SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Dark web packed with offers to hack corporate networks
Thu, 21st May 2020
FYI, this story is more than a year old

There is a flood of interest in accessing corporate networks on the dark web, according to new research from Positive Technologies.

The company analysed illegal marketplaces on the dark web and found the number of postings advertising access to these networks increased by 69% in the first quarter of 2020, compared to the previous quarter.

Positive Technologies says this may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely.

"Access for sale" on the dark web is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

In Q4 2019, more than 50 access points to the networks of major companies from all over the world were publicly available for sale -- the same number as during all of 2018. In Q1 2020, this number rose to 80. Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58% of these offers).

According to Positive Technologies, only a year ago, criminals seemed to be more interested in trading in individual servers. Access to them was sold on the dark web for as little as to $20. However, in the second half of 2019, Positive Technologies has seen an increasing interest in the purchase of access to local corporate networks. Prices have also skyrocketed: the company says it has seen hackers offer a commission of up to 30% of the potential profit from a hack of a company's infrastructure - with annual income exceeding $500 million. The average cost of privileged access to a single local network is in the range of $5,000.

The research found that some major companies have become the victims of these crimes, with annual incomes running into the hundreds of millions or even billions of dollars. In terms of location, hackers' primary target is U.S. companies (more than a third of the total), followed by Italy and the United Kingdom (5.2% each), Brazil (4.4%), and Germany (3.1%).

In the U.S., criminals predominately sell access to professional services companies (20%), industrial companies (18%), and government institutions (14%). In Italy, industrial companies lead (25%), followed by professional services (17%). In the United Kingdom, science and educational organisations account for 25%, and finance for 17%. In Germany, IT and professional services each account for 29% of access points for sale.

In most cases, access to these networks is sold to other dark web criminals. They either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts in the victim's infrastructure with malware. Ransomware operators were among the first to use this scheme.

“Large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter," says Positive Technologies senior analyst Vadim Solovyov.

"The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes," he says.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time.

"Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.