Here are a couple of connected articles about how easy it is for even inexperienced threat actors, let alone state sponsored ones, to access the raw materials they need to carry out cyber security attacks.
The Dark Web is a market like any other – well almost…
If you need some malware, ransomware-as-a-service (RaaS) or a coder with a low ethical threshold, then it will be there on the Dark Web, for a price. Cedric Pernet at Tech Republic had a look to see what was available, to save you looking and to give you an idea why cyber security threats always seem to be getting worse.
2022 Dark Web prices for cybercriminals services | TechRepublic
Credentials are key
The combination of your email address and a password is the gold standard for threat actors. They will always be on the look out for the organisation that has not implemented MFA in it’s Microsoft 365 environment or the user to lazy to have more than one password. Just how many password/user combinations are there available on the Dark Web? Brandon Vigliarolo at The Register says there are 24.6 BILLION. Now whether that is a US or UK billion that is still a lot!
24.6 billion pairs of credentials for sale on the dark web • The Register