Executives are the prime targets for cyberattacks. However, cybercrime is not the only threat lurking in the internet shadows for high-profile leaders. The dark web has become a hub for bad actors who are seeking to steal corporate leaders’ credentials for access to sensitive data and laying the groundwork for more sophisticated cyberattacks or even plotting assaults that threaten executives’ physical safety.
The majority of recently surveyed U.S. executives revealed that cybercriminals have targeted them. Security teams are shifting their perspective on executive safety. A study by GetApp found that 72% of surveyed US executives have been targeted by cybercriminals at least once. Additionally, 69% of employees who work in companies that experienced previous attacks targeting leaders claim that cyberattacks against executives have increased.
According to Vakaris Noreika, a cybersecurity expert at NordStellar, targeted cyberattacks, personally identifiable information leaks, and even the possibility of physical assaults are some dangers lurking for executives on the dark web.
Noreika observes that executive protection has become an even more relevant topic over the last few years. High-profile cases, such as the assassination of the UnitedHealthcare CEO Brian Thompson, have fuelled existing concerns over executive safety — both online and offline.
“Corporate leaders are prime targets for cybercriminals because their credentials and personally identifiable data can grant cybercriminals access to sensitive resources or deploy sophisticated social engineering attacks to maximize the damage and profits,” says Noreika in a statement provided to Digital Journal.
“The dark web is filled with bad actors — many financially motivated, others driven by political or ideological goals — making it a hub for threats against executives, from cyberattacks to physical assaults.”
Growing concerns from physical security teams
According to Noreika, targeted cyberattacks are the most significant cybersecurity risk lurking for executives on the dark web. If a bad actor successfully obtains corporate leaders’ credentials, personally identifiable information, or other sensitive details, the likelihood of them infiltrating a company’s network, using that data to carry out more devastating attacks, or locating the executive is very high.
“In the most common cases, hackers use stolen credentials to infiltrate a network,” Noreika clarifies. “However, they might also use personal information to launch phishing campaigns, tricking executives into downloading malware. They can also carry out business email compromise attacks, posing as corporate leaders to scam employees, partners, or vendors, or even use snippets of their voice for deepfakes. This enables them to steal company funds, fool third parties into payments, or leak sensitive data.”
Main cyber threats targeting executives
Noreika explains that dark web monitoring is essential to detect these threats before they escalate. However, it’s important to note that once information is leaked on the dark web, there’s not much security teams can do to make it disappear. Companies must have a proper executive threat prevention, preparedness, and response plan to maximize the mitigation of security risks.
He adds: “Strict access controls, multi-factor authentication, proper network segmentation, and a comprehensive cybersecurity strategy are necessary to ensure that cybercriminals cannot successfully infiltrate a network. Robust physical security measures must also be in place to minimize the risk of endangerment to physical security…The response plan should contain swift step-by-step actions encompassing threat containment, incident reporting, and coordination with law enforcement and security teams to mitigate risks and ensure executive safety.”
Noreika emphasises that cybersecurity training for corporate leaders should also be prioritized. Raising their cybersecurity awareness could significantly decrease the likelihood of their credentials or other personal data ending up in a data leak on the dark web.
