The Dark Market Parallel: A Rising Threat to Consumers and Businesses

By Bogdan Botezatu, Director of Threat Research and Reporting at Bitdefender

The sophistication of dark markets continues to be a growing threat in Southeast Asia. Whilst they have long been a space for illegal activity, in recent years, their role has evolved significantly, most notably bridging the gap between traditional illegal activities and cybercrime. Not only are dark markets allowing cybercriminals to buy and sell illegal goods, but they also now provide services that mirror reputable e-commerce sites. This provides an increasing challenge for consumers and businesses alike and highlights a need to be more vigilant in protecting personal and customer data.

Regional Cybercrime Trends

While cybercrime is a growing global issue, however across various regions in the world there are certain nuances.

For Singapore, the top two types of reported cybercrime in 2024 were e-commerce and phishing scams, where in both cases, stolen and traded personal data of Singaporean citizens is being sold on dark markets, posing a significant threat to the privacy of these individuals.

The Singapore Police Force Mid-Year Scams and Cybercrime Brief 2024 reported that by the first half of 2024, SGD $8.6 million was lost due to e-commerce scams and SGD $13.3 million lost to successful phishing attempts. On the e-commerce side, cybercriminals are using optimisation tools to ensure their fake websites appear at the top of search engines and imitate well-known consumer brands to lure consumers into sharing their card details. Meanwhile for phishing scams, individuals are tricked into revealing their personal data and sensitive information through emails, texts, or calls by the cybercriminals impersonating financial institutions or businesses.

Once stolen, dark web vendors sell credit card details for as little as US$10 whilst other cybercrime groups are selling credit cards with a verified balance for about 3% of the total amount of money available. This crime has become so widespread globally that in the first half of 2024 alone, over 269 million card records worldwide were posted on dark market platforms.

The Adyen Index: Retail Report 2024 highlighted that Singapore businesses have a high volume of online transactions, with 66% operating in online marketplaces, particularly industries such as consumer electronics (77%) and luxury fashion (70%). With a population embracing online shopping, the country also sees a large amount of ‘card testing’, whereby cybercriminals often test small transactions before making a larger one. This becomes especially hard to detect during holiday seasons where users are more likely to make frequent online purchases and therefore less likely to distinguish fraudulent transactions from legitimate ones. The Adyen Index: Retail Report 2024 also shared that Singapore saw 52% of businesses reporting a rise in fraudulent payment attempts, which increased to 60% during a peak shopping season last year.

For consumers and businesses, the increase in personal information and credit card details being stolen and sold on dark markets is profound and extremely impactful. When it comes to consumers, there is a looming risk of identity theft, account takeovers, and illicit transactions. For businesses, the rise in fraudulent payment attempts results in increased chargebacks and financial losses.

Dark Markets Replicating Legitimate E-Commerce Websites

As cybercrime has advanced, dark markets continue to become more sophisticated, morphing from their original form where they resembled the “Silk Road” model; small, centralised platforms focused on anonymity. Today, we see a decentralised, more visible model, relying on invite-only access or encrypted messaging platforms such as Telegram, because of pressure from law enforcement or researchers infiltrating them.

Nowadays, dark markets are mirroring legitimate online stores, by offering vendor ratings, customer reviews, and escrow services to ensure transactions are completely securely. In another likeness to regular e-commerce sites, cybercriminals run promotions, offer discounts, and reward loyal customers to incentivise repeat business, and the use of cryptocurrencies allows criminals and those using the sites to preserve their anonymity. In short, the dark web is an enabler for cybercrime, just as the internet is for legitimate businesses.

With consumers and businesses already impacted by the rise in the theft and sale of personal and payments details, this growing sophistication of dark markets presents a real threat for both categories.

Combating the Rising Threats

The continued takedown of dark markets is only possible if law enforcement agencies continue to work together with cybersecurity firms to disrupt these hidden networks. New markets will inevitably continue to arise, so targeting the cybercrime infrastructure is vital and that highlights the need for stronger regulation and cooperation from the financial sector.

For increasing digital protection, users should consider using multi-factor authentication (MFA), frequently monitoring their financial activity and one-time payment methods. Strong and unique passwords are critical and URLS, suspicious links or unsolicited emails, specifically requesting sensitive information, should be verified.

Businesses must take a proactive approach to securing customer data, starting with encryption of sensitive information in transit and at rest. AI-based fraud detection systems can analyse transaction patterns and flag suspicious activity before it results in financial loss. Tokenisation of payments further reduces the risk by replacing actual card details with unique tokens that are useless to cybercriminals.

To address the growing cybersecurity challenges, companies should integrate in their strategies multi-layered security measures including managed detection and response (MDR), extended detection and response (XDR), cloud security solutions and technologies that dynamically adjust security policies based on user behaviour and evolving threats to reduce the attack surface and mitigate risks before they escalate. Employee training on phishing tactics, social engineering, and secure handling of customer data is equally important, as human error remains one of the primary causes of data breaches.

Despite crackdowns, new markets emerge, requiring stronger regulations, financial sector cooperation, and targeting of cybercrime infrastructure. So, while regulators, the cybersecurity industry, and law enforcement agencies work together at the top, consumers and businesses must remain vigilant and proactively adopt robust cybersecurity measures.