What can the dark web teach businesses about cybersecurity?

Dark web marketplaces are the center of activity for cybercriminals looking to trade hacking tools and services, stolen credentials and personal information. Hackers operating as ‘vendors’ on these sites profit from selling anything from malicious software and phishing kits to compromised passwords and credit card details.  

Unchecked trade as well as technological advancements, such as artificial intelligence (AI), are driving wider use of ransomware and malware-as-a-service (MaaS), democratizing these cyber attack methods for even the most unsophisticated cybercriminal to use. Because of this, the need for organizations to strengthen cybersecurity and protect digital identities has never been greater. Organizations must pay close attention to the tools and tactics cybercriminals trade on the dark web to address vulnerabilities putting them at risk of a cyber attack.  

Understanding what is most valuable for bad actors is also important. Last year, half of UK businesses experienced a cyber attack or data breach. Of them, the most common attack type was phishing (84%), with viruses or other malware accounting for only 17% of attacks.

The primary purpose of phishing is to steal credentials or sensitive information, and if businesses gain a better understanding of what cybercriminals are after, they can learn how cyber defenses should be focused. With the threat of cyber attacks unavoidable, now is the time to refer to the hacker’s playbook to beat them at their own game. 

The impact of entrepreneurial hackers 

In recent years, we have seen the serious damage MaaS attacks can cause. For example, the Snowflake data theft and extortion used infostealer malware as well as purchased credentials in the attack, leaving up to 165 businesses compromised.

The data stolen from such attacks is a valuable commodity on dark web marketplaces, with more highly developed hackers making sensitive information available to anyone using dark web marketplaces. Last year’s attack on NHS provider, Synnovis, is another example of this kind of work as the ransomware gang that carried out the attack (Qilin) published 400GB of private healthcare data online. 

These instances reveal how hackers are becoming more sophisticated in the attacks they carry out but also entrepreneurial in the tools they make available on the dark web. Evolving technologies like AI are also accelerating the democratization of cyber attacks, giving novice and less experienced cybercriminals the opportunities they need to carry out a serious breach.

The ease in which threat actors can gain access to readily available MaaS, including adware, keyloggers, spyware, worms and Trojan horses highlights the need for businesses to reevaluate cyber defenses to combat the ever-growing volume and complexity of attacks.  

How can businesses get ahead? 

As attacks and the technology behind them evolve, so too must cyber defenses.  Businesses must act now to get one step ahead of defending customer and employee digital identities, sensitive data and personal and financial information. To do this successfully, they must stay informed of the strategies hackers are exploiting and understand exactly what data is most valuable for cybercriminals.

AI has supercharged cyber attacks beyond organizations’ abilities to keep up with them using existing tools and techniques. The World Economic Forum’s Global Cybersecurity Outlook report for 2025 found a 223% increase in deepfake-related tools being traded on the dark web alone. 

Proactive defense measures, such as behavioral analytics and AI-driven threat detection, should be widely implemented to prevent AI-driven cyber attacks from succeeding. Organizations must start using the very technologies cybercriminals use to successfully prevent attacks. 

Importantly, with personally identifiable information (PII), financial information and passwords or login credentials topping the list of the most valuable data cybercriminals sell on the dark web, focusing cybersecurity efforts on protecting this information is critical.

Password-related security is one factor where its importance is often overlooked. Alternative authentication methods, such as multi-factor authentication (MFA), token authentication and biometric identification can easily be implemented to defend against attacks carried out by sophisticated hackers and less skillful cybercriminals using MaaS alike. Decentralizing identity is also an under-utilized defense strategy which can make it more difficult for cybercriminals. 

Use the dark web to your advantage

Businesses must rethink their approach to cyber defenses if they are to get ahead. By staying informed of hacking tools and techniques on dark web marketplaces and focusing resources into defenses protecting the most valuable aspects of data, organizations can better secure digital identities.

Protecting significant vulnerabilities, such as passwords, which are knowingly exploited, is of ever-growing importance as hackers continue to go to great lengths to steal what is most valuable on dark web marketplaces – data.

We’ve featured the best privacy tool and anonymous browser.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro