- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 3 2 Traditional Cybercrime Underground The World Wide Web consists of several layers. Although it only makes up about 0.03% of the internet, the surface web is the most familiar and accessible part of the internet, hosting public-facing, searchable websites. Behind it lies the Deep and the Dark Web. 1 The Deep Web includes both public and privately protected file collections that are not connected to other areas of the web, internal networks for enterprises, governments, and educational facilities used to communicate within their organizations, as well email and social messaging accounts. 2 The Dark Web is a part of the Deep Web that cannot be accessed using conventional search engines. It includes networks, web properties, content and data that can be used for both legitimate and illicit purposes. 3 Three of the main underground platforms which often operate on the Dark Web, are forums, marketplaces, and data leaks websites. All three have undergone significant changes over the past two years. In general, both forums and marketplaces allow cybercriminals to sell illicit products, such as malware and hacking tools, and offer cybercrime related services such as tailor-made DDoS attacks, hacking-as-a-service and breached databases. While marketplaces are often dedicated to specific types of illegal products, such as login credentials, breached databases, credit cards, and web shells, among others, the forums feature vast communication capabilities, offering various chatrooms that allow cybercriminals to share information. In addition to these two platforms, data leak websites are used by ransomware gangs as leverage against their victims, threatening to release sensitive information and coerce organizations to pay ransom demands. 2.1 Underground Forums Hackers use message boards on underground forums to post messages related to hacking tools and techniques, malicious source codes, and more. The vendors and underground forums on which they operate take advantage of encryption and anonymity provided by the Dark Web to hide their illicit activities from authorities and law enforcement organizations. Cybercrime and hacking related underground forums often include anti-crawling measures that prevent automated, large-scale data collection. Besides the fact that these forums are based in the Dark Web, which makes them less accessible, they also often require registration and rely heavily on a reputation-scoring method. These features contribute to the sense of community on such forums, where threat actors often develop professional or even friendly relationships. Furthermore, in some cases these forums rely on credit collection, 1 https://www.zerofox.com/blog/blog-dark-web-forums-are-they-here-to-stay/ 2 https://www.kaspersky.com/resource-center/threats/deep-web 3 https://www.cybereason.com/blog/what-is-the-dark-web-ransomware-marketplace