US Now Top Target for Dark Web Cyberthreats

When it comes to threats from the dark web, the U.S. is a prime target.

A new report by threat intelligence company SOCRadar found that more than four out of five (82%) threats from the dark web aimed at North America targeted the United States over the last 12 months. “The high percentage in the United States suggests a larger digital footprint and more attractive targets,” the report noted.

The 26-page report also found that Uncle Sam is a popular target for ransomware extortionists, with 88% of those attacks aimed at U.S.-based organizations. “High-value businesses, extensive digital networks, and larger financial opportunities likely attract attackers to the U.S. market,” it reasoned.

While Canada (9.7%) and Mexico (1.8%) were targeted substantially less, the report warned, “All countries must stay vigilant and actively strengthen cybersecurity defenses against ransomware threats.”

Grant Leonard, field CISO for Lumifi Cyber, a managed detection and response services company in Scottsdale, Ariz., explained that the U.S. is a sophisticated, tech-savvy nation with many millions of users online, sharing and doing business in a way that makes them targets for criminals.

Companies in the U.S. may also be more willing to pay off ransomware artists than those in other countries. “The reality is there are many targets who have some form of insurance and are willing to pay money to continue to do business,” he told TechNewsWorld.

“Sadly, many U.S.-based organizations still pay ransoms,” added Damon Small, a board member of Xcape, a penetration testing, incident response, and managed IT services company in Los Angeles.

“The U.S. may soon follow other countries by introducing regulations prohibiting this and also requiring a more robust security infrastructure,” he told TechNewsWorld. “Ironically, we see some of this being driven by insurance companies requiring such infrastructure when underwriting cyber policies.”

Targeting Success

The U.S. has a robust financial infrastructure that also makes it attractive to cyber shakedown players. “Connectivity between crypto wallets and fiat currency makes it faster and more efficient for threat actors to monetize their efforts,” said Jason Hogg, executive chairman of Cypfer, a global cybersecurity firm specializing in incident response, ransomware recovery, digital forensics, and cyber risk management.

“This is exacerbated by two major factors,” he told TechNewsWorld. “First, the concentration of large and lucrative companies in the U.S. Second, the size and scale of the companies, from both an employee and consumer base, require large and complex infrastructures, resulting in greater entry or access points due to the advanced connectivity of mobile and digital interfaces to support their operation and commerce.”

“Further, the regulatory pressure and reputation risk exposure incentivize payment of ransom for faster resolution,” he added.

The greatest strength of the U.S. has become its Achilles’ heel in cyberspace, maintained John Wilson, a senior fellow for threat research at Fortra, a cybersecurity services company in Eden Prairie, Minn.

“The USA innovates faster, adopts quicker and scales bigger than anyone else — which is exactly why the USA is getting hammered by every hacker from around the world,” he told TechNewsWorld.

“Success in the digital age apparently comes with an ‘increased exposure surface’ sign attached,” he added.

HTTPS Deception

Another area of distinction for the U.S. is phishing. It has the highest share of phishing attacks at more than 61%. That contrasts with Canada, at around 38%, and Mexico, with a minuscule 0.41%.

SOCRadar’s researchers also found that a large portion of phishing sites use the HTTPS protocol (71.1%) compared to those using HTTP (28.9%). “This may seem surprising, as HTTPS is often linked with secure websites,” the report noted. “However, attackers now use HTTPS to trick users into thinking a site is safe. The padlock icon in browsers can give a false sense of trust.”

It added that users should not rely only on HTTPS to judge a website’s safety, and that businesses should educate staff and customers to look beyond the padlock and check for signs of phishing.

“In the U.S., phishing attacks are becoming increasingly more targeted, using highly tailored campaigns driven by social engineering and AI-enhanced data scraping,” said Darren Guccione, CEO of Keeper Security, a password management and online storage company in Chicago.

“Phishing-as-a-service platforms are driving this by offering fast deployment of campaigns, further lowering the barrier of entry for cybercriminals,” he told TechNewsWorld. “These cybercriminals are not only relying on stolen credentials but also on social manipulation to breach identity protections.”

“Deepfake videos are a specific concern in this area,” he continued, “as AI models make these attack methods faster, cheaper, and more substantial. As attackers grow more sophisticated, the need for more robust, dynamic identity verification methods — such as MFA and biometrics — will be imperative to defend against these increasingly nuanced threats.”

High Cost of Weak Data Protection

Cypfer’s Hogg maintained that as threat actors continue to implement and scale their own AI capabilities, attacks using social engineering will continue to accelerate the number of breach occurrences. “This emphasizes the need for individuals to be alert and careful with the information they put out in the public domain through social media and other publicly accessible platforms,” he said.

As long as U.S. companies consider cybersecurity to be a cost center rather than a necessary part of protecting their information assets, we will continue playing leapfrog with adversaries trying to steal those assets, added Xcape’s Small.

“Information has very real value and criminals know how to monetize their activities,” he said. According to the report, more than half (58.4%) of all threat activity involved the sale of stolen data, tools, or services. “Companies need to spend time understanding the value of their information assets so that they can prioritize which to protect and how much to spend protecting them,” Small advised.

“Traditional security approaches of updating defenses to combat general threat tactics, not just in North America, but around the world, are no longer sufficient to protect sensitive information and systems,” added John Watters, CEO and managing partner at iCounter, a cyber risk intelligence provider in Dallas.

“To effectively defend against AI-driven rapid developments in targeted attacks,” he told TechNewsWorld, “organizations need more than mere actionable intelligence — they need AI-powered analysis of attack innovations and insights into their own specific weaknesses that can be exploited by external parties.”

PULIDIKI Car Cleaning Gel Universal Detailing Kit

Make car cleaning effortless with the PULIDIKI Car Cleaning Gel Universal Detailing Kit, a simple yet effective solution for keeping your vehicle spotless. With over 89,741 ratings and an impressive 4.1-star average, it’s no wonder this kit is a highly rated Amazon Best Seller.

Loved by over 40,000 buyers in just the past month, it’s an unbeatable deal for only $6.99. Perfect for cleaning those hard-to-reach areas, this detailing gel is a must-have for car enthusiasts. Order now for just $6.99 at Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!