sb-au logo
Story image

Dark web packed with offers to hack corporate networks

There is a flood of interest in accessing corporate networks on the dark web, according to new research from Positive Technologies.

The company analysed illegal marketplaces on the dark web and found the number of postings advertising access to these networks increased by 69% in the first quarter of 2020, compared to the previous quarter. 

Positive Technologies says this may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. 

"Access for sale" on the dark web is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

In Q4 2019, more than 50 access points to the networks of major companies from all over the world were publicly available for sale -- the same number as during all of 2018. In Q1 2020, this number rose to 80. Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58% of these offers).

According to Positive Technologies, only a year ago, criminals seemed to be more interested in trading in individual servers. Access to them was sold on the dark web for as little as to $20. However, in the second half of 2019, Positive Technologies has seen an increasing interest in the purchase of access to local corporate networks. Prices have also skyrocketed: the company says it has seen hackers offer a commission of up to 30% of the potential profit from a hack of a company’s infrastructure - with annual income exceeding $500 million. The average cost of privileged access to a single local network is in the range of $5,000.

The research found that some major companies have become the victims of these crimes, with annual incomes running into the hundreds of millions or even billions of dollars. In terms of location, hackers’ primary target is U.S. companies (more than a third of the total), followed by Italy and the United Kingdom (5.2% each), Brazil (4.4%), and Germany (3.1%). 

In the U.S., criminals predominately sell access to professional services companies (20%), industrial companies (18%), and government institutions (14%). In Italy, industrial companies lead (25%), followed by professional services (17%). In the United Kingdom, science and educational organisations account for 25%, and finance for 17%. In Germany, IT and professional services each account for 29% of access points for sale.

In most cases, access to these networks is sold to other dark web criminals. They either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts in the victim's infrastructure with malware. Ransomware operators were among the first to use this scheme.

“Large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter," says Positive Technologies senior analyst Vadim Solovyov.

"The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes," he says.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. 

"Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”

Download image
The juggling act: Managing dynamic workforces and the risk that goes with them
Mitigate and continuously manage dynamic workforce risks, and continuously improve and maintain the maturity of your dynamic workforce risk program.More
Story image
Four tips for organisations to help future-proof their OT security strategy
IT and OT networks are founded on different and often conflicting priorities, making IT-OT security challenging for businesses. Only when the needs of both environments are thoroughly understood can digital convergence be successful.More
Link image
Revealed: The A-Z of mobile workforce security
Ordinary office workers - now home office workers - have never been more at risk of cyber threats. Join this webcast series to hear from experts on how to best protect your business and your staff.More
Link image
Protect yourself from the perfect storm of cyber threats
COVID-19 has created an opportunity like no other for cyber attackers. With anxieties high and workforces at home, risk profiles are rising everywhere. Here's how one business can help protect yours. More
Download image
How rapidly evolving workforces can bring risk - and how to take it on
The times they are a-changing. Workforces, becoming more diverse, are changing too. Here's how this could be risky for businesses, and what actions could be taken to minimise that risk.More
Link image
Phishing has never been more lucrative. Here's how to avoid it
Risk of a serious phishing breach has reached an all-time high as workforces stay at home. Find out how to mitigate the risk to your business. More