Dark Web User Numbers Spiked During #COVID19 Lockdown
The volume of dark web forum members is on the rise, with visitor numbers surging 44% during the first COVID-19 lockdowns last year, according to new data from Sixgill.
The cyber-intelligence firm analyzed five popular English and Russian language forums to better understand their popularity over time and who is responsible for most activity.
Collating data from the launch of each forum through to the end of 2020, Sixgill found that all five sites had grown their membership exponentially without impacting each other’s popularity.
Although some grew faster than others, and some months were more successful, the overall trend points towards a continued rise in the number of users visiting dark web sites, the firm concluded.
This matters, because as the population of the dark web increases, so does criminal activity, according to Sixgill security research lead, Dov Lerner.
More interesting still was the fact that user numbers soared into double-digits from January to spring 2020, before reverting to pre-COVID numbers.
“Prior Sixgill reports have noted a tremendous uptick in specific types of cybercrime on the underground during the COVID lockdowns. This includes gaming store accounts, compromised RDP credentials, money laundering services and narcotics. This research demonstrates that the number of participants in the cyber-underground spiked at the time as well,” explained Lerner.
“Why would coronavirus lockdowns lead to a massive increase in users of dark web forums? Some of these users were bored at home and decided to go exploring. Others may have been interested in turning to crime amid the economic shocks from the pandemic and the widely covered proliferation of cybercrime targeting remote workers, such as ransomware and phishing.”
The research also revealed that while user numbers are growing, only a small number seem to be responsible for the vast majority of posts. In fact, the top 20% of frequent posters generated 73% of posts.
This may be due to large numbers of inexperienced threat actors coming merely to observe but not participate in activity, or that experienced users are creating “burner” accounts to post from a new username each time, Lerner argued.