Access to company networks is sold on the dark web, and the latest research indicates that it’s a growing business, with advertisements for this type of illegal access increasing by 69% in Q1 2020 compared with the Q4 2019.
When you read news articles about a ransomware attack against a major company, that incident was likely facilitated by hackers who broke into the network and sold that access further down the line to another criminal group.
Even if a group compromises the security of a network, it doesn’t necessarily mean it will attack the organization. Unfettered access might end up for sale on the dark web, where other criminal groups will purchase it. Making things even more complicated, some hackers will also charge a commission if the access they provide is used successfully.
Research from Positive Technologies shows that the number of postings on the dark web regarding access to corporate networks increased by 61% in Q1 2020 from the previous quarter. The term access has a broad meaning, and it could refer to credentials, exploits for vulnerabilities, software, and much more.
The researchers point out that, in Q4 2019, there were around 50 access points to networks for major companies, a number that hasn’t changed much since 2018.
“Only a year ago, criminals seemed to be more interested in trading in individual servers,” say the researchers. “Access to them was sold on the darkweb for as little as to $20. However, in the second half of 2019, we have seen an increasing interest in the purchase of access to local corporate networks.”
The landscape seems to have changed in 2020, with access to a network being much more expensive. Privileged access to a single local network costs around $5,000, and the commission for successful malicious campaigns goes up to 30%.
As for the most targeted countries, the US sees around a third of all cybersecurity incidents, followed by Italy and the UK (5.2% each), Brazil (4.4%), and Germany (3.1%.)
Not surprisingly, ransomware operators are prolific with this type of crime, and small and medium businesses are the most affected, because they usually undersize their cybersecurity budget.