There is a flood of interest in accessing corporate networks on the dark web, consistent with Positive Technologies.
In Q1 2020, the number of postings advertising access to those networks increased by 69 percent compared to the previous quarter. this might pose a big risk to the corporate infrastructure, especially now that a lot of employees are working remotely.
“Access for sale” on the dark web may be a generic term, about software, exploits, credentials, or anything that permits illicitly controlling one or more remote computers.
In Q4 2019, over 50 access points to the networks of major companies from everywhere the planet were publicly available purchasable – an equivalent number as during all of 2018. In Q1 2020, this number rose to 80.
Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58 percent of those offers).
Criminals targeting major companies
Only a year ago, criminals appeared to be more curious about trading in individual servers. Access to them was sold on the dark web for as little as $20. However, within the last half of 2019, there has been an increasing interest within the purchase of access to local corporate networks.
Prices have also skyrocketed: we’ve seen hackers offer a commission of up to 30 percent of the potential take advantage of a hack of a company’s infrastructure – with annual income exceeding $500 million. the typical cost of privileged access to one local network is within the range of $5,000.
Some major companies become the victims of those crimes, with annual incomes running into the many millions or maybe billions of dollars. In terms of location, hackers’ primary target is U.S. companies (more than a 3rd of the total), followed by Italy and therefore the UK (5.2 percent each), Brazil (4.4 percent), and Germany (3.1 percent).
In the U.S., criminals predominately sell access to professional services companies (20 percent), industrial companies (18 percent), and government institutions (14 percent). In Italy, industrial companies lead (25 percent), followed by professional services (17 percent).
In the UK, science and academic organizations account for 25 percent and finance for 17 percent. In Germany, IT and professional services each account for 29 percent of access points purchasable.
Network access sold to other dark web criminals
In most cases, access to those networks is sold to other dark web criminals. They either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts within the victim’s infrastructure with malware. Ransomware operators were among the primary to use this scheme.
Positive Technologies senior analyst Vadim Solovyov said: “Large companies stand to become a source of easy money for low-skilled hackers. Now that numerous employees are performing from home, hackers will search for any and every one security lapses on the network perimeter. The larger the hacked company is, and therefore the higher the obtained privileges, the more profitable the attack becomes.
“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. confirm that each one service on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time.
“Regular retrospective analysis of security events allows teams to get previously undetected attacks and address threats before criminals can steal data or disrupt business processes”.