The hacker’s playbook: What the dark web can teach organisations about cybersecurity

The hacker’s playbook: What the dark web can teach organisations about cybersecurity Matt Berzinski, Senior Director at Ping Identity

The dark web is an ever-growing marketplace for cybercriminals to trade hacking tools, services, stolen data and other sensitive information obtained from successful cyber-attacks. Dark web ‘vendors’ are profiting from selling tools such as malicious software, phishing kits and email extractors, democratising their use for even the most unsophisticated cybercriminal to use.

As technological advancements, such as artificial intelligence (AI), drive wider use of ransomware and malware-as-a-service (MaaS), the need for organisations to increase cybersecurity measures and protect digital identities has never been greater. To address and mitigate the vulnerabilities leaving them exposed to cyber-attacks, organisations must adjust their mindsets to learn from the dark web and the tools and tactics cybercriminals employ.

Understanding what has the most value for attackers is also important. Last year, half of UK businessesexperienced a cyber-attack or some kind of breach, with the most common attack being phishing (84%), with viruses or other malware accounting for only 17% of attacks. With the primary purpose of phishing being to steal credentials or sensitive information, this knowledge can give businesses a better understanding of what cybercriminals are after, and where to prioritise cybersecurity efforts. As organisations continue to struggle to combat cyber-attacks, now is the time to refer to the same playbook hackers use to beat them at their own game.

A race to combat hacker sophistication

Hackers are becoming more sophisticated in the attacks they carry out and entrepreneurial in the tools they make available on the dark web. As well as this, evolving technologies like AI are accelerating the democratisation of cyber-attacks, giving novice and less experienced cybercriminals the opportunities they need to carry out a serious breach.

We have seen the serious damage MaaS attacks can cause in instances. For example, the Snowflake data theft and extortion used infostealer malware as well as purchased credentials and left up to 165 businesses compromised. The data stolen from such attacks is also a valuable commodity on dark web marketplaces, with more highly developed hackers making sensitive information available to the most novice cybercriminals. Last year’s attack on NHS provider Synnovis is another example of this kind of work in the wild, resulting in the ransomware gang which carried out the attack (Qilin) publishing 400GB of private healthcare data online.

The ease in which threat actors can gain access to readily available MaaS, including adware, keyloggers, spyware, worms, Trojan horses and more, is cause for concern, and organisations are in a race against time to combat the ever-growing volume and complexity of attacks. 

How do organisations get ahead in the race?

Organisations must act now if they are to get one step ahead of defending customer and employee digital identities, financial information and other sensitive data. To do this, they must stay informed of the strategies hackers are exploiting, and understand how valuable data is for cybercriminals. As attacks, and the technology behind them evolve, so too must cyber defences.

AI has supercharged cyber-attacks beyond organisations’ abilities to keep up with them, and the World Economic Forum’s Global Cybersecurity Outlook report for 2025 found a 223% increase in deepfake-related tools being traded on the dark web.

As organisations formulate plans to tackle this threat, understanding how hacking tools are being used and what data is most valuable for cybercriminals will become more critical. As bad actors continuously adopt new technologies and change their attack styles, proactive defence measures, such as behavioural analytics and AI-driven threat detection, should be widely implemented to outsmart cybercriminals before an attack is successfully completed.

Importantly, with phishing being the most common type of attack, personally identifiable information (PII), financial information and passwords or login credentials top the list of the most valuable data cybercriminals sell on the dark web. Alongside proactive measures, focusing cybersecurity efforts on these significant vulnerabilities is critical.

Password-related security is one factor where its importance is often overlooked. Alternative authentication methods, such as multi-factor authentication (MFA), token authentication and biometric identification can easily be implemented to defend against attacks carried out by sophisticated hackers and less skillful cybercriminals using MaaS alike. Decentralising identity is also an under-utilised defence strategy which can make it more difficult for cybercriminals to carry out an attack.

The dark web is here to stay – take advantage

Now is the time for organisations to rethink their approach to cyber defence. By keeping well informed of evolving hacking tools and techniques and focusing resources into defences protecting the most valuable aspects of data, businesses can better position themselves to secure digital identities. 

Protecting significant vulnerabilities, such as passwords, which are knowingly exploited to steal PII, financial details and credential information, is of ever-growing importance as hackers continue to go to great lengths to steal what is most valuable for cybercriminals on the dark web – data.

Matt Berzinski, Senior Director at Ping Identity

Matt Berzinski

Matt Berzinski is Senior Director at Ping Identity

Author

Scroll to Top

SUBSCRIBE

SUBSCRIBE