Full Report
Community Feature - @Bank_SecurityCurated Intelligence member Bank_Security has recently shared an overview of the most commonly advertised information related to financial institutions on the Dark Web in 2021. The research focuses on what cyber criminals actually sell in various forums and chat groups regarding the financial sector and banks around the world.https://bank-security.medium.com/2021-dark-web-financial-cyber-threats-98e23f4d3a6eOne of the most interesting findings uncovered in this research uncovered is that cybercriminals in general are mainly focused on acquiring databases via the cyber underground than any other commodity. While items commonly associated with threats to financial institutions are desired - such as money laundering techniques, banking Trojans, and ATM exploits - databases are one of the best selling commodities on the cyber underground. As such, financial institutions should be highly aware of this threat and focus on protecting their databases.Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!
Analysis Summary
The provided article is a summary of findings from community member Bank\_Security regarding **2021 Dark Web Financial Cyber Threats**, focusing on what cybercriminals advertise and sell concerning the financial sector. It does not detail the activities of a single, named threat actor, but rather summarizes cybercriminal focus areas and commodities within the financial underground.
# Threat Actor: Cyber Criminals Targeting Financial Institutions (General Criminal Focus in 2021)
## Attribution & Identity
This summary covers the general activities of cybercriminals operating on the Dark Web targeting the financial sector ("cyber criminals in general"). No specific named actor or attribution (APT group) is provided for the tactics described in the 2021 overview.
## Activity Summary
The primary focus reported from Dark Web forums and chat groups in 2021 concerning the financial sector revolved around the sale of **databases**. While items traditionally associated with bank attacks (like Trojans and exploits) were desired, databases were noted as the best-selling commodity. Specific historical campaigns focused on financial institutions are not detailed, only trends in underground sales.
## Tactics, Techniques & Procedures
The article mentions the *types of commodities* being sold rather than the specific execution TTPs of an actor:
- Acquisition and sale of **databases** (implied compromise leading to sale).
- Sale of **money laundering techniques**.
- Sale of **banking Trojans**.
- Sale of **ATM exploits**.
- *Note: No specific MITRE ATT&CK IDs were available in the source text.*
## Targeting
- Sectors: **Financial Institutions and Banks** (worldwide).
- Geography: **Global** (implied, as the research concerns banks "around the world").
- Victims: Not specified; the focus is on compromised data being sold rather than named victim organizations.
## Tools & Infrastructure
- Malware families used: **Banking Trojans** (mentioned as a commodity for sale).
- Infrastructure (C2, domains, IPs): None specified.
## Implications
The primary implication is that cybercriminals are heavily prioritizing the acquisition and sale of **databases** related to financial entities, indicating that data theft and subsequent monetization (potentially via identity theft or espionage) is a more lucrative focus than direct exploitation tools in the observed underground markets for 2021.
## Mitigations
Financial institutions should focus heavily on **protecting their databases**, as these are highly sought-after and well-monetized commodities on the cyber underground.