A Real-World Look at How Cybercriminals Use the Dark Web to Target Banking Organizations

So, it's time to go to the bank again. As you wait in line, you look around and think about the security measures around you: big vaults, security cameras, and even bulletproof glass at the counter. On the surface, everything looks secure, but if a trained thief stood there instead of you, they would see all the faults in the bank's security, like dead spots in the security camera coverage, predictable shift changes, corruptible personnel, or old, penetrable locks.

The same goes for the online world. When you log in to your bank’s website, transfer money through 3rd party apps, or use your Google or Apple pay, hackers will always try to interfere and steal the personal data that flows between financial systems. They will shadow and mimic the ways people use technology and try to exploit them to their advantage.

In this blog, we will show you some of the holes that hackers see in a bank’s cybersecurity systems by giving you a glimpse into the Deep and Dark Web threat profile of an IntSights medium-sized bank client.

Bank Dark Web Profile

Hackers follow the money, so banks and their customers are always a target for hackers. An attacker’s eye will always search for the shortest way to make the biggest profit. As a cybersecurity professional, it’s important to understand how hackers view your organization so that you can identify weaknesses and take proactive measures to protect your company and your customers.

Here are our findings for one of our banking clients (which for obvious reasons, we will keep anonymous) over the course of the last year:

1. Credit Cards

Hackers love credit card information. They obtain it through both virtual and physical vulnerabilities, like point of sale malware, exposed databases, phishing and spear phishing attacks, ATM skimmers, and even corrupted individuals (aka “insiders”). Some of the information is for the hacker’s own use, but most of it ends up in black markets that offer it for sale – per card, or in bulk purchases. High-end Platinum cards cost more, while small debt cards can cost a single dollar. This information is often used later in fraud schemes or to acquire different goods in the real world.

Our Real-World Findings

Over the last year, we identified 76 alerts of credit card leakages for this bank; with each alert containing hundreds of credit card numbers (Figure 1).

Some Black Market vendors have favorite bank lists because of the different security measures each bank takes, or because of the sheer size of the bank. Big banks have relatively strong security measures for their online systems, but their size is a disadvantage, as they can’t protect every branch and office with the same measures. Therefore, they are susceptible to fraud and impersonation. Small banks sometimes lack sufficient online security measures, but their size and personal relations with their customers make them less susceptible to fraud.


Figure 1: Credit Cards for Sale


Figure 2: Dark Web Vendor's Favorite Bank List
Click to See Expanded Full List

2. Bank Account Details

Apart from credit cards, hackers like to steal and trade bank account information. Account information contains the full data of the account, including full name, address, account number, account balance, login credentials, security questions, credit report, personal email used for login, etc. (see Figure 3). Other types of bank details are bank document templates to be used in fraud scenarios (see Figure 4). The full account details can be used in a multitude of different fraud scenarios, like tax fraud, credit card issuance, insurance claims, loan taking, and more.

Real-World Findings

We found over 45 instances of leaked bank account details, each instance containing hundreds of different leaked accounts. These bank account details can be used for fraudulent activities, like draining the account or using it for online gambling.


Figure 3: Bank Account Details Offered for Sale


Figure 4: Bank Document Templated Offered for Sale

3. Leaked Credentials of Bank Employees

Another great target for hackers are bank employees. Leaked employee credentials give hackers access to bank systems, which helps them access additional bank account data, or use that employee account as a staging ground for further phishing attacks on other bank employees. High-quality credentials, such as those of the IT staff or bank management, can sell for a steep price, and can generate revenue in dozens of ways to defraud bank customers, employees, and affiliates.

Real-World Findings

We uncovered 40 sources containing hundreds of leaked bank employee credentials. The sources were versatile, ranging from leaked hacked databases, black markets, and insider information. Some of the data was gathered through multiple sources, matching company email and usernames with other leaked data of those employees, which used identical passwords for both personal and business accounts (Figures 5 & 6).


Figures 5 & 6: Leaked Bank Employee Credentials


Because banks and financial institutions deal with money so closely, malicious actors see them and their customers as an endless resource for scams and profit making. This blog looks at just one out of thousands of banks, and we only showed the tip of the iceberg. There are many other ways hackers exploit banks and their clients to make money. In our day-to-day work, we see conversations, guides, and even business proposals between hackers regarding different bank fraud strategies and scams to make money out of the information they obtain. New ways are invented daily to exploit weak links, vulnerabilities and unaware users. Knowing how hackers plan attacks and view your organization can help you prevent fraud before it happens.

Want to learn more about how hackers use the Dark Web to plan and coordinate their attacks? Download our Dark Web 101 guide today.

Dark Web 101: What Every Security Professional Should Know

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.