The Top Dark Web Trends in 2022

The Top Dark Web Trends in 2022

2022 has been a wild and turbulent year in the cyber world. From the war between Russia and Ukraine that saw a spike in the number of cyberattacks launched against governments’ digital assets, to the ever-growing sophistication of hacking and ransomware groups. 

The emerging cybersecurity threats in 2022 included ransomware, supply chain vulnerabilities, like the infamous SolarWind attack, and phishing.

In our latest round of Dark Web Pulse articles, we cover some of the biggest trends and insights around these topics from the past year. We also expose the main threats we found on the deep and dark web that have the potential to damage infrastructure, organizations, and the stability of society in 2023. 

In this post, we sum up the dark web trends from the past year with links to the full articles for anyone who’d like to dive in. So let’s dive in.

The top ransomware trends on the dark web in 2022

Ransomware attacks have been on the rise across the world in the last few years. As we predicted in our report on the top dark web trends in 2021, this upward trend continued into most of 2022. 

Because the deep and dark web is often used by ransomware gangs to plan, communicate, and leak stolen information, we used our Cyber API, to track ransomware gangs and new ransomware trends this year and give a quick brief on what we expect to see in 2023.

The number of new ransomware platforms on the deep and dark web in 2022

The biggest trend our cyber analyst Hagar Margolin found was that ransomware has developed into a new, professional industry, with a market, stakeholders, and processes similar to other existing, legal industries. This evolution is something we have witnessed on the deep and dark web.

We see it in how ransomware groups look to maintain public channels, like any self-respecting brand, in order to gain recognition and reputation. Similarly to other brands, reputation plays an important role as it increases the chances the group will receive the ransom it demands from its victims. 

Like other organizations, ransomware groups now have different roles filled by different people; one is responsible for the development of the ransomware and for executing the attack. A different one is responsible for negotiations with the victims, while someone else acts as a representative in the various dark web forums, etc. With the need for these different roles, ransomware groups are constantly recruiting new people, using campaigns that would not embarrass a respectful HR team.

For examples of how we see this evolving industry on the dark web – and what it means about ransomware gangs in 2023 read the full Dark Web Pulse article. We also reveal there the top 5 most active ransomware groups in 2022, the top deep and dark web platforms they have used, and the most targeted industries.

The top data leak trends on the dark web in 2022

2022 was the year the threat of data breaches has become one of the most widespread and damaging cybersecurity threats in the world. Over the past year, we have seen major breaches targeting all industries – governments, hospitals, automotive, cellular, TV, social media, retail, and software.

The top industries most at risk of data breach
The data was gathered by using’s Cyber API

With the rise in the number of data breaches this year, we have taken a look at the dark web sources threat actors use to carry out breaches. Because these are the bread and butter of every hacker as they try to hack into any system.

In 2022 we have seen an increase in the number of deep and dark web sources for data theft and trade. The main sources of leaked data included RaidForums, one of the most popular sources for data breaches, which was shut down and replaced by a new hacking forum, BreachForums, within days. Other popular hacking forums for the trade of stolen data include XSS, as well as on Marketplaces such as Russian Market and Genesis, chat applications such as Telegram, and paste sites such as PasteBin.

We also witnessed how the disorganized jungle of data breach activity has undergone further standardization in hacking forums, chat applications, and paste sites, as more and more cyber threat actors request and provide data that fit into certain categories. 

To make both the search and the trade of stolen data more orderly and professional, hackers these days are expected to provide information to prove the value of the stolen data.

Some of the information they are required to provide include the name of the hacked domain or platform, the number of users that were breached, and a sample of the data to prove the value of the leak.
Read our full Dark Web Pulse piece to learn about the lifecycle of stolen data on the dark web, the top countries most targeted by data breaches in 2022, and how leaked data serves as a gateway to other data breaches.

The top illicit content trends on alternative social media in 2022

Although alternative social media is not part of the dark web, we include it in this end-of-year trends summary since it’s yet another valuable online resource when collecting intelligence critical to governments and organizations. 

The constant storm around mainstream media such as Twitter over the past year shows that the topic of free speech, and censorship on social media has remained at the top of the public agenda in 2022.  

One of the biggest changes we have seen this year though is a shift in the attention of organizations and governmental agencies which started monitoring unregulated social media platforms, also known as alternative social media, to track violent and extremist content.

This is a trend we could see coming since these spaces include various illicit content. The top type of illicit content we could find on these platforms in 2022 are extremist content, disinformation, and threats against brands and executives.

The types of illicit content on alternative social media

Another interesting trend, which will have implications when it comes to monitoring these platforms in 2023, is that some alternative platforms, which used to only cater to certain communities, have become more widespread and mainstream. Take for example Mastodon which is becoming popular and aims to replace Twitter.

We discuss in further detail the evolution of alternative social media, the illicit content it hosts, and the companies that can benefit from monitoring these platforms in our latest Dark Web Pulse article.

For more insights on these trends from our cyber analysts, watch the video on the top dark web trends for 2022:’s cyber analysts talk about the top dark web trends for 2022 on the latest Webz Insider

What’s next?

In the next year, we are going to face some new challenges. We expect cyber threats to increase in 2023, as cybercriminals continue to develop their methods and tools amid global unrest, wars, and recession. Cloud and data center vulnerabilities will become a top concern. With most attacks starting from viruses, e-mail attachments, and ready-made phishing pages, the need to monitor upcoming threats will only increase.

With the rise in new cyber threats across the globe, we anticipate that the need for timely and quality intelligence will increasingly become critical to the protection of brands, organizations, and public records. 

We at will continue to work with leading global monitoring enterprises and intelligence organizations to arm them with structured and enriched deep and dark web data, critical to preventing emerging threats.


Subscribe to our newsletter for more news and updates!

By submitting you agree to's Privacy Policy and further marketing communications.

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about’s solutions
Create your API account and get instant access to millions of web sources