The Dark Web is an underground marketplace where criminals trade in all sorts of illegal or malicious items. One valuable product up for sale consists of information that can help hackers break into corporate networks. Comprised of malware and services, this type of information has seen an increase in Dark Web postings over the past couple of years. A report published Wednesday by enterprise security provider Positive Technologies illustrates the rise of “access for sale” exploits.
“Access for sale” on the Dark Web is a generic term that refers to software, exploits, credentials, or anything else that allows hackers to illicitly control one or more remote computers. Under this approach, criminals sell access to the networks of industrial companies, professional services companies, financial firms, scientific organizations, schools, and IT organizations. Such access allows attackers to directly target business networks or hire skilled “professionals” to hack into networks to infect machines with malware.
SEE: The Dark Web: A guide for business professionals (free PDF) (TechRepublic)
For the fourth quarter of 2019, Positive Technologies found that 50 access points to networks of major companies around the world were publicly up for sale on the Dark Web. That was the same number for all of 2018. For just the first quarter of 2020, that number shot up to 80, revealing a major increase over the past two years.
Along with the surge in the number of access points for sale, there’s been an increase in both the scope of that access and the selling prices. Just a year ago, cybercriminals were content to sell access to individual corporate servers for as little as $20 a shot.
Now, hackers are selling access to a company’s entire network infrastructure and asking for commissions of up to 30% of the potential profits. The average cost of privileged access to a local network is around $5,000, but the asking price can range from $500 to $100,000.
This type of scheme was pioneered by ransomware operators who bought network access from one set of criminals and then hired other criminals to infect networks with malware in return for a hefty percentage of the ransom payment. On Dark Web forums, this tactic is known as a “ransomware affiliate program,” according to Positive Technologies.
The shift to remote working due to the coronavirus quarantine is exacerbating the problem. Hackers are hunting for any weaknesses in network security, including unprotected web applications, non-updated software, and incorrectly configured servers with weak administrator passwords. That may in part explain the surge in these “access for sale” postings.
“Large companies stand to become a source of easy money for low-skilled hackers,” Positive Technologies senior analyst Vadim Solovyov said in a press release. “Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter. The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes.”
How can organizations better defend themselves against these Dark Web exploits?
“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network,” Solovyov said. “Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”