Dark Web Threats Against The Banking Sector

Initial Access Brokers, Insider Threats, and Supply Chain Attacks

Our report, Dark Web Threats Against The Banking Sector, uses our proprietary intelligence to demonstrate how banks are targeted by cyber criminals on the dark web and explains how banks can use this information to improve their cyber defense.

The purpose of this report is to further the understanding within the banking sector of exactly what kind of threats they face on the dark web, and provide guidance on exactly how this dark web intelligence can be used by a defending team to protect the organization from cyberattacks.

The major finding of our investigation was that organizations in the banking sector are being targeted by Initial Access Brokers on the dark web – criminals who sell entry points into the network onto other threat actors to exploit. We found evidence of malicious insiders – i.e. employees – sharing information on their organization or being recruited by cybercriminals. We also observed threat actors undertaking infrastructure reconnaissance and targeting financial services supply chains.


  • How cybercriminals use dark web sites such as XSS, Exploit, and BreachForum to target banks around the world.
  • What types of vulnerabilities Initial Access Brokers are commonly selling for banks on dark web forums.
  • How insider threats can be spotted by monitoring dark web forums and suspicious traffic to the network.
  • How cybercriminals undertake infrastructure reconnaissance to identify vulnerable supply chain targets.
  • How dark web intelligence can be used in security practices such as threat hunting, internal investigations, and gathering intelligence on specific cybercriminals.