Endpoint Log Statistics
2025-2026

 

The underground cybercrime economy is evolving fast with millions of endpoint logs listed on underground markets. Logs are underground slang for username, passwords, and occasionally cookies extracted from a victim endpoint with stealer malware. Threat actors can purchase these logs on the underground and use them to access confidential accounts and data and even to deploy further attacks, such as ransomware. Contact us for a detailed analysis tailored to your company—covering endpoint logs, stolen credentials, and strategies to protect your extended attack surface. Below, explore endpoint log statistics from 2025-2026, updated monthly.

Endpoint logs on underground markets 2025-2026

In Q2 2026, cyberattacks could grow more evasive, combining credential theft with techniques like MFA bypass and living-off-the-land to blend into normal activity. Endpoint logs remained essential for detecting these fast, low-noise attacks, while phishing and human error continued to drive initial access, highlighting the need for stronger behavioral detection and visibility.

Endpoint log victims by country

In the past 12 months, India led all countries with 310394 endpoint logs, or 13.1% of the total. Below are the top endpoint log victims per country.

Top 10 countries

More signal, less noise. Latest cyber threat headlines from Bitsight Pulse.

  • 2026-07-02 | Sale of Forti VPN access on underground forum
    An underground forum post is advertising the sale of access to Forti VPN 1200. The access is claimed to be valid and sourced from…
  • 2026-07-02 | Sale of Turkish FortiGate VPN access with Super Admin privileges
    A post on an underground forum is advertising the sale of access to a FortiGate VPN with Super Admin privileges in Turkey. The ac…
  • 2026-07-02 | Selling WordPress access with admin and shell capabilities
    The post is an offer to sell access to WordPress sites, including admin and shell access. The seller promises a list of domains f…
  • 2026-07-02 | Offering strategic intelligence services targeting global logistics and transportation infrastructure
    An underground forum post advertises services for persistent access and intelligence collection in global trade logistics and cri…
  • 2026-07-02 | High-value engagements targeting global logistics and transportation infrastructure offered
    The post offers high-value engagements targeting global trade logistics and critical transportation infrastructure. It highlights…

Bitsight Pulse consolidates the latest cybersecurity news, ransomware events and data breaches from hundreds of deep web, dark web, social and OSINT sources. Using Bitsight AI, Bitsight Pulse filters and personalizes these news events to your interests.

Free Benchmark Report

Free, customized cyber risk benchmark report

This custom report provides key takeaways regarding your company’s cybersecurity posture (likelihood of breach, industry benchmarks, and threat insights) using Bitsight data that has been independently verified to have the strongest correlation to the likelihood of a cyber incident.