Threats targeting the banking industry were analyzed in a recent report by Searchlight Cyber. The report highlights the most prominent threats visible on the dark web including posts on dark web forums, insider threats and supply chain attacks.

The research found that initial access broker posts are the most commonly observed activity on the dark web. According to the report, threat actors sell vulnerabilities such as remote network access, web shells, remote code execution and SQL injection on dark web forums for other cybercriminals to exploit.

“Insider threats” pose a challenge for banks. Analysts observed cases of employees proactively advertising their ability to undermine the security of their organization, as well as cybercriminals trying to recruit employees at banks.

Reconnaissance against banks’ supply chains can be observed on the dark web, with criminals identifying the banks that can be impacted in posts targeting their suppliers. The report also explains how this type of dark web intelligence can be used by banks in security practices such as threat hunting, internal investigations and gathering intelligence on the tactics of specific cybercriminals.

Click here to download the full report.