sb-eu logo
Story image

Dark web packed with offers to hack corporate networks

There is a flood of interest in accessing corporate networks on the dark web, according to new research from Positive Technologies.

The company analysed illegal marketplaces on the dark web and found the number of postings advertising access to these networks increased by 69% in the first quarter of 2020, compared to the previous quarter. 

Positive Technologies says this may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. 

"Access for sale" on the dark web is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

In Q4 2019, more than 50 access points to the networks of major companies from all over the world were publicly available for sale -- the same number as during all of 2018. In Q1 2020, this number rose to 80. Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58% of these offers).

According to Positive Technologies, only a year ago, criminals seemed to be more interested in trading in individual servers. Access to them was sold on the dark web for as little as to $20. However, in the second half of 2019, Positive Technologies has seen an increasing interest in the purchase of access to local corporate networks. Prices have also skyrocketed: the company says it has seen hackers offer a commission of up to 30% of the potential profit from a hack of a company’s infrastructure - with annual income exceeding $500 million. The average cost of privileged access to a single local network is in the range of $5,000.

The research found that some major companies have become the victims of these crimes, with annual incomes running into the hundreds of millions or even billions of dollars. In terms of location, hackers’ primary target is U.S. companies (more than a third of the total), followed by Italy and the United Kingdom (5.2% each), Brazil (4.4%), and Germany (3.1%). 

In the U.S., criminals predominately sell access to professional services companies (20%), industrial companies (18%), and government institutions (14%). In Italy, industrial companies lead (25%), followed by professional services (17%). In the United Kingdom, science and educational organisations account for 25%, and finance for 17%. In Germany, IT and professional services each account for 29% of access points for sale.

In most cases, access to these networks is sold to other dark web criminals. They either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts in the victim's infrastructure with malware. Ransomware operators were among the first to use this scheme.

“Large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter," says Positive Technologies senior analyst Vadim Solovyov.

"The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes," he says.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. 

"Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”

Story image
Reports suggest spike in vaccine-related phishing campaigns
According to new research from Check Point, the primary attack delivery method is email, constituting 82% of all attack vectors for malicious files in the last month.More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More
Story image
Fortinet unveils firewall offering for hyperscale & 5G environments
The company continues to push the boundaries of hardware-accelerated performance for security and networking convergence.More
Story image
Security teams face mounting stress, call for execs to step in
“With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritise alleviating the stress."More
Story image
CompTIA's new threat intelligence resource officially launches
The new resource is designed to help technology solution providers, managed services providers (MSPs) and other organisations searching for critical cybersecurity threat intelligence. More
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More