CryptocurrencyCyber SafetyPress ReleaseThreat Detection & Defense

2024 Dark Web Market Trends: Review and Projections

Last year, Kaspersky experts witnessed a significant uptick in stealers and extortion activities on the dark web market. Looking ahead, the company also anticipates new challenges, including a heightened presence of crypto-drainer services, increased promotion of fraudulent websites through search advertising, and a rise in malicious ‘loaders’.

In the latest Kaspersky Security Bulletin (KSB), experts from the Global Research and Analysis Team and Kaspersky Digital Footprint Intelligence have compiled a comprehensive review of the past year and provided insights into emerging trends in the shadowy dark web market – a central hub for illicit services within the cybercriminal community.

2023 Highlights:

  • Ransomware Blog Posts Saw A Surge
    Ransomware actors typically create blogs for blackmailing companies, revealing new successful hacks of businesses or as a place to post stolen data. In 2022, there were around 386 monthly blog posts on public platforms and the dark web. In 2023, the average surged to 476, peaking in November (634 posts).


The number of posts in ransomware blogs, 2023. Source: 
Kaspersky Digital Footprint Intelligence

  • Personal and Corporate Credentials Faced an Escalating Risk of Leakage
    The dark web market saw a rise in posts related to stealer malware, designed to pilfer sensitive information such as login credentials, financial details, and personal data. Cybercriminals sell this data to other malicious actors for identity theft, financial fraud, or other illicit activities.Notably, posts offering Redline stealer logs, a popular malware family, tripled from an average of 370 per month in 2022 to 1,200 in 2023. Overall, the volume of various malware log files, containing compromised user data and freely posted on the dark web, rose by almost 30% in 2023, compared to the previous year.As Kaspersky looks ahead to 2024, several trends are expected to shape the landscape of the dark web market:
  • Scammers Will Increasingly Turn to Search Engine Advertising to Promote Websites Embedded with Malware
    Previously reliant on phishing emails, cybercriminals now employ Google and Bing ads to ensure their landing pages – embedded with malware – receive top positions in search results. Black traffic dealers are likely to escalate their sales activities in the underground market, and Kaspersky expects a continued rise in these deceptive practices.
  • Growing Demand for Crypto-Drainer Services
    Crypto drainers, a category of malicious software engineered for the swift and automated withdrawal of funds from legitimate crypto wallets to malicious actors’ wallets, are gaining momentum among crypto scammers. Kaspersky forecasts a rise in demand for this kind of crypto-stealing malware, resulting in an increased prevalence of advertisements promoting its development and sale in the underground market. The sustained interest in cryptocurrencies, NFTs, and related digital assets is expected to fuel the proliferation of these drainers.

Apart from that, experts anticipate the following tendencies:

  • The number of services providing AV evasion for malware (crypt) will increase
  • “Loader” malware services will continue to evolve
  • Bitcoin mixers and cleaning services will continue to evolve and exhibit dynamic market changes

“Cybersecurity demands a proactive stance. Monitoring dark web market activities and trends is akin to peering into the enemy’s playbook, allowing early threat detection, understanding adversary tactics, and ensuring you’re several steps ahead in terms of cyber defences. It’s not just about protection; it’s about mastering the evolving threat landscape to fortify against tomorrow’s risks and ensure the resilience of corporate security,” says Sergey Lozhkin, Principal Security Researcher, Global Research and Analysis Team (GReAT) at Kaspersky.

The dark web market predictions and reviews are part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world. Follow this link to learn more.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *