April 12, 2023

Cybersixgill Releases Annual State of the Cybercrime Underground Report, Offering a Detailed Analysis of Malicious Dark Web Activity in 2022

Key Takeaways:

  • A new report from cyber threat intelligence (CTI) leader Cybersixgill analyzes intelligence collected by its threat research team in 2022 and reveals the trends and tactics on the cybercriminal underground.

  • Several factors have contributed to the continuous decline in credit card fraud over the past few years. However, the UK still sees an increase in illicit card activity year over year. 

  • The growing use of cryptocurrency is giving way to a rise in new forms of financial fraud.

  • Threat actors are flocking to encrypted messaging platforms like Telegram, Discord, and QQ to collaborate, communicate, and trade tools and services. These platforms have become an increasingly powerful hub for cybercrime.

  • Advancements in AI, Initial Access Brokers (IABs), and As-a-Service Offerings are lowering the barriers to entry into cybercrime, streamlining the weaponization and execution of ransomware attacks.


Tel Aviv, Israel – April 12, 2023 Cybersixgill, the global cyber threat intelligence data provider, announced today its newest report, State of the Cybercrime Underground, which analyzes the company’s collected intelligence from the clear, deep, and dark web in 2022. The report provides detailed insights into underground cybercriminal discourse and activity and compares it with trends and data from previous years, revealing the current state of threat actors’ tactics and targets.  


State of the Cybercrime Underground delves into several key topics, including:

  • Trends in credit card fraud

  • Cryptocurrency observations

  • AI developments and their impact on the barriers of entry to cybercrime

  • The evolution of initial access broker markets (IABs)

  • The rise of cybercriminal “as-a-service” activities  


“Each day, our threat research experts collect 10 million intelligence items from the cybercriminal underground, giving Cybersixgill a unique ability to track the pulse of the deep, dark web and monitor its changes over time,” said Delilah Schwartz, Security Strategist at Cybersixgill. “Cybercrime is rapidly evolving, with new opportunities and obstacles in the cyber threat landscape impacting threat actors’ tactics, tools, and procedures. In response, organizations can no longer rely on outdated technologies and manual processes to defend against increasingly sophisticated attacks. Proactive attack surface management informed by real-time CTI from the deep, dark, and clear web is now of paramount importance and will be a critical cyber defense weapon in the months and years to come.”


Key Findings

Credit Card Fraud on the Decline

Over the past few years, most of the world has experienced a near-collapse in credit card fraud. Yet the UK saw an increase in fraudulent card sales in 2022 and now has the highest number of compromised cards per capita globally. Still, financial fraud in other forms continues to run rampant as cybercriminals discover new opportunities for attack enabled by the growth in cryptocurrency.

Cryptocurrency a Cybercrime Tool and Target

Amidst the rising popularity of digital coins and tokens for legitimate purposes, cryptocurrency has also become a target of threat actors finding ways to conduct financial fraud through “crypto-jacking,” digital wallet takeovers, crypto-mining, and siphoning digital assets from crypto exchanges. 

Rising Use of Encrypted Messaging Platforms 

Growing numbers of cybercriminals use encrypted messaging platforms such as Telegram, Discord, and QQ to collaborate, communicate, and trade tools, stolen data, and services. More than an accessible medium for illicit communications, these messaging platforms offer automated functionalities that make them an ideal launchpad for cyber attacks.

A Lower Barrier to Entry into Cybercrime

Several factors combine to make cybercrime more accessible to less sophisticated cybercriminals. For example, the recently released AI technology ChatGPT enables threat actors to quickly write malicious code and perform other “pre-ransomware” preparatory activities. In addition, IABs are playing a significant role in the ransomware ecosystem and giving threat actors a beachhead from which they can deploy attacks, access confidential information, and assume control of logged-in financial accounts. Furthermore, the as-a-service business model has grown enormously popular in recent years, making it possible to commercialize cybercriminal expertise and scale operations. 

To learn about the above findings in greater detail, download Cybersixgill’s State of the Cybercrime Underground here


About Cybersixgill

Cybersixgill continuously collects and exposes the earliest possible indications of risk produced by threat actors moments after they surface on the clear, deep, and dark web. This data is processed, correlated, and enriched using automation to create profiles and patterns of threat actors and their peer networks, including the source and context of each threat. Cybersixgill’s extensive body of data can be consumed through a range of seamlessly integrated into your existing security stack, so you can pre-empt threats before they materialize into attacks. The company serves and partners with global enterprises, financial institutions, MSSPs, and government and law enforcement agencies. For more information, visit https://www.cybersixgill.com/ and follow us on Twitter and LinkedIn. To schedule a demo, please visit https://www.cybersixgill.com/dve-demo/.