Dark web monitoring has become widely popular in the industry, with dozens of vendors, large and small, offering to extract intelligence from cybercriminal circles. In such a crowded market (Dark Web monitoring specifically and cyber security in general), vendors need to stand out from the pack. To do so, any cyber security company must have an arsenal of marketing materials and tools. One such effective tool is the threat research report, which includes interesting industry insights based on the company’s expertise. This report is especially relevant for these Dark Web monitoring vendors, who have a direct view to the dealings and innovation that happen in the underground economy. After all, the Dark Web is inherently very interesting, so writing reports on what goes on there is a no brainer.
One of the most popular type of reports in this space is one that details the amount and prices of compromised credentials that are traded in the Dark Web. It’s no surprise that these reports are popular as they are easy to understand by everyone, therefore making them appealing to both professionals and mainstream media. As they are written for broad appeal and the media’s attention, in many cases these reports are summarized into one or two sentences – “there are X number of credentials sold in the Dark Web right now”, or “you can get a stolen credit card for X dollars”. These reports do often include a “shopping list” of Dark Web prices for various types of credentials and many do delve deeper into the details of these findings, often speculating as to why certain things cost as much as they do. However, the reality of the Dark Web is usually much more complex, to the point that quoting credentials volume and price is usually meaningless. Some reports do a better job than others touching on these complexities, but the fact remains that normally only the numbers in the reports – the volumes and prices – are the focus and what only gets quoted, with the full intent of those who wrote the report. But as noted, these numbers are usually meaningless. Here is why, and why you should always take them with a pinch of salt.
Read more at CyberSecurity Magazine