In 2024, cybercriminals have increasingly shifted their focus from personal data to targeting company credentials and trade secrets. According to Positive Technologies’ first study on data breaches in Russia, the Middle East, and globally, 16% of dark web listings involving stolen government data are linked to organizations in the Middle East. The study analyzed over 1,000 dark web listings and 700 public incident reports from the first half of 2024, revealing a significant rise in credential leaks and the theft of commercial secrets.
Credential leaks from organizations hit a record high of 21% in the first half of 2024, marking a 9% increase from the previous year. The theft of commercial secrets and restricted information also rose sharply to 24%, an increase of 10 percentage points compared to the same period in 2023. In contrast, incidents of personal data theft dropped to 37% in Q1 2024, further declining to 25% in Q2 2024, returning to levels seen in 2022.
The industrial sector (39%), government agencies (36%), and transportation companies (29%) were the most affected by leaks of commercial secrets and other restricted information in the first half of 2024. Notable victims included Hyundai Motor Europe and Volkswagen, with the latter losing critical documents on electric vehicle technology. IT companies also faced significant risks, with breaches involving internal processes and products accounting for 29% of incidents. In 2024, hackers reportedly accessed the source code of some Apple and AMD software, further highlighting the growing threat to major corporations.
Credential compromise is often a precursor to more severe actions, such as the theft of funds or system disruption. Ransomware was used in nearly a third of successful breaches involving data leaks. Dark web listings for government data prominently feature Middle Eastern countries, with 16% of ads related to this region. Asia leads with 33% of such listings, followed by Latin America and the Caribbean at 18%. These regions are frequently targeted by advanced persistent threat (APT) groups, which focus on the public sector.
Credentials are frequently sold on dark web forums, a significant revenue source for cybercriminals. In March, access to a prominent UAE Bank’s website was listed for $10,000. Dark web forums have seen a rise in listings offering access to dozens or even hundreds of companies per post, with prices ranging from $250 to $5,000. For instance, a UAE-based consumer electronics company with $6.5 million in revenue had its data valued at $400. In June, another listing offered credentials for over 400 companies, including access via Jira, GitHub, and GitLab, further demonstrating the scale of the issue.
Not all attackers aim to sell data; many demand ransom to avoid disclosing it, although not all victims comply. In the first half of 2024, government organizations were often targeted specifically to steal personal data. Most dark web ads are priced under $1,000, but the most expensive listings, involving major financial institutions, retail giants, and IT companies, exceed $10,000. In Q2 2024, EDR developer Cylance suffered a cyberattack, resulting in the sale of 34 million emails and an unspecified volume of customer and employee data for $750,000.
Positive Technologies analysts highlight that every second successful attack on organizations in H1 2024 led to the leakage of confidential data. The highest number of incidents occurred in government agencies, IT companies, and industrial companies. To prevent data leaks, a comprehensive approach is necessary, including tools to protect user devices, corporate networks, and the data itself. As corporate data infrastructures become more complex, a unified solution is essential to safeguard information, regardless of its complexity or location.