience to illicit activities.

Multiple news sources have noted that the stimulus checks and the forgivable loans made under the Paycheck Protection Program (PPP) from the U.S. government were attractive targets for a myriad of fraud schemes.

With millions of people now working from home, the use of video conferencing apps such as Zoom has skyrocketed, creating an opening for hackers to take advantage of the many new users unfamiliar with the technology.

While the majority of discourse surrounding COVID-19 is informational, there is a troubling rise in malicious intent, as threat actors seek to monetize this crisis through a variety of illegal methods.

We noted interesting patterns of discourse in secure messaging apps, such as Telegram, QQ, and Discord, as well as a spike in discourse on deep and dark web forums surrounding COVID-19.

During the last six months of 2019 (H2-2019), 76,230,127 compromised cards were offered for sale by threat actors in illegal credit card markets monitored by Cybersixgill, compared to 23,319,709 cards offered in H1-2019.

As the holiday shopping frenzy officially begins, many consumers will turn to e-commerce stores to make their purchases, giving threat actors an opportunity to capitalize on this increased spending for their own gain.

SIM swapping is a form of identity theft through social engineering, allowing the attacker to take control of any account that uses an SMS/call to authenticate login or rest passwords.

Sixgill has identified many autoclickers distributed on the underground, including some that employ sophisticated methods to mimic human actions and bypass antivirus software.

Credit card sniffers are relatively few lines of malicious code that are injected into payment pages of e-commerce sites and are very difficult to detect, causing e-commerce clients to unknowingly be victimized.

In the first six months of 2019, 23,319,701 compromised credit cards were offered for sale in the underground deep and dark web stolen credit card markets monitored by Cybersixgill.

CVEs (Common Vulnerabilities and Exposures) are lists of publicly available vulnerabilities and exposures related to software and hardware.

Cybercriminals dedicated to the practice of carding have proven their resiliency over the years, developing new techniques to successfully circumvent the continuously evolving anti-fraud measures deployed by financing and retail industries.

With more than 125 million players and revenues of over 300 million dollars every month, “Fortnite” has rocketed to the top of the online gaming industry, resulting in a thriving criminal eco-system around the game.