Searchlight Cyber Alerts The Banking Sector to Dark Web Threats

New threat intelligence report demonstrates how cybercriminals persistently target financial institutions

Washington DC, US & Portsmouth, UK – July 19, 2023

Searchlight Cyber, the dark web intelligence company, has released its new report, Dark Web Threats Against the Banking Sector, which outlines the tactics of cybercriminal reconnaissance against banking institutions. The report highlights the most prominent threats visible on the dark web – including Initial Access Broker posts on dark web forums, insider threats, and supply chain attacks – and explains how banks can use this intelligence to improve their cyber defense.

The research found that:

  • Initial Access Broker posts are the most commonly observed activity on the dark web.
    The report explains how threat actors sell vulnerabilities such as remote network access, web shells, remote code execution, and SQL injection on dark web forums for other cybercriminals – including ransomware operators – to exploit.
  • “Insider threats” pose a challenge for banks.
    Searchlight analysts observed cases of employees proactively advertising their ability to undermine the security of their organization, as well as cybercriminals trying to recruit employees at banks.
  • Reconnaissance against banks’ supply chains can be observed on the dark web.
    With criminals identifying the banks that can be impacted in posts targeting their suppliers.

The research includes posts from cybercriminals on dark web sites such as XSS, Exploit, and BreachForums targeting banks around the world, with examples from the United States, UK, France, Spain, South America, and Asia.

The report also explains how this type of dark web intelligence can be used by banks in security practices such as threat hunting, internal investigations, and gathering intelligence on the tactics of specific cybercriminals.

Commenting on the findings, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber said:

“While a lot of the cybercriminal activity described in this report sounds alarming, the point of this research is not to scare banks. In fact, it is to demonstrate the opportunity that the dark web provides to identify threats earlier. Banks are always going to be a target for threat actors, but monitoring the dark web allows them a chance to spot criminal activity in the “pre-attack” or planning stage and gives security teams valuable time to adjust their defenses.

“For example, we have observed threat actors that are known to be associated with ransomware groups interacting with some of the Initial Access Broker posts in this report. Knowledge is power, and identifying vulnerabilities being sold before the ransomware operator is able to successfully breach their organization would be a huge win for defenders. These are the proactive defense opportunities that dark web intelligence provides.”

Click here to read the full report.


about searchlight cyber

Searchlight Cyber provides organizations with relevant and actionable dark web intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks. To find out more visit or follow Searchlight Cyber on LinkedIn and Twitter.